Slashdot Mirror

I'm pretty sure that if they gave this order under the guise of deterring "terrorism" it's pretty much in vain, in that more valuable intel is already available in the public domain, weaknesses in any event should be known, just as code audits are released in the public domain. I can think of 1 site off the top of my head that is pretty big on releasing "Eye-Ball-Series" on industrial, government, and public facilities

Liberty Victoria is the aussie's version of Amerika's ACLU, I've always envisioned AU's law as pretty right on and have taken a liking to most of their politics (with the steady decline of my countries) altho this seem just to be some unrelated bullying more than an overt government policy to prevent terrorism.

On a completely unrelated side note, I heard from a friend of mine in AU said that the Adelaide Museum director said they couldn't seel the $200,000 AUS valued whale vomit ball as under federal law it's part of a whale and therefore protected. She also went on to say that they could donate the item to the Adelaide Museum for display indefinately.

ITYM the US Signals Intelligence Directive. Its only partly secret, its legal and its not morally imperative, just expedient.

Ya' know, answering an Anonymous Coward is one of the stupidist things one can do, but for anyone who comes after and wonders what this anonymous "but oh so wise" coward is spouting about:

http://cryptome.org/nsa-ussid18.htm

Yes, it is possible to duplicate a fingerprint -- story made Slashdot about two years ago.

Essentially just take a photocopy of a fingerprint, make a mask for a printed circuit board from that, etch to give you a mould, and use gelatin or similar to make a cast. The advantage of gelatin over latex is that you can eat the evidence ;-)

The details can be found in this paper.

They were getting aanywhere from 70% to 100% success rate on typical fingerprint scanners, depending on the scanner.

A google search for "fingerprint scanner mould gelatin" (no quotes) turns up a ton of other articles.

>This downloads a 60MB video. No idea what it is yet.

It's from here:

http://cryptome.org/cryptout.htm
BSVHR Hi-Rez Baghdad Sniper Video (67MB)

Here's The relevant 60 minutes transcript in talking about Echelon.

I trust you'll be happier with cryptome as a source.

I remember having the same kinds of discussions around Echelon way back when, so it was hardly a surprise that an Echelon program is sitll in place today. Pretty funny that people are so up in arms about this as it's been happening for decades, though with more oversight today than it seems there was in the past.

How do you expect intelligence agencies to gather intelligence? Magic mirrors? "Mirror Mirror on the wall, show me who's the most terrorific of all!".

Think this will help?

http://cryptome.org/phmsa011706.txt
"SUMMARY: PHMSA is issuing this advisory bulletin to pipeline operators
to reinforce the need for safe excavation practices and recommend that
pipeline operators integrate the Operator Qualification regulations
into their marking, trenching, and backfilling operations to prevent
excavation damage mishaps."

Don't think so. Gas pipelines are also subject to this damage from backhoe operators - normally the backhoe operated hired by the pipeline operator. This is a non-US phenomenom - in Australia here and it happens far too frequently.

On a related note, the interesting intelligence (and somewhat tech-related) site:

http://www.cryptome.org/

now has a sister site dealing specifically with Chinese suppression, at:

http://www.cryptome.cn/

CIA & NSA on ECHELON

ECHELON: America's Secret Global Surveillance Network

The answer to the mystery of the NSA snooping scandal - why did they break the law when it was so ludicrously easy to get FISA warrants? - appears to be developing: they weren't just wiretapping, they were data mining. They were using Echelon to 'Able Danger' the whole country (this is Poindexter's Total Information Awareness, which is supposedly dead, in action). The problem is that FISA was enacted prior to the current capability for data mining, and didn't anticipate how ubiquitous it could be. The reason they couldn't use FISA is that they would have had to obtain a FISA warrant for every person in the country. Data mining requires that you follow each link discovered by your snooping, and wouldn't work if it had to be subjected to FISA or the Constitution. The NYT article, now being spun as resisted by the Bush Administration (as if the NYT would publish anything without Rove's say-so), appears to itself be part of the spinning, a limited hang-out to cover up the bigger scandal.

How about the /. crowd reads the full report commissioned by EPIC from Duncan Campbell. It's not a wiretap when the NSA has direct links into the main routing junctions that move traffic in and out of the US.

http://cryptome.org/sigint-hr-dc.htm

It's a shame that NSA is no longer bound by http://cryptome.org/nsa-ussid18.htm
As it was the last safety net those of us who like freedom.

Bush followed all the applicable laws, and members of congress knew about it. I don't see what the problem is.

It represents a significant change in policy. The relevant directive, to which this more recent policy represents a significant change, is United States Signals Intelligence Directive 18. That document makes for interesting reading. While chunks have been redacted the important point is that, according to that document, the NSA took the fourth amendment very seriously and had tight regulations as to exactly what conditions needed to be met before any interception of communications from anyone inside the US can occur. Given that, any weakening of this policy, such as what has been reported, potentially conflicts with the fourth amendment and would thus be unconstitutional.

