Mothers day, Mothers day.
-----------------------------------------------------------------------------------------------------------------------------------
NOW IS YOUR CHANCE TO
WIN
THE PRIZE BELOW
---------------------------------------------------------------------------------------------------------------------------------------
Prize, A 9ct Gold diamond set heart shaped pendant with 18inch chain.
Also a luxury bouquet of flowers along with a box of Belgium chocolates.
Make your mums day special.
To enter answer the question below.
On which day of the week is Mothers Day?
Now Simply Call The Number
Below
0991 118801
The winner will be the first correct entry drawn at random by 11am on Friday 20th March 1998.
This competition is promoted by Luckey Promotions. 333a Licoln Road Peterborough Cambs PE1 2PF.
The closing date for the competition will be Friday 20th March 1998 at 10am. There will be one winner who will be
the first correct entry drawn from the sack. The winner will be notified by phone on the 20th March 1998 between
11am-5pm.
Please ask permission from the person who pays the telephone bill before calling. Calls cost �1.00 per minute
Maximum cost of call �3:00
Minimum age to enter competition 18 years of age .
Open to U.K residents only.
The winners information can be obtained by calling 0181 2364221
To delete your e mail address from our database please
inform via mail to the address above.
From bill.stewart at pobox.com Mon Mar 2 17:28:15 1998
From: bill.stewart at pobox.com (bill.stewart at pobox.com)
Date: Mon, 2 Mar 1998 17:28:15 -0800 (PST)
Subject: Radio Frequency Warfare Hearing
In-Reply-To: <1.5.4.32.19980228131755.00718780@pop.pipeline.com>
Message-ID: <3.0.5.32.19980302125612.007e55f0@popd.ix.netcom.com>
At 08:17 AM 2/28/98 -0500, John Young wrote:
>We offer the lengthy prepared testimony at the Joint
>Economic Committee hearing February 25 on "Radio Frequency
>Weapons and Proliferation: Potential Impact on the Economy."
> http://jya.com/rfw-jec.htm (112K)
John! You can't do that! That's putting bomb-making information
on the Internet! It's safe to have it in government hearing documents,
where only technically incompetent Congresscritters will read it,
but by letting the public know, you're facilitating right-wing
conspiracies and anarchists and terrorists and teenage kids
and all those other dangerous people getting access to weapons
of low-mass destruction!
On a slightly more serious note, I'm surprised from the
excerpts of the description that the $500 of parts would
generate enough joules of electrical energy induced into
sensitive parts of computer equipment in some reasonable range
to do a lot of damage.
Thanks!
Bill
Bill Stewart, bill.stewart at pobox.com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
From bill.stewart at pobox.com Mon Mar 2 17:28:30 1998
From: bill.stewart at pobox.com (bill.stewart at pobox.com)
Date: Mon, 2 Mar 1998 17:28:30 -0800 (PST)
Subject: I was auto-outed by an IMG tag in HTML spam
In-Reply-To: <3.0.5.32.19980220184839.008d4b50@popd.ix.netcom.com>
Message-ID: <3.0.5.32.19980302124517.008b7260@popd.ix.netcom.com>
At 09:02 AM 2/21/98 -0500, William H. Geiger III wrote:
> > > 1. HTML in mail: There is just no place for this crap in e-mail.
> > HTML is a fine format for email. It's ASCII readable, and supports
>Yes but who needs all this crap in e-mail??
>E-Mail is a messaging protocol not a protocol for large documents
Nonsense. E-Mail is an interface for mailing stuff to people,
and an email system that can't handle large documents is broken.
In particular, the MickeysoftMail view that the contents of a message
belong in attachments rather than message body is broken
(it's partly due to myopia, and partly because some of the popular
Windows GUI programming widgets can't handle more than 32KB.)
>I must admit that atleast MS Outlook follows the RFC's and makes use of
>multipart/alternative when sending out HTML formated messages so others
>are not forced to use a webbrowser to read their mail (unlike Net$cape or
>Eudora). There is no place for HTML in e-mail plain and simple.
>I do not wan't to have to load a huge bloated bugfilled webbrowser
>just to process my e-mail messages.
First of all, you don't need a web browser to read HTML.
Eudora doesn't use one - it displays it natively.
(If you attach an HTML attachment rather than putting HTML in the body,
then you need an HTML viewer (which may or may not be a web browser),
but that's the same as needing a text viewer to view text attachments.)
(Netscape _is_ a huge bloated buggy web browser, and you could
argue about whether it needs to have a mailreader hung off the side,
but it's helped them with their market share, and if you
don't like it, use Eudora.)
Furthermore, HTML is written in ASCII, and designed to be human-readable,
and designed so the user can choose how to display it -
HTML viewers are supposed to display documents in the user's preferred
formats given the limitations of the display device.
If you like Netscape or IE 4.x browsers to view HTML, use them,
but if you'd prefer Lynx for a lean, mean browser,
or MSWord or another viewer like HoTMetaL, go ahead.
Some people like to send rich-text attachments. HTML is a much better
standard for doing that than some MS proprietary format.
Most of the rich text mail I get at work is in proprietary MS formats,
(most of it that I get at home is SPAM :-), which means I need to use
a buggy bloated word processor to read it, except when Exchange
feels like using its Outlook Evil Twin to display the stuff,
but it's somewhat pleasant to have colors and fonts available.
>>Netscape mail is adequate for many people, just as Eudora is.
>>Newer versions are pretty bloated, but including
>>S/MIME mail encryption for everybody is a Good Thing.
>Now this is really scary. You consider pushing weak 40bit S/MIME on the
>internet users a GoodThing(TM)? I think you need to sit down and rethink
40 bit? Not good, but domestic versions are supposed to support 128;
maybe they don't in practice. (NS 3.x was bloated enough that I haven't
upgraded to 4.x) And getting people in the habit of using
crypto is a good thing.
Thanks!
Bill
Bill Stewart, bill.stewart at pobox.com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
From onlineca at verisign.com Mon Mar 2 17:30:21 1998
From: onlineca at verisign.com (VeriSign Digital ID Center)
Date: Mon, 2 Mar 1998 17:30:21 -0800 (PST)
Subject: Trial Class 1 VeriSign Digital ID
Message-ID: <199803030129.RAA27861@maguro-cm2.verisign.net>
QUICK INSTALLATION INSTRUCTIONS
-------------------------------
To assure that someone else cannot obtain a Digital ID that contains your
name and e-mail address, you must retrieve your Digital ID from
VeriSign's secure web site using a unique Personal Identification
Number (PIN).
Be sure to follow these steps using the same computer you used to
begin the process.
Step 1: Copy your Digital ID PIN number.
Your Digital ID PIN is: 7278ce06ea0aedffb942b1b7468471a3
Step 2: Go to VeriSign's secure Digital ID Center at
https://digitalid.verisign.com/getid.htm
Step 3: Paste (or enter) your Digital ID personal identification
number (PIN), then select the SUBMIT button to install
your Digital ID.
That's all there is to it!
WELCOME TO THE CLUB
-------------------
Congratulations on obtaining a Trial Class 1 Digital ID(sm) from VeriSign!
As a Trial Digital ID holder, you join millions of users who can send
and receive secure e-mail using the built-in features of the latest
versions of Netscape, Microsoft, and other popular e-mail packages.
You also gain easy access to popular websites using your Digital ID
instead of passwords and one-step registration at websites requesting Digital IDs.
Your Digital ID contains the following information:
Name or Alias: RANDOM Q. HACKER
E-mail Address: cypherpunks at toad.com
To find out more about where and how to use your Digital ID, please visit
us at http://www.verisign.com/ or visit our Help Desk at
http://www.verisign.com/help/index.html.
And don't forget that you can enjoy the benefits of a Full Service Class 1
Digital ID-including $1000 protection under the Netsuresm Protection Plan,
directory services, and free replacement, renewal, and revocation of your
ID 24 hours a day, 7 days a week --for only $9.95 (U.S.) a year.
To upgrade, please visit our Digital ID Center at http://digitalid.verisign.com.
Thank you for choosing VeriSign! We look forward to serving your future
electronic commerce and communications needs.
From 10510344 at 30330.com Mon Mar 2 17:47:16 1998
From: 10510344 at 30330.com (10510344 at 30330.com)
Date: Mon, 2 Mar 1998 17:47:16 -0800 (PST)
Subject: New Customers for your Neighborhood Business, Church, Practice...
Message-ID: <199702170025.GAA08056@mail.com>
You know that new customers are the lifeblood of any local
business; and WE CAN HELP YOU FIND MORE!
That's because we know WHO'S NEW - those who recently
came to live in your market or service area. We can tell you
each month who and where they are, so that you can advertise
to them (eg by mail) before they have time to get established
with your rivals.
Whether you own or manage a retail store, a clinic (medical,
dental, veterinary...), a church, club, a private school, beauty
salon, restaurant, professional office or bank - this is a prime
opportunity to gain MORE new clients and so to increase growth.
What we can help you do is MORE THAN to replace customers
who move away; to get more than your "share" of new arrivals
to Town, by putting YOUR name and special offer before them
at the very time they are making decisions about whom to
patronize.
If you don't own or manage such an establishment, please pass
this along to a friend who does. But if you do, find out more
details now from our Web site, which you can reach at
http://www.famailcrt.com/c-am.com
Sincerely,
Jim Davies
From nobody at REPLAY.COM Mon Mar 2 19:26:28 1998
From: nobody at REPLAY.COM (Anonymous)
Date: Mon, 2 Mar 1998 19:26:28 -0800 (PST)
Subject: Is CDMF secure?
Message-ID: <199803030324.EAA18619@basement.replay.com>
Is CDMF secure? and,
What sort of algorithm is it?
Thanks.
From jya at pipeline.com Mon Mar 2 19:31:16 1998
From: jya at pipeline.com (John Young)
Date: Mon, 2 Mar 1998 19:31:16 -0800 (PST)
Subject: The Bioweaponeers
Message-ID: <1.5.4.32.19980303033445.010a4ea0@pop.pipeline.com>
The New Yorker magazine of March 9 has a long shattering
essay on Ken Alibek, the former Soviet bioweapons expert,
William Patrick, the US's counterpart, the state of Russian
secret bioweapons development, and prospects for the spread
and use of this WMD.
It's far more disturbingly detailed than the New York Times
and ABC PrimeTime reports, and presents a horrific spectrum of
gruesome details of nearly unimaginable catastrophe fermenting
in secret laboratories and deepest black storage tanks.
If you thought nuclear weapons were terrifying, read this for a
shocking introduction to evil which will give even thermonuclear
warriors nightmares of helplessness.
Where Strangelovian physicists once ruled, now reign Mad
microbiologists.
Richard Preston is the writer, featured on PrimeTime and
author of The Hot Zone, on the Ebola virus.
For those without easy access to the magazine we offer a
copy:
http://jya.com/bioweap.htm (62K)
From blazer at mail.nevalink.ru Mon Mar 2 21:13:37 1998
From: blazer at mail.nevalink.ru (Mike)
Date: Mon, 2 Mar 1998 21:13:37 -0800 (PST)
Subject: Newbie pgp question
In-Reply-To: <3.0.5.32.19980302002230.0092c210@popd.ix.netcom.com>
Message-ID: <34FB90E2.F5F@mail.nevalink.ru>
Bill Stewart wrote:
Thanks Bill for very good explanation.
> *I assume you're not the KGB or Mafia, because then you would just
> beat up the guy until he gives you the passphrase.
O-o! You are well informed in what is going on! The "guy" is in fact
pretty girl - one man's secretary, so those methods are not for this
case. But may be I'd better brute force her instead of her secring? :)
--
*******************************************
Mike Blazer
blazer at mail.nevalink.ru
*******************************************
From pleontks at hotmail.com Mon Mar 2 21:18:47 1998
From: pleontks at hotmail.com (Perrin .)
Date: Mon, 2 Mar 1998 21:18:47 -0800 (PST)
Subject: Shave Slaughter '98
Message-ID: <19980303051804.28157.qmail@hotmail.com>
I have shut down all paint factories in the area. Shaving cream war!!
Pshhhhhh... splat! Ha ha! Who's laughing now?! I own all of the
shaving cream companies! I own all of their stocks! Shave Slaughter
'98 has started. Prepare to die.
Hairface
-------------------
I'm assuming it's the same rules as Paint War - Perrin
------------------
fixed by Perrin
pleontks at hotmail.com
http://members.tripod.com/~pleontks
http://www.angelfire.com/az/69frank69
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
From sandfort at crl.com Mon Mar 2 23:11:04 1998
From: sandfort at crl.com (Sandy Sandfort)
Date: Mon, 2 Mar 1998 23:11:04 -0800 (PST)
Subject: COSTUME BALL
Message-ID:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SANDY SANDFORT
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Cypherpunks,
It's that time again. My next gala costume ball is March 14th.
You are invited. The full invitation is at:
http://www.c2.net/~sandy/98mar.htm
Please read the invitation carefully. The devil is always in the
details.
This notice is being sent via the Cypherpunks Announce List. If
you don't want to be on the list, DON'T e-mail me. I can't get
you off the list. To get off the list, send e-mail to:
majordomo at toad.com
As the first line of the message, write:
unsubscribe cypherpunks-announce
Hope to see you on the 14th.
Regards,
S a n d y
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From bill.stewart at pobox.com Mon Mar 2 23:57:10 1998
From: bill.stewart at pobox.com (Bill Stewart)
Date: Mon, 2 Mar 1998 23:57:10 -0800 (PST)
Subject: Is CDMF secure?
In-Reply-To: <199803030324.EAA18619@basement.replay.com>
Message-ID: <3.0.5.32.19980302235528.008dc220@popd.ix.netcom.com>
>Is CDMF secure? and, What sort of algorithm is it? Thanks.
CMDF is a version of DES watered down to 40-bit key strength.
I think IBM was to blame; it was designed for exportability.
It makes Louis Freeh feel secure, I guess, but it's not
useful for data that needs to be secure.
Thanks!
Bill
Bill Stewart, bill.stewart at pobox.com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
From 67471470 at 30410.com Tue Mar 3 00:33:26 1998
From: 67471470 at 30410.com (67471470 at 30410.com)
Date: Tue, 3 Mar 1998 00:33:26 -0800 (PST)
Subject: LOWER YOUR CHILD SUPPORT!!!
Message-ID: <>
LOWER YOUR CHILD SUPPORT!!!
Don't be a DEADBEAT DAD!!!
Join the FATHERS' RIGHTS COALITION and learn how to legally reduce
your court-ordered child support WITHOUT AN ATTORNEY.Millions of FATHERS
have been unjustly labeled as DEADBEAT DADS because they cannot afford
to pay their child support due to factors beyond their control such as unemployment,
under employment, and unforeseen or unexpected expenses.
Most fathers are treated unfairly by the courts because they cannot afford the expense
of an attorney. Even worse, fathers that employ an attorney to assist them in trying to
obtain a child support reduction end up having to explain to the court why they can
pay an attorney and not pay child support.
Failure to fully pay your child support can cause you to lose your drivers, business or
professional license. As well, owing child support can ruin your credit rating and
prevent you from obtaining employment. Your failure to pay all of your child support
can cause you to be jailed or imprisoned. Ignorance or inaction could totally ruin your life!
For only $49.90 you can join the FATHERS' RIGHTS COALITION and receive with
your membership the publication entitled REDUCE YOUR CHILD SUPPORT
WITHOUT AN ATTORNEY.
REDUCE YOUR CHILD SUPPORT WITHOUT AN ATTORNEY is an easy-to-read publication
which could instruct you as to the law and procedure required to obtain your right to a reduction
from your present child support order. As well, this publication will inform you on how to dispute
and/or reduce past child support arrearages, interest and penalties.
As a member, you can also receive information on low-cost paralegal services which can assist
you in preparation of the court forms necessary to reduce your child support..
As a member, you will receive the FATHERS' RIGHTS COALITION NEWSLETTER.
This newsletter contains information about recent changes in the child support laws and tips
on presenting your case in court.As a member, you will be making a statement to the politicians
that you're tired of being abused by the law and the courts.
Most importantly, as a member you can educate yourself in the court process and
obtain your rights to due process and a fair child support order.
One of our members (who had only a high school education) was able to obtain a child support
order of $.00 dollars (zero) for over eighteen (18) months. (Superior Court of the State of California,
County of Siskiyou, Coonrod v. Coonrod, Case No. 35594)
TO JOIN fill in the application and mail to the address
with your one-time membership fee of $49.90.
(Allow 2-4 weeks for delivery of REDUCE YOUR CHILD SUPPORT WITHOUT AN ATTORNEY)
Send the completed application with $49.90, one-time membership fee ,to:
FATHERS RIGHTS COALITION
702 Mangrove Ave., Suite 134
Chico, CA 95926
-----------------------------------------------------------------------------------------------------
YES, I want to join the FATHERS' RIGHTS COALITION. I have enclosed $49.90 for the lifetime membership.
Upon receipt of my application and membership, send me REDUCE YOUR CHILD SUPPORT WITHOUT AN ATTORNEY..
E-Mail Address _________________
002
Name______________________________________
Address______________________________________
City__________________ State ________ Zip _________
From 67471470 at 30410.com Tue Mar 3 00:33:26 1998
From: 67471470 at 30410.com (67471470 at 30410.com)
Date: Tue, 3 Mar 1998 00:33:26 -0800 (PST)
Subject: LOWER YOUR CHILD SUPPORT!!!
Message-ID: <>
LOWER YOUR CHILD SUPPORT!!!
Don't be a DEADBEAT DAD!!!
Join the FATHERS' RIGHTS COALITION and learn how to legally reduce
your court-ordered child support WITHOUT AN ATTORNEY.Millions of FATHERS
have been unjustly labeled as DEADBEAT DADS because they cannot afford
to pay their child support due to factors beyond their control such as unemployment,
under employment, and unforeseen or unexpected expenses.
Most fathers are treated unfairly by the courts because they cannot afford the expense
of an attorney. Even worse, fathers that employ an attorney to assist them in trying to
obtain a child support reduction end up having to explain to the court why they can
pay an attorney and not pay child support.
Failure to fully pay your child support can cause you to lose your drivers, business or
professional license. As well, owing child support can ruin your credit rating and
prevent you from obtaining employment. Your failure to pay all of your child support
can cause you to be jailed or imprisoned. Ignorance or inaction could totally ruin your life!
For only $49.90 you can join the FATHERS' RIGHTS COALITION and receive with
your membership the publication entitled REDUCE YOUR CHILD SUPPORT
WITHOUT AN ATTORNEY.
REDUCE YOUR CHILD SUPPORT WITHOUT AN ATTORNEY is an easy-to-read publication
which could instruct you as to the law and procedure required to obtain your right to a reduction
from your present child support order. As well, this publication will inform you on how to dispute
and/or reduce past child support arrearages, interest and penalties.
As a member, you can also receive information on low-cost paralegal services which can assist
you in preparation of the court forms necessary to reduce your child support..
As a member, you will receive the FATHERS' RIGHTS COALITION NEWSLETTER.
This newsletter contains information about recent changes in the child support laws and tips
on presenting your case in court.As a member, you will be making a statement to the politicians
that you're tired of being abused by the law and the courts.
Most importantly, as a member you can educate yourself in the court process and
obtain your rights to due process and a fair child support order.
One of our members (who had only a high school education) was able to obtain a child support
order of $.00 dollars (zero) for over eighteen (18) months. (Superior Court of the State of California,
County of Siskiyou, Coonrod v. Coonrod, Case No. 35594)
TO JOIN fill in the application and mail to the address
with your one-time membership fee of $49.90.
(Allow 2-4 weeks for delivery of REDUCE YOUR CHILD SUPPORT WITHOUT AN ATTORNEY)
Send the completed application with $49.90, one-time membership fee ,to:
FATHERS RIGHTS COALITION
702 Mangrove Ave., Suite 134
Chico, CA 95926
-----------------------------------------------------------------------------------------------------
YES, I want to join the FATHERS' RIGHTS COALITION. I have enclosed $49.90 for the lifetime membership.
Upon receipt of my application and membership, send me REDUCE YOUR CHILD SUPPORT WITHOUT AN ATTORNEY..
E-Mail Address _________________
002
Name______________________________________
Address______________________________________
City__________________ State ________ Zip _________
From afabbro at umich.edu Tue Mar 3 01:12:07 1998
From: afabbro at umich.edu (andrew fabbro)
Date: Tue, 3 Mar 1998 01:12:07 -0800 (PST)
Subject: Hard Drive Encryption Packages Comparison (Win 95)
Message-ID:
Windows 95 Hard Drive Encryption Packages Comparison
----------------------------------------------------
by Andrew Fabbro
3 March 1997
I've had several requests to post this to the cypherpunks list, and I'm
also posting it in the newsgroups where I originally asked for software
suggestions. This list only compares FEATURES -- I have not done any
independent analysis of these products' claims and have not even tried
the evaluation copies of all of them. This was originally just for my
own reference -- I've cleaned it up a bit but it isn't exhaustive, or
necessarily fair.
I'm sure there are other packages-- if you think I've left something
significant out, please let me know. I'd also appreciate any
corrections or giggles at obvious errors in thought.
After getting some feedback/corrections, this will eventually be put on
the Web.
----------
DISCLAIMER
==========
I am just a Doc-Martens-and-earrings cypherpunk, not a security
consultant! I am not a professional cryptologist, nor a Windows 95
expert. You should NOT take my opinions at face value -- you should
evaluate these products yourself. This list is just designed to give
you some starting points and save you some leg work. Of course, I take
no responsibility, make nor warranties, blah blah...
----------------------------------------
INTRO: EXPLANATION OF LISTINGS AND TERMS
========================================
These packages all provide interface functionality beyond the simple
file-by-file encryption available with, say, PGP. Either they provide
a drive interface or they allow you to designate a list of files which
are then transparently or automatically de/encrypted in some fashion.
If you have only a few files or anticipate only temporary or infrequent
de/encryption, then PGP or something similar would probably suffice.
I've separated this list into two categories using my own made-up
terms: Virtual Volume programs and File List programs. VV programs
make a large file on your hard drive which is transparently available
to Win95 as a drive (similar to the way DriveSpace/DoubleSpace works).
Once you authenticate and mount the drive, everything else is
transparent.
With File List programs, you designate a list of files or folders that
you want encrypted. The encryption package then en/decrypts these
either on-the-fly as you access them, or in bulk at boot-time/
shutdown-time. Most offer individual file/folder manual operation as
well. Unlike Virtual Volume programs, which pretty much all operate
the same way, there is a greater variation in interface with File List
programs, so evaluate closely before purchase.
In practice, the difference between Virtual Volume and File List
programs is not that great: you type your password once at login and
everything else is handled by the software. The only difference is
that with File List programs, you have to designate files or folders,
which might be a more frequent task than designating a single drive.
On the other hand, all of your sensitive files may live in only a few
directories anyway, and File List programs let you place these
files/folders anywhere on your system, mingled in with non-encrypted
files.
There were a few packages which appear to operate in a truly manual
mode -- you decrypt before opening and then encrypt when you're
finished with the file (assuming you don't forget, or become lazy). If
you're going to do this, just use PGP, which is likely already on your
system already, you little cypherpunk, you, and offers CAST, IDEA, and
Triple-DES. Packages with manual-mode operation are under
"Manual-Operation Packages" at the end. Norton is so vague about the
operation of "Your Eyes Only" on their web page that it is listed in
this section.
"Preview" refers to an evaluation copy-- if one is available for
download (be it crippleware or whatever), this field is marked Yes.
----------------
MY PERSONAL PICK
================
I'm still evaluating, but will likely settle on Kremlin. Even though
virtual volumes seem easier to me, Kremlin has one must-have feature I
haven't found elsewhere: it addresses the Windows swapfile issue.
Windows' swapfile has raw hunks of memory swapped out to disk, which
which could contain anything from any open file. These swapfiles are
not reliably deleted at shutdown-time, or in the event of a system
crash, and in any event Windows certainly doesn't securely (DoD-style)
delete them. Some snooper with a boot disk, file recovery utility, and
hex editor could stop by and read previous memory images...talk about
data leakage.
None of these packages allow you to encrypt the swapfile while Windows
is running, but Kremlin's Sentry does the next best thing. At
shutdown-time, it securely deletes the swapfile and other temp files,
wiping the drive DoD-style. The fact that Kremlin's design was
obviously thought out from the perspective of an integrated platform
and took this issue into account gives me a warm fuzzy feeling. Also,
Kremlin offers the most diverse array of algorithms and has some nice
extras, such as a secure Recycle Bin, which is easier to use than
having to remember to run a special secure delete command from the
context menu. And it's only $35!
If I were administering a site-wide encryption program, I might choose
something that was designed for that environment and offered more
administrative options. I've made notes on packages which address this
situation and its issues.
----------
SIDE NOTES
==========
BLOWFISH was specifically designed to be fast in software
implementations on 32-bit processors and would likely be the fastest
algorithm you can pick. I've not noticed any lag when using
BLOWFISH-based systems on a 486-66 w/32MB RAM (hardly a fast machine).
Some publishers only specified a "Genuine RSA Encryption Engine,"
displaying a RSA-licensed logo. This isn't snake oil, but I'd sure
like to know more about the crypto.
-----------------------
VIRTUAL VOLUME PACKAGES
=======================
Product : BestCrypt
Manufacturer : Jetico, Inc.
Type : Virtual Volume
Crypto : BLOWFISH, GOST, DES
Features : timeout close, hotkey close, secure delete
Cost : $89.95
Preview? : Yes - 30 day trial, after expiration, volume becomes read-only
Web : http://www.jetico.sci.fi/np_new.htm
Notes : Joel McNamara (Private Idaho's author) picks this for
his Cryptobook specification (see
http://www.eskimo.com/~joelm/cryptbk.html). A
completely free and very well-designed DoD-spec file
deletion utility is available at Jetico web site, too,
as a separate freeware package (BCWipe - get it!)
Product : SafeHouse
Manufacturer : PC Dynamics
Type : Virtual Volume
Crypto : BLOWFISH, FAST, DES/Triple DES
Features : Configurable passwords/expirations, optional key recovery,
C++ developer's toolkit available.
Cost : $79.95
Preview? : Yes - free trial version with 40-bit DES
Web : http://www.pcdynamics.com/SafeHouse/
Notes : key recovery is optional- you can choose to "brand" the
volume or not.
Product : Private Disk (in beta)
Manufacturer : Private Data, Inc.
Type : Virtual Volume
Crypto : Not specified - "strong" versions for US/Canada
Features :
Cost : not listed
Preview? : Beta participation program
Web : http://www.privatedata.com/
Notes : I mention this only for die-hard cypherpunks who want
to try new toys and might be interested in beta
participation.
------------------
FILE LIST PACKAGES
==================
Product : Kremlin
Manufacturer : Mach5
Type : File List
Crypto : CAST, IDEA, BLOWFISH, RC4, Safer SK-128, DES, and NewDES
Features : Automatic Decrypt/Encrypt at Login/out, includes a secure
text editor/e-mail package, secure Recycle Bin, Sentry
program to automate swap/temp/other-file wiping.
Cost : $35
Preview? : Yes
Web : http://www.mach5.com/kremlin/
Notes : This is a very nice package and my personal pick -- see
my notes in the intro.
Product : RSA SecurePC
Manufacturer : Security Dynamics, Inc.
Type : File List
Crypto : RC4
Features : Trustee threshold key recovery system, boot lock, screen lock,
network support, password expiration/rule management
Cost : Not listed, and I was too lazy to make a phone call to find out
Preview? : Yes
Web : http://www.securitydynamics.com/solutions/products/securpc.html
Notes : The key-recovery system is very well-thought out and
involves trustee thresh-holds -- i.e., you can decide
that three (or seven or whatever) administrators'
signatures are necessary to recovery a key...prevents
malicious admins' snooping. The admin support (for
site-wide usage) is also nice. This product was
formerly published by RSA, who now licenses it to
Security Dynamics. This looks like a very well-designed
package with many extras for group-use situations,
though more crypto options would be nice.
Product : SecureWin
Manufacturer : Cipher Logics
Type : File List
Crypto : RSA Public. No further details were specified.
Features : SecureWin is more of an integrated security environment
than just a hard drive encryptor -- it also includes
secure deletions, e-mail integration, a password keeper,
etc. There is an extensive access-control facility.
Operates via a "secure Start menu," a taskbar add-on.
Network support.
Cost : $29.95
Preview? : Yes - 30 day evaluation download.
Web : http://www.securewin.com/
Notes : Very well done from a user interface point of view and
has numerous cool add-ons. I wish more information was
given on the crypto and its implementation.
Product : F-Secure Desktop
Manufacturer : Data Fellows
Type : File List
Crypto : Triple-DES ("168-bit"), BLOWFISH
Features :
Cost : $99
Preview? : No
Web : http://www.datafellows.com/f-secure/desktop/
Notes : Normally, you specify a set of folders/files to be
de/encrypted at login/out. Alternatively, you can list
files as "Top Secret," which means you must manually
de/encrypt them via context menu.
Product : DataGuard
Manufacturer : Secure Services Link, Ltd.