Jedidiah.

The Gummi Finger articles previously mentioned on Slashdot covered that technique. They succeeded in faking out fingerprint scanners with a gelatin cover placed over a real finger, easily used surreptitously.

Take a look at http://cryptome.org/fake-prints.htm for examples of how the technique is done. Basically fingerprint scanners are like the US airport guards. They make people feel more secure and help prevent casual attack, but they're not good enough to provide genuine security from an even slightly clever attacker.

Cryptome offers a free DVD (190MB) of this collection to public and .edu libraries which do not have access to the Associated Press archive. Send requests to jya[at]cryptome.net.

Please don't link to these images from bulletin boards, which has led to their previous withdrawal.

Send bad links to info[at]iraq-kill-maim.org

A Cryptome site.

iraq-kill47.htm + Iraq Kill and Maim 10Dec05 December 10, 2005

kid-kill-01.htm + Eyeballing Kid Kill and Maim in Iraq November 26, 2005

iraq-3weeks.htm + Eyeballing Three Weeks of Iraq Slaughter November 24, 2005

buhriz-kill01.htm + Eyeballing the Buhriz Body Count June 19, 2005

iraq-kill46.htm + Eyeballing the Iraq Kill and Maim Zone 11Apr05 April 11, 2005

afghan-kill01.htm + Eyeballing the Afghan Kill and Maim Zone 2Apr05 April 2, 2005

iraq-kill45.htm + Eyeballing the Iraq Kill and Maim Zone 22Mar05 March 22, 2005

iraq-kill44.htm + Eyeballing the Iraq Kill and Maim Zone 20Mar05 March 20, 2005

iraq-kill43.htm + Eyeballing the Iraq Kill and Maim Zone 11Mar05 March 11, 2005

iraq-kill42.htm + Eyeballing the Iraq Kill and Maim Zone 10Mar05 March 10, 2005

iraq-kill41.htm + Eyeballing the Iraq Kill and Maim Zone 9Mar05 March 9, 2005

iraq-kill40.htm + Eyeballing the Iraq Kill and Maim Zone 8Mar05 March 8, 2005

iraq-kill39.htm + Eyeballing the Iraq Kill and Maim Zone 24Feb05 February 24, 2005

iraq-kill38.htm + Eyeballing the Ramadi Kill Zone 21Feb05 February 21, 2005

iraq-kill37.htm + Eyeballing the Ramadi Kill Zone - 2004 February 21, 2005

iraq-kill36.htm + Eyeballing the Iraq Kill and Maim Zone 18Feb05 February 18, 2005

dead-gallery.htm + Gallery of US Military Dead During Iraq War February 13, 2005

iraq-kill35.htm + Eyeballing the Iraq Kill and Maim Zone 12Feb05 February 12, 2005

iraq-kill34.htm + Eyeballing the Iraq Kill and Maim Zone 9Feb05 February 9, 2005

iraq-kill33.htm

China has openly stated the intention of using the Internet to try and cripple our economy should we go to war with them. We have to assume many of the same tactics outlined in the linked document are being adopted and developed by other militaries as well. For our government not to be investigating and preparing on this front would be suicidal.

Again, as with a poster above, the article is specifically referring to airline travel, so I construe any comments regarding "travel" to refer to airline travel. Other forms of transportation aren't relevant in this context.

And I think it misses the point, anyway, to bring up forms of travel that don't (yet) require an ID - if the US government can mandate it for airlines, even if it was against the wishes of the airline, then they could mandate it for any form of transportation. Should we not be concerned about the CDC wanting records for air travelers just because they haven't asked for records for train and bus travelers yet? When exactly would you like to worry? After legal precedent has been set?

Also, if you think the airlines are the ones who want to see your ID, you should read (a) TFA, where you will see that the CDC is trying to mandate information collection by *law*, regardless of the airlines' view on the matter, and (b) transcripts from some of the hearings for John Gilmore (like this one: http://cryptome.org/gilmore-v-usa-ht1.htm) where the airlines essentially argue that they can't be held liable for requiring ID because the government requires it of them.

Yes, you can be denied travel for not having an address, etc. No address or contact info will almost certainly result in no government issued ID. No government issued ID, no travel.

For more details, see:
      http://cryptome.org/freetotravel.htm

Even better - I want to see a working (or disproven) tempest device! Theres a bit of a challenging myth!

Nice straw mannery. There's been oceans of press coverage of Iraq and Bin Laden, nobody here's complaining. But this isn't a war blog, this is a nerd blog. The other corporate crimes you've just mentioned warrant attention, certainly, but they're mostly outwith our area of specialisation, and should be discussed elsewhere.