Type : File List
Crypto : IDEA, SEAL
Features : extensive class-based access control, trustee-threshold
key recovery system
Cost : $69
Preview? : No
Web : http://www.sls.net/dataguard_v2.html
Notes : The class-based access control lists appear to offer
highly configurable access control: classes of data
(e.g., workgroup or by sensitivity or whatever), with
access rights offered by right to select users. You can
also set "minimum eyes" thresholds for groups-- e.g.,
all members or certain members must be present for
access to be given. Encryption or decryption rights can
be separated. This would be very nice for site-wide
situations, except...the basic package does not offer
network support. "Pro" and "Net" packages which do are
slated for April '98 release.
-------------------------
MANUAL-OPERATION PACKAGES
=========================
Product : SAFE Folder
Manufacturer : GlobeTech Catana
Type : File List, Semi-Manual
Crypto : BLOWFISH
Features :
Cost : $58.75
Preview? : Yes - password fixed to "DEMO"
Web : http://www.globetech.se/safe/
Notes : From the web page, I infer that you have to manually
de/encrypt files. It can operate at a folder level,
which is at least some improvement over file-by-file
operation. I didn't see any reason why this product
would be better than any of those listed above.
Product : Your Eyes Only
Manufacturer : Norton (Symantec)
Type : File List, Manual?
Crypto : It uses a "Genuine RSA Encryption Engine".
Features : boot-time lock, screen lock, uses context menu,
network support
Cost : $89.95
Preview? : No
Web : http://www.symantec.com/yeo/index_product.html
Notes : I couldn't tell if this operated in some sort of
transparent or automatic fashion like other file list
programs, or if you had to encrypt/decrypt each folder
manually. A screen shot shows a user using a context
meny that has "Enable SmartLock Folder" and "Disable
SmartLock Folder," which implies some non-manual mode of
operation. E-mail to Symantec asking for more
information (and details on their crypto) went
unanswered. There is also an administrator's version of
this program.
Product : Stealth Encryptor
Manufacturer : Tropical Software, Inc.
Type : File List
Crypto : BLOWFISH, DES ("64-bit")
Features : installable crypto modules (via .DLL, development kit
available), secure delete, e-mail integration
Cost : $34.95
Preview? : Yes
Web : http://www.tropsoft.com/stealth/
Notes : This package's unique feature is its support for
drop-in crypto modules. Theoretically you could write
your own .DLL with another crypto system of your choice
and Stealth Encryptor would integrate it. If you have a
burning desire to do this, you might look into this. SE
also features "Stealth Media Encryption" which is "super
speed" for image files, executables, etc...presumably
with weaker crypto.
Product : SecureStore
Manufacturer : Selom Ofori
Type : Manual
Crypto : BLOWFISH, DES/Triple-DES, CAST, RC4, Diamond2
Features :
Cost : $30
Preview? : Yes
Web : http://www.freeyellow.com/members/renegade/
Notes : SecureStore creates archives into which you can
place files. From what I saw on their web site, to
access aid files, you have to pull them out of the
archive again. While the screen shots show some nice
displays (e.g., which crypto used, compression ratio,
etc.), this mode of operation does not appeal to me.
Product : Pretty Good Privacy (PGP)
Manufacturer : PGP, Inc. (well, Network Associates now, I guess)
Type : Manual
Crypto : CAST, IDEA, Triple-DES
Features : Too many to list.
Cost : Free
Preview? : Yes
Web : http://www.pgp.com/
Notes : Listed just for the sake of completeness. And it's
not at all bad for manual encrypt/decrypt -- version 5.5
has a nice toolbar and tray interface. But you'll want
it for all the other messaging features anyway...
From E.J.Koops at kub.nl Tue Mar 3 02:18:28 1998
From: E.J.Koops at kub.nl (Bert-Jaap Koops)
Date: Tue, 3 Mar 1998 02:18:28 -0800 (PST)
Subject: Crypto Law Survey updated
Message-ID: <62D6BE0479@frw3.kub.nl>
I have just updated my survey of existing and envisaged cryptography
laws and regulations. See the Crypto Law Survey at
http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm
This update includes:
-update on European Union (ETSI on TTP; Eckhert statement;
COM (97) 503 "not important"; Birmingham conference),
Council of Europe (PC-CY), Belgium (law amended),
Canada (crypto policy discussion paper), France (Lorentz report),
Gemany (Sandl statement; no backdoor in Pluto), Israel (export
revision), Netherlands (proposals to extend decryption command;
TTP project; encrypt to "seize"; use remains free), Scandinavia
(PSS no longer Nordic), United Kingdom (policy announcement
delayed; SfL resolution), United States (interim export rule;
California resolution; czar travels; Compsec Enhancement Act;
Kerrey McCain revised; AES conference)
-corrections on Estonia (controls were reported), Switzerland (telecom > radio)
-clarification on Wassenaar Arrangement (General Software Note),
Germany (export), Israel (case-by-case decisions), Sweden
(Internet export), US (SAFE versions)
-URL added to Canada (gov PKI), Hong Kong (export)
Kind regards,
Bert-Jaap
---------------------------------------------------------------------
Bert-Jaap Koops tel +31 13 466 8101
Center for Law, Administration and facs +31 13 466 8149
Informatization, Tilburg University e-mail E.J.Koops at kub.nl
--------------------------------------------------
Postbus 90153 | This world's just mad enough to have been made |
5000 LE Tilburg | by the Being his beings into being prayed. |
The Netherlands | (Howard Nemerov) |
---------------------------------------------------------------------
http://cwis.kub.nl/~frw/people/koops/bertjaap.htm
---------------------------------------------------------------------
From JWRCLUM at aol.com Tue Mar 3 06:24:12 1998
From: JWRCLUM at aol.com (JWRCLUM)
Date: Tue, 3 Mar 1998 06:24:12 -0800 (PST)
Subject: Medical Privacy Alert
Message-ID:
AMERICAN CIVIL LIBERTIES UNION OF MASSACHUSETTS
99 Chauncy Street, Suite 310, Boston, MA 02111
(617) 482-3170 Fax (617) 451-000
CONTACT: John Roberts
(617) 482-3170 http://users.aol.com/mcluf/home.html
BENNETT-JEFFORDS BILL PLACES MEDICAL RECORD PRIVACY AT RISK
The confidentiality of the doctor-patient relationship will be totally
undermined as medical records become widely available without patient
knowledge or consent.
BOSTON - February 27, 1998. On Thursday 2/26/98 the United State Senate's
Labor and Human Resources Committee heard testimony concerning a bill proposed
by Senators Bennett and Jeffords that, if passed, would license the widespread
disclosure of personal medical information contained in files held by doctors,
hospitals, employers, educational institutions, and others.
The bill which purports to be a privacy bill is, in fact, just the opposite.
It places virtually no restrictions on the disclosure of personal medical
records within health care entities (no matter how large and geographically
widespread) or to a long list of other entities and agencies including the
following:
- any agents or contractors of the health care entities
- Public Health Agencies, Oversight Agencies
- Health Care Accreditation Agencies
- State Health Care Databases
There are major loopholes in access provisions for
- Health Care Researchers
- "Outcome" analysts ("cost/benefit" analysts for hospitals, HMO's,
insurers, etc)
Even law enforcement agencies will have easy access to browse computerized
medical record systems for so-called "legitimate" investigatory purposes.
This will make every American's medical record part of a new massive law
enforcement database.
The bill will destroy the confidential "doctor-patient relationship" and
replace it with a new "patient-health care industry relationship."
"This bill serves only the interests of the burgeoning health care industry,"
said John Roberts, Executive Director of the ACLU of Massachusetts. "It
allows the transfer of your medical records to many entities that stand to
profit from its information. Gone is doctor-patient confidentiality. Your
doctor cannot protect your most sensitive medical information from many
entities outside your medical facility. Even employers who have health plans
are considered 'health care providers' in the Bennett-Jeffords bill. How many
of us want our employers to have access to any of our medical records without
our knowledge or consent?"
The bill will also
- Impose requirements that patients sign blanket consent forms for release
of information as a condition of getting treatment, even for self-pay patients
- Redefine "treatment" to make the patient's record a subject of continuous
research
- Blur the boundaries between individual patient care and the so-called
"Population Management" and "Disease System Management"
The bill will pre-empt all state laws which may be more protective of the
confidentiality of medical records.
The bill will not apply even its own minimal privacy protections to so-called
"non-identifiable" medical records information. But...interestingly, the bill
also refers to issuing "keys" to re-identify previously purportedly "non-
identified" information. A formal logical analysis of this reveals that the
bill itself admits that what it calls "nonidentifiable" medical record
information is actually identifiable (i.e. containing patient information).
The ACLU of Massachusetts believes that what is really needed for medical
privacy protection would be the following:
- Federal law should set a foundation or floor of privacy protection
- State laws which are more-protective of patient's rights should not be
preempted
- No "Unique Patient Identification Numbers"
- No electronic "linkage" of patient records stored in various sites
- Computerized patient records must be encrypted with keys provided only to
those directly involved in the individual patient care
- The right of the individual patient to contract directly with physicians
and health care providers regarding the privacy of the patient's medical
records.
-end-
From b093161c at bc.seflin.org Tue Mar 3 09:08:58 1998
From: b093161c at bc.seflin.org (Michael Camp)
Date: Tue, 3 Mar 1998 09:08:58 -0800 (PST)
Subject: No Subject
Message-ID:
help b093161c at bc.seflin.org
From honig at otc.net Tue Mar 3 11:38:51 1998
From: honig at otc.net (David Honig)
Date: Tue, 3 Mar 1998 11:38:51 -0800 (PST)
Subject: Radio Frequency Warfare Hearing
In-Reply-To: <1.5.4.32.19980228131755.00718780@pop.pipeline.com>
Message-ID: <3.0.5.32.19980303110231.007f1270@otc.net>
At 12:56 PM 3/2/98 -0800, bill.stewart at pobox.com wrote:
>At 08:17 AM 2/28/98 -0500, John Young wrote:
>>We offer the lengthy prepared testimony at the Joint
>>Economic Committee hearing February 25 on "Radio Frequency
>>Weapons and Proliferation: Potential Impact on the Economy."
>> http://jya.com/rfw-jec.htm (112K)
>
>John! You can't do that! That's putting bomb-making information
>on the Internet!
Its not bomb-making, its destructive testing apparatus :-)
>On a slightly more serious note, I'm surprised from the
>excerpts of the description that the $500 of parts would
>generate enough joules of electrical energy induced into
>sensitive parts of computer equipment in some reasonable range
>to do a lot of damage.
Wasn't he talking about EMI, not actual frying of chips (e.g.,
puncturing the 100's-of-nm-thick gate oxides in MOS)?
I read only the excerpt, but isn't a spark gap used for
generating a broad spectrum, including fairly high
frequencies (think tesla coil)?
Digital circuits don't like transients in their signals.
High frequency RF is invasive.
Capacitors are cheap.
------------------------------------------------------------
David Honig Orbit Technology
honig at otc.net Intaanetto Jigyoubu
"Moderation in temper is always a virtue; but moderation in principle is
always a vice." ---Thomas Paine
From jya at pipeline.com Tue Mar 3 11:58:47 1998
From: jya at pipeline.com (John Young)
Date: Tue, 3 Mar 1998 11:58:47 -0800 (PST)
Subject: Original Sources for Echelon
Message-ID: <1.5.4.32.19980303200229.010ba928@pop.pipeline.com>
Duncan Campbell has posted the message below on Echelon.
Would anyone happen to have a copy of the 1988 New Statesman
article? If not, I'll dig it out of a library. More importantly, as
Duncan asks, does anyone know of other original info on Echelon?
----------
Date: Mon, 02 Mar 1998 23:35:59
To: ukcrypto at maillist.ox.ac.uk
From: Duncan Campbell
Subject: Original sources regarding the ECHELON sigint network
>>The New York times has recently run a story regarding a "telecommunications
>>interception network" operating in Europe.
>>My recollection is that news broke about this some time last year, thanks
>>to revelations in New Zealand. Sorry, I don't have a good reference to
>> hand.
The original and primary source for information on ECHELON is an article I
wrote in New Statesman magazine ten years ago : NS, 12 August 1988 :
"They've got it taped".
In 1991, a UK World in Action programme added an important new detail about
the network, namely the presence of a DICTIONARY computer (a key part of
the system) at GCHQ's processing centre in Westminster.
In 1993, I produced a documentary for Channel 4 - "The Hill" which related
ECHELON to the work of the Menwith Hill NSA field station near Harrogate in
Yorkshire.
In 1996, Nicky Hager in New Zealand described in his book "Secret Power"
the presence of DICTIONARY computers at two New Zealand sigint stations,
and gave extensive details of the local programming and tasking of the
ECHELON "dictionaries".
Apart from these sources, so far as I am aware all the reports that are
around are derivative and reprocessed. The European Parliament STOA
committee report from the "Omega Foundation" is in this category and was in
fact submitted rather more than a year ago. If anyone is aware of any
other *original* publication on this topic, could they post it. The arrival
in the public domain of original information in this area is a rarity, yet
is the foundation for the only things we "know" about the scale of NSA/GCHQ
surveillance and processing.
Duncan Campbell
From pleontks at hotmail.com Tue Mar 3 17:08:01 1998
From: pleontks at hotmail.com (Perrin .)
Date: Tue, 3 Mar 1998 17:08:01 -0800 (PST)
Subject: Fwd: Thoughts
Message-ID: <19980304010725.7222.qmail@hotmail.com>
Not So Deep Thoughts
Should vegetarians eat animal crackers?
If at first you don't succeed, skydiving is not for you.
The pen is mightier than the sword -- if the sword is very small and the
pen is real sharp.
If you throw a cat out a car window, does it become kitty litter?
Call me insane one more time and I'll eat your other eye!
I didn't fight my way to the top of the food chain to be a vegetarian.
When it rains, why don't sheep shrink?
The two biggest problems in America are making ends meet and making
meetings end.
Stupidity got us into this mess. Why can't it get us out?
The trouble with doing nothing is that you never know when you are
finished.
Money isn't everything, but at least it encourages relatives to stay in
touch.
If a stealth bomber crashes in a forest, does it make a sound?
A single fact can spoil a good argument.
Growing old is mandatory, but growing up is optional.
I do whatever my Rice Krispies tell me to.
Why do we sing "Take me out to the ball game" when we're already there?
----------------
fixed by Perrin
pleontks at hotmail.com
http://members.tripod.com/~pleontks
http://www.angelfire.com/az/69frank69
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
From pleontks at hotmail.com Tue Mar 3 17:22:57 1998
From: pleontks at hotmail.com (Perrin .)
Date: Tue, 3 Mar 1998 17:22:57 -0800 (PST)
Subject: Fwd: Taglines
Message-ID: <19980304012223.18225.qmail@hotmail.com>
*** Some Funny Taglines *****
2 rules to success in life. 1. Don't tell people everything you know.
A good pun is its own reword.
A penny for your thoughts; $20 to act them out.
After silence, music comes closest to expressing the inexpressible.
Alcoholic: Someone you don't like who drinks as much as you do.
All things are possible, except skiing through a revolving door.
Any man who can see through women is sure missing a lot.
Apathy Error: Don't bother striking any key.
Blessed are the censors; they shall inhibit the earth.
Budget: A method for going broke methodically.
Can you think of another word for "synonym"?
Circle: A line that meets its other end without ending.
Civilized people need love for full sexual satisfaction.
Cole's Law: Thinly sliced cabbage.
Conscience is what hurts when everything else feels good.
Consider what might be fertilizing the greener grass across the fence.
Death and taxes are inevitable; at least death doesn't get worse every =
year.
Defeat is worse than death because you have to live with defeat.
Despite the high cost of living, it remains popular.
Does Time pass? Yes, it does. How else can you explain Visa bills?
Don't use no double negatives, not never.
Don't sweat the petty things, just pet the sweaty things.
Don't eat the yellow snow.
Down with categorical imperatives.
Either I'm dead or my watch has stopped. =20
Electricity comes from electrons; morality comes from morons.
Everything in moderation, including moderation.
Familiarity breeds children.
Fast, Cheap, Good: Choose any two.
Fools rush in -- and get the best seats in the house.
Give me chastity and continence, but not just now. -- St. Augustine
Have an adequate day.
He has the heart of a little child... it's in a jar on his desk.
He who dies with the most toys is nonetheless dead.
He who laughs last didn't get the joke.
Honesty is the best policy, but insanity is a better defense.
Horse sense is the thing a horse has that keeps it from betting on =
people.
Hospitality: Making your guests feel at home, even though you wish they
=
were.
How come wrong numbers are never busy?
I bet you have never seen a plumber bite his nails.
I do a lot of thinking in the john. Says a lot for my thoughts.
I have had a perfectly wonderful evening. But this wasn't it. -- =
Groucho Marx
I have seen the future and it is just like the present, only longer. --
=
Albran
I like work; it fascinates me. I can sit and look at it for hours.
I may not be the world's greatest lover, but number seven's not bad. --
=
Allen
I never forget a face, but in your case I'll make an exception. -- Marx
=
I
will meet you at the corner of Walk and Don't Walk.
I never made a mistake in my life. I thought I did once, but I was =
wrong.
I used to be lost in the shuffle. Now I just shuffle along with the =
lost.
I want to die in my sleep like my father, not screaming like his =
passengers.
I will always love the false image I had of you.
I would give my right arm to be ambidextrous.
I would like to help you out. Which way did you come in?
If at first you don't succeed, destroy all evidence that you tried.
If at first you don't succeed, you probably didn't really care anyway.
If at first you do succeed, try to hide your astonishment.
If it wasn't for muscle spasms, I wouldn't get any exercise at all.
If it were truly the thought that counted, more women would be pregnant.
If there is no God, who pops up the next Kleenex? -- Art Hoppe
If time heals all wounds, how come bellybuttons don't fill in?
If today is the first day of the rest of your life, what was yesterday?
Illiterate? Write for free help.
In order to get a loan you must first prove you don't need it.
It doesn't matter whether you win or lose -- until you lose.
It is a miracle that curiosity survives formal education. -- Albert =
Einstein
It is better to have loved and lost than just to have lost.
It is not an optical illusion, it just looks like one. -- Phil White=20
It was a brave man that ate the first oyster.
I'll procrastinate...tomorrow.
I'll race you to China. You can have a head start. Ready, set, GO!
Keep a very firm grasp on reality, so you can strangle it at any time.
Keep stress out of your life. Give it to others instead.
Knocked; you weren't in. -- Opportunity=20
Know what I hate most? Rhetorical questions. -- Henry Camp=20
Laugh at your problems; everybody else does.
Laugh, and the world ignores you. Crying doesn't help either.
Lead me not into temptation. I can find it myself.
Life is like a fountain... I will tell you how when I figure it out.
Life is like an analogy.
Make a firm decision now... you can always change it later.
Male zebras have white stripes, but female zebras have black stripes.
May you die in bed at 95, shot by a jealous spouse.
Money DOES talk -- it says good-bye.
Most of us hate to see a poor loser. Rich winners, though, are worse.
Mr. Bullfrog sez: Time is fun when you're having flies.
My name is Annie Key. Ouch! Why are you hitting me?!
My mother is a travel agent for guilt trips.
My opinions might have changed, but not the fact that I am right.
Never deprive someone of hope; it may be all they have.
Never put off till tomorrow what you can ignore entirely.
Never forget: 2 + 2 =3D 5 for extremely large values of 2.
Never hit a man with glasses. Use your fist.
Next time you wave at me, use more than one finger, please.
No prizes for predicting rain. Prizes only awarded for building arks.
Nobody ever goes there, it's too crowded. (I've actually HEARD this!)=20
Nothing cures insomnia like the realization that it is time to get up.
One good turn usually gets most of the blanket.
Our policy is, when in doubt, do the right thing. -- Roy Ash=20
Out of the mouths of babes does often come cereal.
People who think they know everything greatly annoy those of us who do.
Politics: n. from Greek; "poli" - many; "tics" - ugly, bloodsucking =
parasites.
Quidquid latine dictum sit, altum viditur. (Anything in Latin sounds =
profound.)
Radioactive cats have 18 half-lives.
Some people would not recognize subtlety if it hit them on the head.
Someday you will get your big chance -- or have you already had it?
Sometimes you're the bug, and sometimes you're the windshield.
Sometimes a cigar is just a cigar. -- Sigmund Freud=20
Stealing a rhinoceros should not be attempted lightly.
That was Zen; this is Tao.
The generation of random numbers is too important to be left to chance.
The trouble with political jokes is that they get elected.
The secret of success is sincerity. Once you can fake that, you have it
=
made.
The death rate on Earth is: .... (computing) .... One per person.
The most enjoyable form of sex education is the Braille method.
The number watching you is proportional to the stupidity of your action.
The trouble with being punctual is that no one is there to appreciate =
it.
There are 3 kinds of people: Those who can count and those who can't.
There must be more to life than sitting wondering if there is more to =
life.
They laughed when I said I'd be a comedian. They aren't laughing now.
This aphorism would be seven words long if it were six words shorter.
This will be a memorable month -- no matter how hard you try to forget =
it.
This is the sort of English up with which I will not put. -- Winston =
Churchill
This sentence contradicts itself: no, wait, actually it doesn't.
To err is human. To admit it is a blunder.
To err is human. To blame someone else for your errors is even more =
human.
Toe: A part of the foot used to find furniture in the dark. -- Rilla =
May=20
Two wrongs don't make a right, but three lefts do.
Under capitalism, man exploits man. Under communism, it is just the =
opposite.
We aren't sure how clouds form. But they know, that is what counts.
What is mind? No matter. What is matter? Never mind. -- Thomas
Key=20
What if there were no hypothetical situations? --Andrew Kohlsmith=20
When you are in it up to your ears, keep your mouth shut.
When professors want your opinion, they'll give it to you.
Where there is a will, there is an Inheritance Tax.
Why don't "minimalists" find a shorter name for themselves?
Why is "abbreviated" such a long word?
Why take life seriously? You're not coming out of it alive anyway!
Why isn't "phonetic" spelled the way it's said?
Winning isn't everything, but losing isn't anything.
You simply *must* stop taking other people's advice.
You can fool some of the people some of the time, and that is =
sufficient.
You have the capacity to learn from mistakes. You will learn a lot =
today.
Your lucky number is 364958674928. Watch for it everywhere.
----------
fixed by Perrin
pleontks at hotmail.com
http://members.tripod.com/~pleontks
http://www.angelfire.com/az/69frank69
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
From sherman at cs.umbc.edu Tue Mar 3 20:01:30 1998
From: sherman at cs.umbc.edu (Dr. Alan Sherman)
Date: Tue, 3 Mar 1998 20:01:30 -0800 (PST)
Subject: Barry Smith (FBI) to speak this Friday at 3:30pm
Message-ID:
The UMBC Security Technology Research Group presents
A Law-Enforcement Perspective on Encryption Policy
Barry Smith
Supervisory Special Agent, FBI
moderated by journalist Peter Wayner
3:30pm - 5:00pm
Friday, March 6, 1998
Lecture Hall III
University of Maryland, Baltimore County
http://www.cs.umbc.edu/events/spring98/crypto.shtml
The second lecture and discussion in a two-part forum on
encryption policy. Journalist Peter Wayner will introduce
and moderate the event, which is free and open to the
public. In Part I, freedom activist John Gilmore and Fritz
Fielding (Ex-Associate General Councel, NSA) gave their
divergent views, focusing on the Burnstein case.
Barry Smith will articulate the needs of law enforcement to
conduct lawful wiretaps; he will advocate the use of
key-recovery techniques to achieve this end as a way that
provides adequate privacy to law-abiding citizens.
Schedule: The event will begin with a brief (10 minute)
introduction by Peter Wayner. Following Barry Smith's talk,
which will last approximately 45 minutes, there will be an
opportunity to ask questions for approximately 20-30
minutes.
Questions: Attendees are encouraged to ask questions in
advance by sending email to sherman at cs.umbc.edu
Directions: Take Exit #47B off interstate I-95 and follow
signs to UMBC. LH III is in the Administration Building,
adjacent visitor's parking lot near the I-95 entrance to
UMBC.
Host: Dr. Alan T. Sherman
Associate Professor, Computer Science
sherman at cs.umbc.edu
http://www.umbc.edu
(410) 455-2666
This event is held in cooperation with the UMBC
Intellectual Sports Council
Honors College
Phi Beta Kappa honors society
CMSC Council of Majors
IFSM Council of Majors
ACM Student Chapter at UMCP
From frantz at netcom.com Tue Mar 3 23:32:30 1998
From: frantz at netcom.com (Bill Frantz)
Date: Tue, 3 Mar 1998 23:32:30 -0800 (PST)
Subject: Is CDMF secure?
In-Reply-To: <199803030324.EAA18619@basement.replay.com>
Message-ID:
At 11:55 PM -0800 3/2/98, Bill Stewart wrote:
>>Is CDMF secure? and, What sort of algorithm is it? Thanks.
>
>CMDF is a version of DES watered down to 40-bit key strength.
>I think IBM was to blame; it was designed for exportability.
Well, to IBM's credit, they didn't call it secure. They called it a Data
Masking Facility.
-------------------------------------------------------------------------
Bill Frantz | Market research shows the | Periwinkle -- Consulting
(408)356-8506 | average customer has one | 16345 Englewood Ave.
frantz at netcom.com | teat and one testicle. | Los Gatos, CA 95032, USA
From hvdl at sequent.com Tue Mar 3 23:51:39 1998
From: hvdl at sequent.com (Unicorn)
Date: Tue, 3 Mar 1998 23:51:39 -0800 (PST)
Subject: DDJ Crypto CD has arrived!
In-Reply-To: <34F25310.2A29@ziplink.net>
Message-ID: <19980304083749.53098@sequent.com>
--- On Mar 02, Random User apparently wrote -----------------------------------
> On Mon, 23 Feb 1998, Peter Trei wrote:
>
> > Well, it's finally here.
>
> It has also arrive in Canada.
So when will it arrive outside of the US and Canada? ;-)
--- and thus sprach: Random User ---------------------
Ciao,
Unicorn.
--
======= _ __,;;;/ TimeWaster (GSM: +31 653 261 368) =========================
,;( )_, )~\| A Truly Wise Man Never Plays PGP: 64 07 5D 4C 3F 81 22 73
;; // `--; Leapfrog With A Unicorn... 52 9D 87 08 51 AA 35 F0
==='= ;\ = | ==== Youth is not a time in Life, It is a State of Mind! =======
From bill.stewart at pobox.com Wed Mar 4 01:48:06 1998
From: bill.stewart at pobox.com (Bill Stewart)
Date: Wed, 4 Mar 1998 01:48:06 -0800 (PST)
Subject:
In-Reply-To:
Message-ID: <3.0.5.32.19980304014614.00874cc0@popd.ix.netcom.com>
At 12:09 PM 3/3/98 -0500, Michael Camp wrote:
>
>help b093161c at bc.seflin.org
>
>
>
cypherpunks-request at algebra.com
Thanks!
Bill
Bill Stewart, bill.stewart at pobox.com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
From shamrock at cypherpunks.to Wed Mar 4 03:08:42 1998
From: shamrock at cypherpunks.to (Lucky Green)
Date: Wed, 4 Mar 1998 03:08:42 -0800 (PST)
Subject: DDJ Crypto CD has arrived!
In-Reply-To: <19980304083749.53098@sequent.com>
Message-ID:
On Wed, 4 Mar 1998, Unicorn wrote:
> --- On Mar 02, Random User apparently wrote -----------------------------------
>
> > On Mon, 23 Feb 1998, Peter Trei wrote:
> >
> > > Well, it's finally here.
> >
> > It has also arrive in Canada.
>
> So when will it arrive outside of the US and Canada? ;-)
It hasn't yet? These Cypher Criminals are losing their edge.
-- Lucky Green PGP v5 encrypted email preferred.
"Tonga? Where the hell is Tonga? They have Cypherpunks there?"
From declan at well.com Wed Mar 4 13:16:11 1998
From: declan at well.com (Declan McCullagh)
Date: Wed, 4 Mar 1998 13:16:11 -0800 (PST)
Subject: Senator plans to ban .gov porn-parodies; new crypto-campaign
Message-ID:
---------- Forwarded message ----------
Date: Wed, 4 Mar 1998 13:15:35 -0800 (PST)
From: Declan McCullagh
To: politech at vorlon.mit.edu
Subject: Senator plans to ban .gov porn-parodies; new crypto-campaign
More on Gates in NYC and the FBI's antihacker crusade is at
the URL below. --Declan
===========
http://cgi.pathfinder.com/netly/afternoon/0,1012,1782,00.html
The Netly News / Afternoon Line
March 4, 1998
Loin-cloth
One lawmaker who doesn't seem to have much of a sense of humor about
titillating web sites is Sen. Lauch Faircloth (R-N.C.). When his
presumably technology-impaired staffer stumbled across whitehouse.com
and found not Hillary Clinton's child care proposals but a doctored
photo of Hillary in leather, Faircloth decided to take action. "I plan
to introduce legislation that would ban the assignment of popular
government agency names to anyone," he told The Netly News after
speaking at an Internet child safety seminar this afternoon. "Can you
imagine how many people have thought they were contacting the White
House only to see that?" A better question might be which site is the
more popular one. --By Declan McCullagh/Washington
Might Makes Right
Congress rarely does the right thing for the right reason.Instead,
lobbyists vie to make voting the wrong way too politically costly for
legislators.