Anyhoo, earlier you were complaining that there should be more coverage of the crimes of SCO and Microsoft. Surely Iraq and bin Laden takes precedence over them too.

Oh, and DRM IS a serious affair - while Sony is using it to infect everyone's PC with Trojans over some junk CDs, a British Newspaper Journalist has used Windows DRM and threatened copyright law to prevent information leaking to the public over an interview with someone who was either an IRA terrorist, or a spy in the IRA working for British Army terrorists.

See here for more details on the sort of thing DRM will be used for in future.

Tin foil hats? No, no, no. Bush is controlled by a transmitter.

Electronic Passport RFIDs will hold 64 KB. That would take a lot of barcodes.

The ICAO specification for use of contactless chip technology requires a minimum capacity of 32 kilobytes (KB). The U.S. has decided to use a 64KB chip to permit adequate storage room in case additional data, or biometric indicators such as fingerprints or iris scans, are included in the future. Before modifying the definition of ``electronic passport'' to add a new or additional biometric identifier other than a digitized photograph, we will seek public comment through a new rule making process.

Source

> I'm not comfortable with handing over my entire browsing history to a third party.

Which ISP(s) do you use? Are you satisfied that no-one who works there is dodgy?

http://cryptome.org/audio-spy.htm

GWB is not finished yet. He could still kill eleven billion of us before he is through, far surpassing Hitler and Stalin and all previous tyrants.

Cindy Sheehan is our last great hope to stop the madman in the White House and all his indicted and not-yet-indicted fellow Republican evildoers -- Tom Delay, Scooter Libby -- and the list goes on; Heaven help us.

Goodness! You'd better tell the State Department that. They certainly seem to think that it's RFID. It's not their fault; NIST told them. I'm sure they'll be eager to hear from an expert like you.

Quite interesting what kind of patents they have for example "US05224756 Integrated child seat for vehicle". I bet James Bond never had that one! Full list of patents: http://cryptome.org/nsa-patents.htm

Because, by law the Federal Governement can not hold copyrights. I'm pretty sure they can't get a trademark or patent either.

Examples:

• The federal government copyright the material it produces, but it can certainly own copyrighted material.
• FirstGov is a registered trademark of the US General Services Administration, Registration Number 2490938, Serial Number 7800477.
• Some NSA Patents for you. Heck, the NSA can not only patent, but it can keep the patent secret until someone else tries to patent it.

The wire should be mandatory TV for everyone.

Ofcourse watching freeman go undercover as a phreaker was cool. But season three also showed the more common trick for getting phone serial numbers, telephone numbers or card numbers of prepaid phones. Just look at the criminal when he makes a phone call and look at which phones are active in the cell he is in at that moment.

In GSM networks this is done using a man in the middle attack to downgrade the encryption. The device used is called an imsi catcher.

What makes the wire diffrend from other cop shows (besides the use of actors and a sane time/storyline ratio) is that it play close attention to the politics of everything including this. In season three the DA gets mad at a mobile phone operator for not being able to identify its customers. She accuses him of knowingly and probably intentionaly aiding criminals. Becouse the ideas in the script come from cops the show doesn`t mention the fierce competion to sell the easiest to use phone and the thousand of european kids who got themselfs into huge depts by spending to many hours on their mobile without knowing the price.

And this perfectly illustrated the problem with "lawfull interception" today.

Becouse historly law enforcement organisations where once able to listen in on analogue networks they now see it as their right to listen in on communication to the point where they push standard bodies into including "lawfull interception" capability into everything they develop. Then they outsourced their development of equipment to israely companies that are part of the israely intelligence structure. If they hadn`t by now they would have the technical know-how to figure out that ultimatly the choice on wheither a third party`s can listen rest with the people who buy phones. They can alway buy crypto phones and with enough cash they can always route their traffic through places law enforcement agencies didn`t even know excisted to mask their identity.

I beg to differ

http://cryptome.org/mi6-list4.htm

Really Slashdot? How interesting. I wonder when the next review is due... Right now? Ya don't say! And comments are due by Dec 1, 2005!? Well fancy that. Certainly some kind souls out there must have submitted this information as a story. I wonder why we aren't reading about it? Ahhh, door handles of the future, I see. That's much more important. THAT is 'stuff that matters' I tell ya. Well, if anyone is still interested after reading about said door handles... here are some other interesting links regarding the DMCA anti-circumvention provisions:

• Lexmark brings DMCA lawsuit against SCC for refilling Lexmark printer cartridges.
• SCC brings lawsuit against ISV for refilling Lexmark printer cartidges after beating the same rap itself in the Lexmark case.
• Makers of universal garage door remotes slapped with DMCA lawsuit.
• Robot dog modders threated with DMCA.
• Mobile phone services stifling competition with DMCA.