Now a new coalition, called Americans for Computer Privacy, is
trying out this strategy on encryption legislation. The group of high
tech firms and nonprofit groups aims to convince lawmakers that
supporting restrictions on either the domestic use or overseas
shipment of encryption productions is too politically painful.
"We would not turn the keys to our front doors over the
government. Why should we have to turn over the keys to our
computers?" asked ACP counsel and former White House lawyer Jack
Quinn.
To convince Americans that ACP's answer is the right one, the
coalition has gathered together an advisory panel of former spooks and
law enforcement agents.
Quinn told the Netly News that his strategy has already won
results: "Senior officials at the National Security Council and the
vice president's office" this morning signaled they're willing to sit
down at the table for a friendly chat about crypto-laws. --By Declan
McCullagh/Washington
From mkwan at preston.net Wed Mar 4 15:13:35 1998
From: mkwan at preston.net (Matthew Kwan)
Date: Wed, 4 Mar 1998 15:13:35 -0800 (PST)
Subject: DES bitslice S-boxes
Message-ID: <199803042313.KAA10987@preston-gw.preston.net>
I've been a bit out of touch with the subject for a while, so could
someone please bring me up to speed in the state of the art of DES
bitslice. In particular, what are the best gate counts for the S-boxes?
About a year ago I produced S-boxes with the following counts
S-box S1 S2 S3 S4 S5 S6 S7 S8
Gates 95 84 89 77 96 87 86 88
(You can download them from http://www.cs.mu.oz.au/~mkwan/bitslice)
However, I was recently told that these have now been beaten by a
significant margin. I thought about it for a while, and came up with
some ideas that should improve the count, but I'd like to know what
I'm aiming for.
Any improvements I make will also be made freely available, so you
have an incentive to help me ;-)
mkwan
From nobody at REPLAY.COM Wed Mar 4 16:29:36 1998
From: nobody at REPLAY.COM (Anonymous)
Date: Wed, 4 Mar 1998 16:29:36 -0800 (PST)
Subject: ed yourdon on Y2k armaggedon
In-Reply-To: <199803022316.PAA18159@netcom16.netcom.com>
Message-ID: <199803050029.BAA15356@basement.replay.com>
>That said, I'll bet the first taker a dollar against a doughnut that 90%
>of U.S. nuke plants sail right through into the new millenium and don't
>even trip for any technical reason. (I won't bet against
>*political* reasons.)
>
>Why do I think so?
>
>Nuke plants are much less computerized than you might think.
>
>Many still use electromechanical relays to provide important logic
>functions. Relays have a lot going for them - for instance you never have
>to worry about introduction of stupid software bugs.
What about real bugs introducing themselves into relays? :)
A few years ago a nuke plant wanted to build a computerized control system
and USNRC absolutely gave them hell, requiring them to document every damn
line of it and prove that it could handle all special cases. But they did
finally approve it.
From honig at 206.40.207.40 Wed Mar 4 17:10:38 1998
From: honig at 206.40.207.40 (David Honig)
Date: Wed, 4 Mar 1998 17:10:38 -0800 (PST)
Subject: Win95/NT attack in CNN news
Message-ID: <3.0.5.32.19980304171023.0079bd10@206.40.207.40>
http://www.cnn.com/TECH/computing/9803/04/internet.attack.ap/
Hacker attack crashes
Windows systems
coast-to-coast
March 4, 1998
Web posted at: 10:05 a.m. EST (1505 GMT)
SAN DIEGO (AP) -- Computer
security experts blame hackers for
an Internet attack that caused
computers running Microsoft's
Windows NT software to crash
from coast to coast, mostly in
government and university offices.
While no real harm was done, it
was too early to gauge the full extent of the attack.
Experts said the
far-flung glitches could only have been the result of a
deliberate act,
The San Diego Union-Tribune reported Wednesday.
The crash Monday night affected computers running
Windows NT
-- the operating system for larger computers and
networks -- and
Windows 95.
Problems were reported at the Massachusetts Institute of
Technology, Northwestern University, the University of
Minnesota
and University of California campuses in Berkeley,
Irvine, Los
Angeles and San Diego.
Unclassified Navy computers connected to the Internet
also crashed
on Point Loma and in Charleston, South Carolina,
Norfolk, Virginia,
and elsewhere.
"It happened so fast," said Craig Huckabee, a research
associate in
the Computer Systems Laboratory at the University of
Wisconsin.
"In our department, I would have to say about 90
percent of the
machines were affected."
Despite the coordination of the attack, the computers
that crashed
could be restarted without losing information, computer
security
experts said.
The attackers used the Internet to broadly distribute a
snippet of
deliberately malformed data, said Ron Broersma, a
civilian computer
security expert at the Navy labs on Point Loma.
The prank exploits a glitch in the Windows NT program by
instructing the computer to devote excessive memory
resources to
solve a problem that can't be solved.
Microsoft security manager Ed Muth said the company is
working
on a software patch that fixes the vulnerability in
Windows NT
programs.
An unidentified Microsoft executive told the
Union-Tribune it was
unknown if the attack was related to Microsoft Chairman
Bill Gates'
appearance Tuesday at a Senate hearing where he
defended his
company against allegations of antitrust violations.
------------------------------------------------------------
David Honig Orbit Technology
honig at otc.net Intaanetto Jigyoubu
"But if we have to use force,
it is because we are America;
we are the indispensable nation."
---Secretary of State Madeleine K. Albright
http://www.jya.com/see-far.htm
From mclow at owl.csusm.edu Wed Mar 4 17:49:32 1998
From: mclow at owl.csusm.edu (Marshall Clow)
Date: Wed, 4 Mar 1998 17:49:32 -0800 (PST)
Subject: Win95/NT attack in CNN news
In-Reply-To: <3.0.5.32.19980304171023.0079bd10@206.40.207.40>
Message-ID:
The best part about it was the quote on the front page of the
San Diego Union-Tribune:
"This is so weird, so widespread, and the press doesn't seem to know about
it," Broersma said. "Maybe it's because people are used to their Windows
software crashing all the time."
-- Marshall
Marshall Clow Adobe Systems
Warning: Objects in calendar are closer than they appear.
From billp at nmol.com Wed Mar 4 18:51:16 1998
From: billp at nmol.com (bill payne)
Date: Wed, 4 Mar 1998 18:51:16 -0800 (PST)
Subject: Brickell and Sandia
Message-ID: <34FE12B4.6021@nmol.com>
Wednesday 3/4/98 6:59 PM
Orlin
While trying to recover from the stomach flu, I am going over your stuff
summarized at
http://www.aci.net/kalliste/dcguide.htm
You wrote at [Brickell-Gemmell-Kravitz.]
http://www.aci.net/kalliste/sandia.htm
Sandia National Laboratories have created the digital cash equivalent
of the Clipper chip: an "anonymous"
digital cash system that would give participants privacy from all
viewers, except for the government agencies
that would control the secret keys required for backdoor access.
and
Why is Sandia interested in digital cash systems? Well, Sandia is
responsible for all non-nuclear components
of nuclear weapons. The security of nuclear weapons depends partly on
cryptology. The code- breaking
National Security Agency (NSA), for example, is responsible for the
communication security of the
Minuteman missile, as well as the codes by which the President must
identify himself to authorize a nuclear
strike.
Brickell and Simmons were in the COMPUTATIONAL/COMPUTER SCIENCES & MATH
CENTER,
directorate 1400, at Sandia.
I worked in the ELECTRONIC SUBSYSTEMS CENTER, directorate 2300,
division 2311, when I was project leader of the Missile Secure
Cryptographic Unit, the small missile, [between about 1982-86].
All of the nuclear bomb crypto implmentation work was done in 2300, not
1400.
The MAIN difference is that the 2300 people were a bunch of PRACTICAL
engineers and REAL-PRACTICAL software types. NOT theoreticians.
Gus Simmon once tried to get into the implentation business.
Simmons bought an Intel 320 [?] development system. The Intel 320 was a
piece of junk and nothing happened with Simmons� implementation work.
Simmons� try, naturally, caught the attention of 2300 management, for
business reasons, of course.
I LOVE reading all of this stuff from a Sandia historical standpoint.
The REAL WORLD of Sandia crypto stuff in pockmarked by some REAL
SCREW-UPS. Which all
of us implementers shared so as not to commit the same mistakes again.
I asked my department manager, Kent Parsons, how the screw-ups affected
him. He responded that
it made him sleepy. These were MULTI- if not HUNDREDS- million dollar
screw-ups.
Later
bill
From bill.stewart at pobox.com Wed Mar 4 23:50:43 1998
From: bill.stewart at pobox.com (Bill Stewart)
Date: Wed, 4 Mar 1998 23:50:43 -0800 (PST)
Subject: Digital Bearer Settlement
In-Reply-To:
Message-ID: <3.0.5.32.19980304152937.007e0c20@popd.ix.netcom.com>
Nice article, and I'll have to see if I can get Ian
to talk about HINDE for this month's Bay Area Cypherpunks.
One thing I noticed while reading it, though, is that you still have
"and then you go to jail" at the end of some transaction failure branches,
though most of the failure branches end with "Nothing happens".
While you're not doing book entry at every step,
bearer instruments still depend on the maker honoring them,
whether it's exchanging the bank note for gold pieces
or trading the digicash bits for Federal Reserve Notes --
"then the banker goes to jail" can still happen,
and a digicash world may not have as many S&L Bailout
political favors as the Reagan Years provided.
Also, there are the transactions where you trade
digicash for goods&services, and there's still the problem
of making sure the goods&services got delivered,
making sure the payment got delivered, and dealing with
poor quality products. For purely digital products,
like consulting hours, movies, and microcode, there are
protocols that can take care of the exchange,
but for goods&services involving real stuff,
like pizza delivery, there's still an element of
trust required.
Thanks!
Bill
Bill Stewart, bill.stewart at pobox.com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
From whgiii at invweb.net Thu Mar 5 00:34:01 1998
From: whgiii at invweb.net (William H. Geiger III)
Date: Thu, 5 Mar 1998 00:34:01 -0800 (PST)
Subject: Digital Bearer Settlement
In-Reply-To: <3.0.5.32.19980304152937.007e0c20@popd.ix.netcom.com>
Message-ID: <199803050833.DAA19434@users.invweb.net>
-----BEGIN PGP SIGNED MESSAGE-----
In <3.0.5.32.19980304152937.007e0c20 at popd.ix.netcom.com>, on 03/04/98
at 03:29 PM, Bill Stewart said:
>Nice article, and I'll have to see if I can get Ian
>to talk about HINDE for this month's Bay Area Cypherpunks.
>One thing I noticed while reading it, though, is that you still have "and
>then you go to jail" at the end of some transaction failure branches,
>though most of the failure branches end with "Nothing happens". While
>you're not doing book entry at every step,
>bearer instruments still depend on the maker honoring them,
>whether it's exchanging the bank note for gold pieces
>or trading the digicash bits for Federal Reserve Notes --
>"then the banker goes to jail" can still happen,
>and a digicash world may not have as many S&L Bailout
>political favors as the Reagan Years provided.
>Also, there are the transactions where you trade
>digicash for goods&services, and there's still the problem
>of making sure the goods&services got delivered,
>making sure the payment got delivered, and dealing with
>poor quality products. For purely digital products,
>like consulting hours, movies, and microcode, there are
>protocols that can take care of the exchange,
>but for goods&services involving real stuff,
>like pizza delivery, there's still an element of
>trust required.
Well there are a couple of different approaches depending on the
environment of the transaction.
If it is what I call a "cash and carry" environment where you, the
merchant, and the product are all physically in the same place then the
transaction can take place as any cash transaction would. the merchant
gives you the product, you give him the e-cash bits and the transaction is
done.
If the environment is a "mailorder" environmet where you and the merchant
are in remote locations then there are two different approaches:
- -- COD:
You place the order, the merchant delivers it. At the time of delivery
you pay for the product.
- -- Escrow:
You place the order. After placing the order you transfer your e-cash
bits into an escrow account. When the merchant has verification that the
bits are in escrow he ships the product. Upon recept of the product you
release the funds from the escrow account and the merchant is paid.
Now with escrow based system you can be more creative with the product
insurance end of things. You an the merchant may agree that there will be
a 30 day trial period where the funds will stay in escrow and during that
period you can judge the quality of the product. If a complaint is filed
with the escrow agent within the 30 day period then you would have X
number of days to return the product and get your money back. Merchants
could set up warranty insurance where x% of sales are kept in an escrow
account to cover returns/warranties. All kinds of fun stuff could be done.
- --
- ---------------------------------------------------------------
William H. Geiger III http://users.invweb.net/~whgiii
Geiger Consulting Cooking With Warp 4.0
Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 2.6.3a at: http://users.invweb.net/~whgiii/esecure.html
- ---------------------------------------------------------------
Tag-O-Matic: OS/2, Windows/0
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a-sha1
Charset: cp850
Comment: Registered_User_E-Secure_v1.1b1_ES000000
iQCVAwUBNP5VyY9Co1n+aLhhAQGo+wQAtCHzRWIjR/LsSjn8PRTsXzOijfuplLkB
9JSB5nnb1OHaDUGEepx3K3a00yrXrLTQwO9xfopIu6kO7SEQ+miAMZbPRybLBgH/
6CBqr4/+83C+p3PK2KIPIwZkETp37C0/JSBgfjwn+W6XEREtEQxbUhqT6DaqgkPg
gr58Wb8lGRM=
=eJGN
-----END PGP SIGNATURE-----
From 01088496 at 17733.com Thu Mar 5 06:36:16 1998
From: 01088496 at 17733.com (01088496 at 17733.com)
Date: Thu, 5 Mar 1998 06:36:16 -0800 (PST)
Subject: Your Trade Posting
Message-ID: <19943672.886214@relay.connect.com.au >
Dear Trader,
We saw your posting and would like more information... We are
open to discovering a new product and true opportunity.
We would like to take this opprotunity to introduce ourselves
as manufacturers and exporters for Hot-Selling products in
these categories: Health Care, Personal Electronics, Security
and Home & Gifts. More than that, we offer China price at
Japanese quality. OEM projects are welcome.
Are you marketing on the Internet? If not, YOU SHOULD!!
Discover the secrets of Online Marketing!
REACH "MILLIONS" - ABSOLUTELY FREE - WITH OUR AMAZING
NEW USER-FRIENDLY INTERNET MARKETING EMAIL SOFTWARE!
ELMED provides everything your company needs to communicate
around the world, around the clock: manage a commercial email
system, collect email addresses from multiple sources, create
personalized messages, and email out to your list at the touch
of a button.
If we can further assist you, please do not hesitate to contact
me directly at .
We look forward to being able to develop a long and mutually
beneficial business relationship.
Best Regards,
Elmed International (China,HongKong,Cyprus) Ltd
Nikola
************** The products Every Home Will Want ***************
(*) LAUNDRY BALLS "CODE WASH"
ANTI-BACTERIAL, HYPO-ALLERGENIC, ECONOMICAL SOAP SUBSTITUTE,
NON-TOXIC, ENVIRONMENTALLY SAFE, REUSABLE UP TO 750 TIMES
Say Goodbye to Detergents !!!
It's a whole new concept in washing that's so economical,
it saves time, energy, water and fabric softener.
(*) FULLY AUTOMATIC TREATMENT APPARATUS
"World's Best Health Care Product"
Effective pain & disease relief; Improves metabolism,
blood circulation, the nervous system and immunity function;
Gold medal EUREKA-Brussel
(*) BACK-STOP Gets Stolen Cars Back /ON-LINE AUTO ALARM/
Patented anti-theft paging facility that allows users to
immobilise a car being stolen, from a safe distance.
(*) The World's Leading Internet Marketing Tools!
Get Your Business Noticed.
You cannot successfully market your product, service, or MLM
on the Internet without our tools:
- Precision WebPage Email Address Collector will begin searching
for targeted email addresses
- The World's Number #1 Bulletproof Bulk Email Software
- The best Web Site Submission software available !
Auto submits your Web Site to hundres of Major Search Engines.
- The Web Position Analyser software to analyze, to track, and
to help you improve all your Internet search positions
(*) IDEAL PRODUCTS FOR MAIL ORDER, TV SHOP, MLM, DIRECT MARKETING :
- OPTIMAX Internet Relaxation Tool
- "EINSTEIN" - A BRAIN WAVE ENHANCING MACHINE
- CAMMY-BELLE Apparatus for Beautification & Weight Reduction
- ROCKY-BO Magnetic Beauty-Fit Apparatus
- WONDER CREAM Human body-cell potential activator
- SLEEP SOOTHER (THE DREAM MACHINE)
- $3.55 Personal Organizer (Data Bank)
- A WONDERFUL WORLD OF SOUNDS - Talking Children's Books
- New Solar Products (lights, radio, premiums...)
. . . AND MUCH MORE !!!
From rubin at research.att.com Thu Mar 5 07:15:11 1998
From: rubin at research.att.com (Avi Rubin)
Date: Thu, 5 Mar 1998 07:15:11 -0800 (PST)
Subject: List of college and graduate courses in crypto and security
Message-ID: <199803051512.KAA08000@mgoblue.research.att.com>
I maintain a list of college and gruaduate level courses in security
and cryptography at
http://www.cs.nyu.edu/~rubin/courses.html
>From time to time, I like to update the list. If you know of
a full semester course in crypto or security that is not on my
list please let me know. URLs are especially useful. Also, if you
see something on my list that is out of date, let me know.
Thanks,
Avi
*********************************************************************
Aviel D. Rubin rubin at research.att.com
Secure Systems Research Dept. Adjunct Professor at NYU
AT&T Labs - Research
180 Park Avenue http://www.research.att.com/~rubin/
Florham Park, NJ 07932-0971 Voice: +1 973 360-8356
USA FAX: +1 973 360-8809
--> Check out http://www.clark.net/pub/mjr/websec/ for a new
book on web security (The Web Security Sourcebook).
*********************************************************************
From Ekkoh1 at aol.com Thu Mar 5 08:12:34 1998
From: Ekkoh1 at aol.com (Ekkoh1)
Date: Thu, 5 Mar 1998 08:12:34 -0800 (PST)
Subject: WARNING!
Message-ID: <3557c8ad.34f8053e@aol.com>
Warning! You're about to see something great! If you are interested, visit
this web site....
http://207.36.85.71
or click here!
From debiloo at juno.com Thu Mar 5 09:46:09 1998
From: debiloo at juno.com (debiloo at juno.com)
Date: Thu, 5 Mar 1998 09:46:09 -0800 (PST)
Subject: $.03 PHONE CALLS?
Message-ID: <199803051746.JAA18767@cygint.cygnus.com>
$.03 PHONE CALLS?
1+ dialing and 800 incoming
Hard To Believe... But TRUE
With the amazing new Technology,
you'll see calls on your phone
bill for $.06, $.04......even $.03
Best of all, it doesn't matter
what company you're now using.
You don't need to switch carriers!
Call anytime and leave your name,phone #
and a representative will call you back with
information the phone company
never wanted you to find out about.
Don't wait , call now! you'll love what we
have to share with you on this exciting
New Technology!
Call: Owen @ 1-408-393-0106
From jkwilli2 at unity.ncsu.edu Thu Mar 5 10:11:33 1998
From: jkwilli2 at unity.ncsu.edu (Ken Williams)
Date: Thu, 5 Mar 1998 10:11:33 -0800 (PST)
Subject: No Subject
Message-ID:
Hello,
I have more of a general privacy rather than a crypto question. I am
trying to set up "tripwires" in the various computer accounts that i have
so i will know if a superuser or sysadmin has accessed them. (it should
be taken for granted at this point that all sensitive or personal data is
encrypted and/or stored on floppies) i of course am only concerned with
doing so for accounts that i don't already have su access with. i have
accounts on various flavors of UNIX, but i am most interested in
tripwires/scripts for Solaris 2.4-6. so far, the best i have been able to
come up with is a couple of very ineffective tripwires.
1. a few lines in .Xlogout that write the host/date stamp to a file that
is hidden a few directories deep.
- this of course only works if someone logs in to my account using
my own login/passwd, and it doesn't work over dialup at all.
2. i have a .environment file that will write all of the relevant user
info to a file if that user adds my directory with the "add" command
- this will catch all superuser accesses *if and only if* they add
my directory. they could simply cd into my directory to bypass it.
anyone have any ideas for tripwires or any other methods i can use, having
only regular user access, to monitor ANY accesses made to my account,
especially by superusers/sysadmins?
thanks for your consideration of this question,
ken
From honig at otc.net Thu Mar 5 11:18:21 1998
From: honig at otc.net (David Honig)
Date: Thu, 5 Mar 1998 11:18:21 -0800 (PST)
Subject: Feds bust Inet gambling
Message-ID: <3.0.5.32.19980305111814.007a9b20@otc.net>
All parties were consenting but the Fed doesn't like it.
First the virtual betting parlors.
Then the virtual banks and cryptocash.
http://dailynews.yahoo.com/headlines/technology/wired/story.html?s=n/reuters
/980304/wired/stories/gambling_1.html
Wednesday March 4 4:56 PM EST
U.S. authorities launch Internet gambling crackdown
NEW YORK (Reuters) - U.S. federal authorities charged 14 people on
Wednesday with running gambling sites on the Internet in violation of
federal laws.
In complaints unsealed in Manhattan Federal Court, the U.S. Attorney's
office charged the 14 with using Internet Web sites and telephone lines to
bet on U.S. football, basketball, hockey and baseball games, charging a 10
percent commission per bet.
At least some of the defendants were scheduled to appear before a U.S.
magistrate judge later on Wednesday.
The defendants were charged with using Internet sites to open bettor
accounts, usually with a minimum deposit of $500, and then accepting bets
on games and game score spreads and maintaining accounts for clients.
Client funds were directed to banks or addresses in such offshore locations
as Antigua, Curacao, Costa Rica and Panama, where betting is legal. But the
complaints alleged that the six operations conducted much of their business
within U.S. borders.
One defendant, Steven Budin, 27, of SDB Global (www.sdbg.com), said his
business used the Internet only for marketing, not to take bets.
"We don't take wagers over the Internet," he said.
------------------------------------------------------------
David Honig Orbit Technology
honig at otc.net Intaanetto Jigyoubu
"But if we have to use force,
it is because we are America;
we are the indispensable nation."
---Secretary of State Madeleine K. Albright
http://www.jya.com/see-far.htm
From nobody at REPLAY.COM Thu Mar 5 11:24:11 1998
From: nobody at REPLAY.COM (Anonymous)
Date: Thu, 5 Mar 1998 11:24:11 -0800 (PST)
Subject: No Subject
Message-ID: <199803051920.UAA16885@basement.replay.com>
In doing a search on the "RELIGIOUS FREEDOM AMENDMENT", Lycos popped over 2000 hits. In checking out several sites, this one seemed the most rational in discussing the issue.
http://www.religioustolerance.org/const_am.htm
From n9505834 at garbo.nepean.uws.edu.au Thu Mar 5 11:48:20 1998
From: n9505834 at garbo.nepean.uws.edu.au (? the Platypus {aka David Formosa})
Date: Thu, 5 Mar 1998 11:48:20 -0800 (PST)
Subject: Feds bust Inet gambling
In-Reply-To: <3.0.5.32.19980305111814.007a9b20@otc.net>
Message-ID:
On Thu, 5 Mar 1998, David Honig wrote:
[...]
> U.S. authorities launch Internet gambling crackdown
>
> NEW YORK (Reuters) - U.S. federal authorities charged 14 people on
> Wednesday with running gambling sites on the Internet in violation of
> federal laws.
I wonder if thay are going to go after http://www.tab.com.au/ ?
I personaly find these anty-betting laws difficalt to understand.
Please excuse my spelling as I suffer from agraphia see the url in my header.
Never trust a country with more peaple then sheep.
Support NoCeM http://www.cm.org/
I'm sorry but I just don't consider 'because its yucky' a convincing argument
From readmexxx at aol.com Thu Mar 5 13:42:20 1998
From: readmexxx at aol.com (jic)
Date: Thu, 5 Mar 1998 13:42:20 -0800 (PST)
Subject: Readme
Message-ID: <199803051737.RAA17689@mailroot.com>
Click here!!
From vznuri at netcom.com Thu Mar 5 14:04:33 1998
From: vznuri at netcom.com (Vladimir Z. Nuri)
Date: Thu, 5 Mar 1998 14:04:33 -0800 (PST)
Subject: y2k: 37% govt computers
Message-ID: <199803052204.OAA11157@netcom13.netcom.com>
------- Forwarded Message
Date: Thu, 05 Mar 1998 07:04:43 -0600
To: believer at telepath.com
From: believer at telepath.com
Subject: IP: Y2K-37% of most critical gov't computers will not be updated
in time
Source: Los Angeles Times
Thursday, March 5, 1998
House Panel Warns of Year 2000 Computer Crisis
By RALPH VARTABEDIAN, Times Staff Writer
WASHINGTON--In the most dramatic warning yet of an impending computer
crisis in the government, a congressional panel said Wednesday that 37% of
the most critical computers used by federal agencies will not be updated in
time to handle dates in the year 2000 and will be subject to widespread
failure.
The estimate calls into sharp question past assurances by the Clinton
administration that it is moving quickly enough to avert serious outages
that could undermine military forces, benefit payments to the public and
the nation's air transportation system, among much else.
With just 666 days left until the year 2000, a slew of reports and
investigations in recent weeks have raised serious concerns that the
government is not acting fast enough to avoid serious problems.
The executive branch has almost 8,000 computer systems that are considered
critical to government operations, and nearly 3,000 of them will not be
able to read dates in 2000, according to the report issued by the
subcommittee on government management, information and technology of the
House Government Operations and Oversight Committee. The computers will
either shut down or spew out erroneous data.
California Rep. Steve Horn (R-Long Beach), the subcommittee chairman who
has taken the lead in Congress in solving the problem, issued a "report
card" along with the new report that gave the federal government a D-minus
in its efforts to avoid a crisis.
"Failure is intolerable," Horn said.
The year 2000 problem results from widespread use of two digits in software
to designate years. Computers assume that every year starts with "19," so
when 2000 arrives, they will interpret "00" as the year 1900.
President Clinton created a White House panel on Feb. 4 to lead the
government's efforts in solving the problem and appointed John A. Koskinen,
former deputy director at the Office of Management and Budget, to lead the
effort. But Koskinen has not yet started his work, and his panel has hardly
gotten off the ground after 28 days, according to Horn's staff.
White House press officials did not respond to queries about Horn's report.
As the scope of the government's problems become clearer, the cost to avert
a crisis is also growing. The Office of Management and Budget had long
insisted that the problem would cost a little more than $2.3 billion to
fix, but that figure has been growing over the last year. Its most recent
estimate pegged the cost at $4 billion.
Horn estimated that the government is facing a cost of $10 billion.
Copyright Los Angeles Times
**********************************************
To subscribe or unsubscribe, email:
majordomo at majordomo.pobox.com
with the message:
subscribe ignition-point email at address
or
unsubscribe ignition-point email at address
**********************************************
------- End of Forwarded Message
From afabbro at umich.edu Thu Mar 5 17:39:15 1998
From: afabbro at umich.edu (andrew fabbro)
Date: Thu, 5 Mar 1998 17:39:15 -0800 (PST)
Subject: Login Tripwire Protocols
In-Reply-To:
Message-ID:
> I have more of a general privacy rather than a crypto question. I am>
> trying to set up "tripwires" in the various computer accounts that i have>
> so i will know if a superuser or sysadmin has accessed them. (it should
Can you build a reliable login tripwire on a machine where you don't
have root access and root is likely a malicious character? The answer
is...maybe! It requires a fairly sophisticated protocol and a lot of
work...here are three of my ideas that didn't pan out, one that probably
would, and a lot of caveats. I'd appreciate comments, criticism,
etc. from other 'punks.
THE GOAL
You have an account on a system on which you do not trust root, or on
which you think someone else may be able to log in as you. You want
to build an automated system which alerts you when someone logs in as
other than yourself.
(n.b.: we're just talking about a login tripwire. Root doesn't need to
log in as you to read your mail or copy your files).
THE PROBLEM
The basic problem here is that you can't trust anything on the
insecure system. Root can modify any file, any binary, your shell, your
environment, the kernel, a program running in memory, logs, devices, etc.
You want to get secure information out of an environment in which all
incoming and outgoing communications can be tampered with at will.
It's sort of like standing in front of a locked door to a speakeasy and
wanting to know if your friend Ivan is inside. You can slide a paper
through the slat and if Ivan is in inside, require that he prove himself
by signing the paper. However, if the paper comes back blank and the
bouncer says "he ain't here," how do you know that Ivan isn't tied up
in the back room?
I've thought of some protocols which root could defeat only if he had an
above-average degree of technical sophistication...e.g., examing a running
kernel and modifying it, disassembling binaries, etc. These are not
normal admin tasks. However, trusting your adversary to be ill-educated
is poor security practice. There is one good protocol I thought of,
which would work except for the the #1 problem common to any attempt of
this sort...
THE ACHILLES HEEL
...and the #1 problem is: how do you determine if you (or someone posing
as you) is logged on to the remote machine? Suppose the bouncer is
honest. What if your adversaries can make Ivan invisible? Anything your
account initiates via a .login script or similar can easily be avoided
by root, who can modify these scripts before logging in and restoring
them when done. This leaves you with some sort of automated checking
to see if you're on, and a system to alert you if you are.
The common ways of determining who's logged on to a system can fail or be
circumvented:
(a) utmp - notoriously easy to circumvent (utmp provides the info
for who, finger, etc.) Sometimes an errant shell will circumvent
this accidentally, to say nothing of a concerted effort. Root can
modify this trivially.
(b) ps to look for owned processes -- root can easily write a ps
program that works normally except for devious reporting when
he's masquerading as you. Even if you use a custom program
(which you have to either import each time or hash-check),
root can modify the kernel, your environment, etc.
(c) you can see who owns /dev terminals, but again...
(d) I'm not sure if there is some method of consulting the kernel.
Modifying a running kernel is considerably more difficult than
the above, but if there is a means of consulting the kernel to
see who's on, root could certainly circumvent it.
You could make SHA message digests of the relavent system binaries and
include checks for them in your robot messanger, but root may already
have changed them. And remember that root can control your shell,
your environment, etc.
Maybe you assume that your adversary could not do these things. I don't
think there is no 100% reliable way to see authoritatively who's logged
on to a system, even if your adversary is not a wizard. However, for
the sake of discussion, let's assume for the moment that you find some
method of determining who's logged in that you feel confidant with,
either because your adversary lacks the technical ability to circumvent
normal methods, or because they are one person secretly being naughty
in an otherwise professional team that would notice changes, or because
your own wizardry outstrips there's.
The next trick is to build a robot to either sit inside the speakeasy to
shout out to you if Ivan is there, or one that goes into the speakeasy,
looks around, and reports back to you. The trick is making sure that
the robot's voice is not impersonated by your enemies or that it is not
rewired before being sent back to you.
THINGS THAT WON'T WORK
Any kind of notification system that is initiated by your login scripts.
Anything that requires querying the insecure machine from a remote
machine to ask if you're logged on. Root controls all inbound and
outbound communication.
Any sort of cron job run on the insecure machine -- root can turn these
off, insert a spoofer, do his deeds, and then restore things, with you
being none the wiser.
These protocols all assume you have an account on a trusted machine
that you feel is secure (you fool!), at least from the admin on the
insecure machine.
PROTOCOL #1 - DAEMON
You set up a daemon on the insecure machine which once a minute sees
who's on, and if you're on, sends that information along with a SHA
message digest (hash) of itself and its process number to the remote
machine, who checks to see if the process number or hash has changed,
and then builds a log. You can then check this log to see if anyone
was on when you don't remember being on.
Problems:
(*) root can monitor outbound mail. When he sees a message going to
your secure machine, he simply replaces it.
(*) root can grab the daemon's code out of memory, rewrite it so that it
first asks root if it should say you're on, and then proceeds normally,
sending out the same process number and SHA MD as an unmodified daemon
would. He can even write a daemon that monitors for your daemon,
correcting its output whenever you restart your daemon.
PROTOCOL #2 - DAEMON IMPROVED
Same as #1, but this time the daemon first asks for a public key
from your secure host, and then encrypts its response using that key.
This defeats the first attack above.
Problems:
(*) root can use a classic man-in-the-middle attack to harvest the key
on inbound mail and then encrypt it for outbound mail. No improvement.
PROTOCOL #3 - PROCMAIL + BINARY ROBOT
The trusted machine contains a set of object files in a linkable state
(i.e., post-compile, pre-link) for a binary robot which (a) checks to
see if you are logged on to whatever machine the robot is running on,
(b) encrypts this information using a public key, and (c) returns the
encrypted "yes/no" to the trusted machine, as well as a SHA message
digest of itself.
You set the following up as a cron job to run every X minutes on the
trusted machine. The longer the gap, the longer an intruder might be
able to play around unnoticed. However, the shorter the gap, the higher
the load, and you have to make sure the insecure machine can finish it's
processing within the gap. Perhaps X should be semi-random.
(a) the trusted machine generates a public/private key pair. The public
key is placed in a linkable format and linked with the object files for
the binary robot. The trusted machine notes the outbound binary's SHA
message digest.
(b) the trusted machine mails this binary robot to the insecure machine.
At the insecure machine, you have a .procmailrc which looks for the
robot and runs it
(c) the robot checks to see if you're online, and encrypts a reply
using the public key that's stored within it. It sends this back to
the trusted machine.
(d) the trusted machine decrypts the message. Because each key is
different, one-time, and used sequentially, there should be no replay
attack possibility here. The trusted machine checks the SHA MD, and
if it's different, goes into alert mode -- sending you e-mail, paging
you, whatever. Otherwise it just continues to build its log that you
can examine later. You could do more processing -- perhaps you only
turn on this system on the trusted machine when you're not logged into
the insecure machine. If it detects you are on while it's running,
it goes into alert mode.
(e) lather, rinse, repeat.
Problems:
(*) impracticalities of system load, and possible processing time length,
as noted above
(*) Root could sabotage procmail so instead of spawning your robot, it
spawns one of root's. This mischevious binary then digs out the public
key from your robot's binary code, and returns a message with a "no,
he's not on" message and an SHA message digest of your binary. (He could
also delete your .procmailrc or otherwise stop your automated system, but
this would be obvious and suspicious). Since he'll have your binary and
your public key, there is no way to prevent this man-in-the-middle attack.
PROTOCOL #4 - PROCMAIL + BINARY, IMPROVED
Same as #3, but when the trusted machine links your little binary robot,
it randomly selects one of many random object files which contain
some trivial operation for the robot to perform. The results of this
operation are then appended to the robot's reply. Examples of these
random operations:
-- print out the date in format X
-- print "CNN Anchorwoman Lynn Russell is a goddess"
-- lookup root's shell and `ls -l` it into the message
-- print out the first 15 prime numbers into the message
-- multiply pi by 9.856497 and print out the result
-- figure the SHA hash of /bin/sh and print it
etc. If this robot is intercepted, it will be difficult for root's robot
to mimic its behavior. Yes, root could manually disassemble it and figure
out what it's secret operation is and build his own binary to mimic it, but
not in the minute or two that the binary will run before the next robot
each time would likely not work, because the compiler might link them all at
the same place and root's malicious binary could examine the binary and
ferret out the string automatically.
The random operations do not have to be complex, but they must have these
qualities:
(*) the result must be definitively known to the trusted system
(e.g., something like "finger root to see when he last logged
in" will not work. But "figure 9 to the 7th power and print
the result" would)
(*) the operation must be reasonably fast -- you don't want the
robot doing a long calculation, which might let root analyze
the robot, kill it, perform the calculation himself (perhaps
on a faster machine), and spoof the reply. Diversity is more
important than complexity
(*) there must be a large pool of these operations to choose from
(*) the choosing must be random. Obviously, it will
be pseudorandom, but a strong pseudorandom system with
least-significant time seeds should be sufficient, unless the
insecure machine's root in this case is root at nsa.gov.
Problems:
(*) again, impracticalities of system load, and possible processing time
length, as noted above
(*) root will be able to save and analyze the robot binaries. If the
pool is not diverse enough, root might be able to determine the likely
next message and spoof the reply. This will not be detectable from
the trusted machine's perspective. However, the trusted machine might
(a) have a large pool of random operations to choose from to make this
impractical, or (b) simply have a subroutine which randomly generates
random operations from a pool of pieces -- e.g., a set of rules from which
it randomly picks, and then performs other random operations to generate
the actual operation. (i.e., rule #85 says pick three floating-point
numbers and generate an operation wherein the robot has to figure out
the cosine of each). This would be much more difficult to predict/spoof.
CONCLUSIONS
First and foremost, the difficult of accurately determining who's on
will likely undermine any attempt to set up a login tripwire.
Also, we're talking about a login tripwire. Suppose I'm root and I
want to copy a file from your home directory called diary-of-my-sexlife.
All I have to do is note the access/modify/change times, copy the file,
and then restore these times with touch(1). You can't detect or prevent
read-only access.
Going to all the work of implementing protocol #4, the most reliable of
these, would likely result in a reasonably secure way of determing if
you're logged in (again, with the difficulty of determining who's logged
on caveats), but is it worth all this effort? I was just thinking these
things up because I was bored. If I really had an account on a system
I didn't trust, I would cancel it.
--
Andrew Fabbro [afabbro at umich.edu] [andrewf at jesuswept.com]
http://www-personal.umich.edu/~afabbro/ 313.647.2713
"We make money the old fashion way. We print it." - DigiCrime
From jya at pipeline.com Thu Mar 5 17:40:05 1998
From: jya at pipeline.com (John Young)
Date: Thu, 5 Mar 1998 17:40:05 -0800 (PST)
Subject: Gun Grabbers in WASHINGTON -- Friday
Message-ID: <1.5.4.32.19980306014415.0102aa64@pop.pipeline.com>
Anonymous wrote:
>
>8 a.m.-Noon. POWDER TAGGANTS - Conclusion of a two-day conference by a
>National Resarch Council committee examining the technical viability of
>and issues related to tagging black and smokeless powders.
> Location: National Academy of Sciences, 2100 C St. NW.
> Contact: 202-334-2138.
The New York Times reported today that the National Research
Council found that it was not feasible to require taggants in
explosives and recommended that the technology not be pursued.
Instead, it proposed improved licensing and protection of storage.
The panel noted that it would be very difficult to restrict access to
common materials for manufacturing explosives, and that law
enforcement should improve investigation, intelligence and
education of the public.
An unconfirmed Reuters is that the panelists fist-fought tooth-and-nail
gouch&suck-eyeballs over the issue of a confidential investigation to
determine why there were no ATF agents in Murrah, only the
head-hammered remains of all the agency's Wintel boxes choked
with endless incoming of "The Availability of Bombmaking Information
on the Internet" auto-forwarded from Senator_Feinstein at remailer.to.
From poc at search-engine-help.com Thu Mar 5 22:26:07 1998
From: poc at search-engine-help.com (poc at search-engine-help.com)
Date: Thu, 5 Mar 1998 22:26:07 -0800 (PST)
Subject: Your Web Site's Findability
Message-ID: <199803060625.WAA20788@cygint.cygnus.com>
Would you like to improve your website's "find-ability" in
the Search Engines?
During the past two years, my company has been placing
hundreds of webpages into the Top Ten -- the front page --
of the major search engines... and, for about $8 a month, I
will show you how we do it... and I'll share with you our
ongoing research -- every month!
My name is Stephen Mahaney. I am the president of Planet
Ocean Communications. My web marketing company has literally
"written the book" on how to position your website on the
front page -- the Top Ten -- of each of the major search
engines... guaranteed!
Our 65 page manual identifies every trick & technique that
is being used on the Internet to gain an almost "unfair"
advantage in landing websites at the top of the search
engine lists -- right where you need to be so that potential
customers who are seeking your services or products can find
you.
Our monthly Newsletter keeps you abreast of the latest
techniques and frequent changes that take place in the
dynamic world of "search engine" science.
However, understanding the process does not require a degree
in "rocket" science -- nor do you need to be "technically
oriented". Whether your website is a "do-it-yourself"
project or you are paying someone to maintain your site, you
(or your webmaster) need to know the tricks in this book in
order to compete with the professionals who are dominating
the front pages of the various search categories.
To learn more about how you can obtain this essential
information and receive a free subscription to our
Newsletter -- SEARCH ENGINE SECRETS UPDATE, go to....
http://www.search-engine-help.com/advantage/
You'll be glad you did.
Sincerely,
Stephen Mahaney - President
Planet Ocean Communications
***************************************************
Note: We have contacted you based on information that we
gathered while visiting your website - If you would prefer
not to receive mail from us in the future, simply reply with
the word "remove" in the subject line and you will be
automatically excluded from future correspondence. Thanks
***************************************************
Thought for the day...
"The only thing a man can take
beyond this lifetime is his ethics"
From sherman at cs.umbc.edu Fri Mar 6 03:11:48 1998
From: sherman at cs.umbc.edu (Dr. Alan Sherman)
Date: Fri, 6 Mar 1998 03:11:48 -0800 (PST)
Subject: Barry Smith (FBI) speaks today 3:30pm at UMBC
Message-ID:
The UMBC Security Technology Research Group presents
A Law-Enforcement Perspective on Encryption Policy
Barry Smith
Supervisory Special Agent, FBI
moderated by journalist Peter Wayner
3:30pm - 5:00pm
Friday, March 6, 1998
Lecture Hall III
University of Maryland, Baltimore County
http://www.cs.umbc.edu/events/spring98/crypto.shtml
The second lecture and discussion in a two-part forum on
encryption policy. Journalist Peter Wayner will introduce
and moderate the event, which is free and open to the
public. In Part I, freedom activist John Gilmore and Fritz
Fielding (Ex-Associate General Councel, NSA) gave their
divergent views, focusing on the Burnstein case.
Barry Smith will articulate the needs of law enforcement to
conduct lawful wiretaps; he will advocate the use of
key-recovery techniques to achieve this end as a way that
provides adequate privacy to law-abiding citizens.
Schedule: The event will begin with a brief (10 minute)
introduction by Peter Wayner. Following Barry Smith's talk,
which will last approximately 45 minutes, there will be an
opportunity to ask questions for approximately 20-30
minutes.
Questions: Attendees are encouraged to ask questions in
advance by sending email to sherman at cs.umbc.edu
Directions: Take Exit #47B off interstate I-95 and follow
signs to UMBC. LH III is in the Administration Building,
adjacent visitor's parking lot near the I-95 entrance to
UMBC.
Host: Dr. Alan T. Sherman
Associate Professor, Computer Science
sherman at cs.umbc.edu
http://www.umbc.edu
(410) 455-2666
This event is held in cooperation with the UMBC
Intellectual Sports Council
Honors College
Phi Beta Kappa honors society
CMSC Council of Majors
IFSM Council of Majors
ACM Student Chapter at UMCP
From jya at pipeline.com Fri Mar 6 06:50:57 1998
From: jya at pipeline.com (John Young)
Date: Fri, 6 Mar 1998 06:50:57 -0800 (PST)
Subject: BXA 97 Report on Encryption
Message-ID: <1.5.4.32.19980306145512.0105b03c@pop.pipeline.com>
BXA issued its 1997 Annual Report on March 4. We've
excerpted the sections on encryption, which summarize
the administration's policy, goals and accomplisments:
http://jya.com/bxa97-encry.htm (43K)
Sample:
In the nine month period from the transfer of commercial
encryption items to Commerce through the end of FY 1997,
BXA has received over 1,000 encryption license applications
valued at more than $500,000,000. Forty companies have
submitted commitment plans which lay out how they will build
and market key recovery products. These companies include
some of the largest software and hardware manufacturers in
the country. BXA has approved 32 of these plans; none have
been rejected. Furthermore, eight companies have submitted
requests for a one-time review of key recovery encryption items
which will facilitate the establishment of a key management
infrastructure (KMI). Four of these products have been approved
for eligibility under License Exception KMI. BXA has also
approved four U.S. entities to serve as their own Key Recovery
agents for these products (i.e. corporate "self-escrow").
From honig at otc.net Fri Mar 6 09:48:28 1998
From: honig at otc.net (David Honig)
Date: Fri, 6 Mar 1998 09:48:28 -0800 (PST)
Subject: Login Tripwire Protocols
In-Reply-To:
Message-ID: <3.0.5.32.19980306093852.007b3200@otc.net>
At 08:38 PM 3/5/98 -0500, andrew fabbro wrote:
>Can you build a reliable login tripwire on a machine where you don't
>have root access and root is likely a malicious character? The answer
>is...maybe! It requires a fairly sophisticated protocol and a lot of
>work...here are three of my ideas that didn't pan out, one that probably
>would, and a lot of caveats. I'd appreciate comments, criticism,
>etc. from other 'punks.
Look up Ross Anderson et al's paper, Programming Satan's Computer, in
which a similarly omnipotent and malicious programming environment is
discussed.
------------------------------------------------------------
David Honig Orbit Technology
honig at otc.net Intaanetto Jigyoubu
"But if we have to use force,
it is because we are America;
we are the indispensable nation."
---Secretary of State Madeleine K. Albright
http://www.jya.com/see-far.htm
From honig at otc.net Fri Mar 6 10:32:47 1998
From: honig at otc.net (David Honig)
Date: Fri, 6 Mar 1998 10:32:47 -0800 (PST)
Subject: UPS to market DIGITAL SIGNATURE AUTHENTICATED DIGITAL DOCUMENT DELIVERY, $5 < $x < $10
Message-ID: <3.0.5.32.19980306103212.007aedd0@otc.net>
http://dailynews.yahoo.com/headlines/technology/wired/story.html?s=n/reuters
/980306/wired/stories/ups_2.html
UPS ships high-tech security along with packages
By Randolph Court
SAN FRANCISCO (Wired) - United Parcel Service stepped into the
secure-electronic-data-transmission business this week, promising to make
online-document delivery as trustworthy and easy to use as a dollar bill
minted by the US Treasury.
"We view ourselves as a trusted third party," said Mark Rhoney, vice
president of marketing for electronic commerce at UPS.
But can UPS shift its focus from shipping cartons into computer bits? Its
move marks a head-on assault at a growing business now handled by much
smaller, specialized high-tech companies. What UPS will offer by the second
quarter of 1998 is an alternative to existing systems offered by lesser
known entities like Entrust Technologies and Network Associates' PGP
division.
Entrust and PGP hawk encryption systems that allow one person to send a
secure data file to someone else with no meddling from any outsiders.
UPS's new service, developed in partnerships with Tumbleweed Software and
NetDox, is based on the idea that a supervisor should be involved in the
process to guarantee the integrity of the information being sent.
Say a lawyer wants to send a contract worth $3 million, but the recipient
decides to tinker with the numbers and knock the figure down to $2.5
million. The situation dissolves to finger pointing, each side saying they
agreed to something different.
With the UPS system, the data that is sent will be digitally fingerprinted
and archived with time stamps and receipts from each party, so there will
be records of whether or not a document has been tampered with.
"The document is digitally notarized and legally binding," said NetDox
spokesman Lee Kallman. If there is a finger-pointing situation, UPS will be
able to prove in court exactly what was sent, by whom, who received it, and
when.
"That's what you don't get with other encryption systems, and that's the
void UPS wants to fill," said Kallman. The service will play a role not
unlike the role a government plays when it guarantees the value of
currency, Kallman said.
UPS will insure the integrity of each document, and the identity of both
sender and receiver, for up to $100,000.
The system is called UPS Document Exchange, and it will offer two levels of
security - Dossier for the strong stuff and Courier for the milder version.
For the most sensitive data, UPS will use a system designed by NetDox that
requires users to download a software client that wraps data - any sort of
digital information, from simple documents to multimedia - in two layers of
encryption, an inner 40-bit layer, and an outer 128-bit layer.
The data is sent to a UPS server where it is unwrapped, and a digital
fingerprint is taken and stored; then it is re-wrapped and sent to its
destination, where the recipient opens it with the NetDox client software.
For less-critical data packages, UPS will use a system designed by
Tumbleweed that encrypts data with a varying number of bits to accommodate
the different encryption levels supported by browsers in different countries.
The encrypted data is then sent to a UPS server, where it is stored at a
128-bit encryption level. The server sends an email message to the
recipient telling him or her the Web address where the data resides and how
it can be accessed via browser with RSA encryption.
---
UPS has been close-mouthed on the question of price, saying only that
delivery will be more expensive than a 32-cent stamp and cheaper than a
traditional overnight delivery.
NetDox has been charging $5.35 for domestic transactions and $10.70 for
international data exchanges, according to Kallman. But it hasn't had much
competition. If the UPS service proves viable and other competitors emerge,
prices could drop precipitously, Kallman said.
News of the UPS service was greeted warmly in some corners of the
encryption industry, and skeptically in others.
"We're very excited to hear that a large company like UPS is rolling out a
broad-based service like this," said Gina Klein Jorasch, director of
enterprise marketing at VeriSign. The company provides digital
certificates, which act like identity cards tying a user's identity to a
public key that enables the encryption process.
---
VeriSign has reason to be hopeful, though. Software clients like the ones
provided by NetDox and Tumbleweed require digital certificates, just like
those provided by VeriSign.
"A deal between VeriSign and UPS is very conceivable," Jorasch said.
Jeff Harell, the product manager for PGP products at computer security
giant Network Associates, quarreled with the fundamental idea of involving
outsiders in the data transmission process.
"Why would a corporate customer want to go to third-party systems?" Harell
asked. "A lot of companies don't want to involve a third party that they
are required to trust." Many companies view their data as too important to
risk exposing to a system with so many junctions and exchange points.
PGP is a proprietary system. Users sending and receiving data must both
have PGP, and their keys can only be provided and verified by PGP.
All of this is new in the traditional package delivery industry, but not
unexpected.
"Now that the Web has become so ubiquitous, this strikes me as something
that UPS and the other delivery companies needed to do," said Rita Knox, an
industry analyst with the Gartner Group.
"This is a pretty compelling service," Knox added. "It's available 24/7 and
it's virtually instantaneous."
Federal Express, after a failed attempt to introduce an electronic service
in the early 1980s, ended up setting a standard in the industry in 1995
when it launched a self-service ordering and tracking system on the Web.
Similar services have since been adopted by UPS and Airborne Express, among
other competitors. Analysts are looking ahead to the possibility of UPS's
online delivery service becoming an industry must-have if it proves
successful.
"I definitely anticipate another domino effect if UPS has any success with
this at all," said Michael Sullivan-Trainer of International Data Corp.
"All it takes is one competitor to introduce a new software innovation and
it changes industry dynamics."
------------------------------------------------------------
David Honig Orbit Technology
honig at otc.net Intaanetto Jigyoubu
"But if we have to use force,
it is because we are America;
we are the indispensable nation."
---Secretary of State Madeleine K. Albright
http://www.jya.com/see-far.htm
From honig at otc.net Fri Mar 6 12:16:25 1998
From: honig at otc.net (David Honig)
Date: Fri, 6 Mar 1998 12:16:25 -0800 (PST)
Subject: No Subject
Message-ID: <3.0.5.32.19980306121618.007b7a10@otc.net>
Politicians still think they're relevant...
Given that this bill passed 414-1, it'll likely be US law soon.
Does this mean that law enforcement will now need a judicial wiretap order
to go scanning for evidence to get a warrant?
http://dailynews.yahoo.com/headlines/technology/story.html?s=n/reuters/98030
6/tech/stories/privacy_1.html
Friday March 6 10:33 AM EST
House Passes Wireless Privacy Bill
WASHINGTON (Reuters) - In a bid to protect privacy for cellphone or
digital calls, the House Thursday voted
414-1 to make intercepting such phone conversations illegal.
The Wireless Privacy Enhancement Act makes clear that the act of
interception -- whether or not the call is later
divulged or disseminated in any way -- is against the law.
It bans modification of scanners that are now on the market that can
easily pick up calls made on cell phones, and
prevents a market for new scanners capable of intercepting digital
communications.
The bill, which the Senate has not yet acted on, increases penalties for
intercepting or divulging private
communications, making them subject to a $2,000 fine and six months in
jail. Earlier laws had not treated such
interceptions as serious offenses if they were not used for financial gain.
Although the bill had broad bipartisan support, it was a particular
favorite of Republicans, who were furious after a
December 1996 cellphone conversation involving House Speaker Newt Gingrich
and fellow Republican leaders
was taped by a Florida couple. House Republicans have alleged that
Washington Democratic Rep. Jim
McDermott then leaked it.
McDermott -- who voted for the wireless privacy act -- has not publicly
commented on those allegations.
Ohio Republican Rep. John Boehner, who was using a cellphone in his wife's
car in that conversation with
Gingrich, enthusiastically backed the bill. "Our message should be plain
and simple," he said. "If you violate
someone's privacy, you are not creating idle mischief, you are breaking
the law and of the land and you will be
brought to justice."
Roughly 50 million Americans use some kind of new mobile electronic
communications services, according to the
bill's sponsors.
The sole vote against the bill came from Ron Paul, a Texas Republican. He
was not immediately available for
comment.
------------------------------------------------------------
David Honig Orbit Technology
honig at otc.net Intaanetto Jigyoubu
If you start now, the year 2038 problem might be tractable.
From Eng500 at aol.com Fri Mar 6 14:58:39 1998
From: Eng500 at aol.com (Eng500)
Date: Fri, 6 Mar 1998 14:58:39 -0800 (PST)
Subject: Hoo ha!
Message-ID: <9acb3179.34f6af5d@aol.com>
Hi. Check out the #1 best site on the web! You wont regret it!
http://152.163.233.31/dcja1
or click here!
From die at die.com Fri Mar 6 20:09:59 1998
From: die at die.com (Dave Emery)
Date: Fri, 6 Mar 1998 20:09:59 -0800 (PST)
Subject: Crypto as contraband
Message-ID: <19980306231001.53809@die.com>
Subject: Re: [LEGAL] Crypto as Contraband?
Reply-To: die at die.com
References:
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.85
In-Reply-To: ; from Tim May on Fri, Mar 06, 1998 at 06:20:39PM -0800
On Fri, Mar 06, 1998 at 06:20:39PM -0800, Tim May wrote:
>
> (Even with guns, in the U.S., there have historically been
> "grandfatherings" of existing guns. Not always, as with certain machine
> guns. And not with gold, which was declared contraband by the Reichsfuhrer
> in 1933.)
>
> Could possession of PGP be still legal, but _use_ declared illegal?
>
> (Not addressing the First Amendment issues, which are even stronger, but
> just the issue of retroactive contrabanding of something which was acquired
> legally, and by hundreds of thousands of law-abiding citizens.)
>
The House has just done this yesterday as mentioned in several
items posted to this very list:
From HR2369, the Wireless Communications Privacy Enchancement Act
of 1998, passed by the House 414 to 1....
"(4) Any person who manufactures, assembles, modifies, imports, exports,
sells, or distributes any electronic, mechanical, or other device or
equipment, knowing or having reason to know that the device or equipment ..."
.... clause concerning satellite piracy gear omited .....
" , or is intended for any receipt, interception, divulgence, publication, or
utilization of any communication in violation of subsection (a), shall
be fined not more than $500,000 for each violation, or imprisoned for
not more than 5 years for each violation, or both. For purposes of all
penalties and remedies established for violations of this paragraph, the
prohibited activity established herein as it applies to each such device
shall be deemed a separate violation."
Subsection a:
" ....... No person not being authorized by the sender shall
intentionally intercept any radio communication *or* divulge or publish
the existence, contents, substance, purport, effect, or meaning of such
intercepted communication to any person..........."
[note that *and* was changed by this bill to *or*, making interception
itself criminal]
The only exception being :
"Nothing in this subsection prohibits an interception or disclosure of a
communication as authorized by chapter 119 of title 18, United States
Code."
[which covers broadcast, ham, marine, aviation. governmental,
and communications readily accessible to the general public, whatever
that means]
While this doesn't exactly retroactively ban *possession* of
radio gear capable of intercepting banned radio communications, it
provides extremely stiff felony level penalties for manufacturing,
assembling, modifying, importing, exporting, selling, or distributing
any radio receiving gear that might be construed to be intended for
receipt or interception of any radio communications not on the allowed
list. And these penalties apply to each individual sale.
Thus selling an old scanner at a Saturday morning hamfest to a
stranger for cash - a scanner legally purchased from Radio Shack in the
era before cell phone frequencies were outlawed on scanners - could
conceivably result in a $500,000 fine and a five year jail term. And
Lord knows what horrible penalties could be assessed against innocent
people selling the sort of oddball specialized communications gear and
test equipment that are the stock in trade of many of the more
interesting ham fests and swapmeets [MIT's monthly fleas for example].
Perhaps such informal personal sales will never be prosecuted,
but most sales of gear at hamfests and the like are anonymous cash
transactions between total strangers with every possiblity that the guy a
table over with the video camera is filming your sale for evidence.
And for those who like to hack, tinkering quietly in their
basements with communications monitoring and decoding software and
hardware, manufacture and assembly have been defined in other federal
cases to include merely writing software for one's own use. Surely this
would apply to creating cryptanalysis software for any form of radio
communications at all, since it is not legal to intercept any radio
communications that are "scrambled or encrypted". And there is no
exception made for research and development or academic purposes.
So yes, they have done at least as bad a thing to people who
merely want to tinker with their radios and occasionally explore what is
out there in the ether by passively and in private receiving radio
signals as they have to gun owners, who at least possess a weapon
capable of doing some serious harm. And there is not a single sentance
in the legislation providing any kind of encouragement for the use of
cryptography to protect the privacy of openly broadcast signals
receivable for miles around, let alone mandating it.
--
Dave Emery N1PRE, die at die.com DIE Consulting, Weston, Mass.
PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
From 96866514 at mci.net Fri Mar 6 21:37:49 1998
From: 96866514 at mci.net (96866514 at mci.net)
Date: Fri, 6 Mar 1998 21:37:49 -0800 (PST)
Subject: Expose your Website or Business To Millions With Stealth !!!!
Message-ID: <>