Hmm... looks like the DMCA is being used to make lawyers rich and stomp on innovation and competition. And to think, I thought copyright was about 'promoting progress.' Silly me.

No chilling effects? How much money did that Lexmark case cost Static Control? Could you personally afford to fight Lexmark in court? No, I didn't think so. So you think DMCA precedent was set in the Lexmark v. SCC case? Then why is SCC now suing ISV for doing the exact same thing? Here's a clue, the law is a sham. It forces out smaller players who can stand up to hundreds of thousands of dollars in court costs. THAT is a chilling effect on innovation and Rick Boucher is on of the few people on the hill I don't consider to be an absolute slime ball.

The Library of Congress is soliciting feedback on the DMCA's anti-circumvention provisions again. Without doubt, they have heard it all before, but with this particular piece of legislation, the complaints bear repeating. Since that time, the DMCA anti-circumvention clauses have been used against manufacturers of garage door openers, against owners of robot dogs, and to stifle competition in the mobile phone service market just to name a few. You have until December 1, 2005 to submit your written comments.

The Library of Congress is soliciting feedback on the DMCA's anti-circumvention provisions again. Without doubt, they have heard it all before, but with this particular piece of legislation, the complaints bear repeating. Since that time, the DMCA anti-circumvention clauses have been used against manufacturers of of printer cartridges and garage door openers, against owners of robot dogs and to stifle competition in the mobile phone service market just to name a few. You have until December 1, 2005 to submit your written comments, so hop to it.

One wonders how secure this is after seeing how relatively simple it is to create a fingerprint mold from nothing more than a residual fingerprint.

The information in credit card magnetic strips can be copied, but the person copying the credit card must at least have physical access (even if only temporarily) to the card in order to make a copy. Using fingerprints, however, is like writing down your PIN on everything you've touched...

Oh, and if you haven't read The Futility of Digital Copy Prevention, do so now. It's short and clarfies why DRM is really just an infringement on our fair use rights.

Digital files cannot be made uncopyable, any more than water can be made not wet. -Bruce Schneier

I don't know where you people get these wacky ideas. EMP is a myth, propagated by science fiction and kept alive by idiots like yourself.

Let's start out with:

The existence of the electromagnetic pulse has been known since the 1940's when nuclear weapons were being developed and tested. However, because of lack of data, the effects of an EMP were not fully known until 1962. At this time, the United States was conducting a series of high-altitude atmospheric tests, code named "Fishbowl." The nuclear explosion, "Starfish Prime," which was detonated in the Pacific Ocean 800 miles from Hawaii, caused an EMP that disrupted radio stations and electrical equipment throughout Hawaii. Consequently, in 1963, the United States and the Soviet Union signed the Atmospheric Test Ban Treaty to counter the considerable threat posed by EMPs. Unfortunately, the destructive potential of an EMP increases everyday as society becomes evermore technological because of an escalating dependence on electronics.

Don't forget to review the US Army Corps of Engineers.

You can google and wiki more on your own.

Commercial involvment (willing or not) with spying for nation states is alive and well. I know nothing on the topic, but would be very surprised if Microsoft hasn't at least talked to someone from a TLA.

The Btitish were doing this in 1956. "1956 British intelligence breaks ciphers of Egyptian Hagelin machine(London) by detecting clatters through phone bug in Operation Engulf." http://cryptome.org/tempest-time.htm Of course, this new paper shows how to automate and speed it up a lot!

The article says the undisclosed location VP Cheney goes to remains secret. Actually his cover was blown a couple years ago. It's Site R.

You will also want to check out Cracking DES the story of our building the real DES cracker, the machine on its own that was able to crack DES in just a couple of days, demonstrating finally that DES was not secure.

We also have a page about Cracking DES

Don't forget to encrypt your VM if you're running 10.4. Even with all this going for you though, you're screwed if you use a weak password, or an app writes something important to /private/var/tmp/folders."UID"/TemporaryItems/ or some other location outside the home folder. At least, to my knowledge, no one has found a reference to some NSA_Key in OS X yet.

• Find some kind of alternate method of digital rights management (Street_Performer_Protocol is an example)
• Infringe upon people's rights to memory and expression (unjust, I'm willing to argue, but it's the route we're currently walking down)
• Some other option?

Or you can see it here :)

This was published on http://www.cryptome.org/ a while back. It's an Air Force space command newsletter all about the rationale behind developing this technology.

(WARNING: large PDF)

http://www.peterson.af.mil/hqafspc/news/images/Jou rnalWinter05Web.pdf

cryptome.org got hit with the cease and desist.

But it doesn't look like they complied? http://cryptome.org/lynn-cisco.pdf

Never mind that, check out this:

http://cryptome.org/fcc080505.htm

FCC Requires Certain Broadband and VoIP Providers to Accommodate Wiretaps
Order Strikes Balance Between Law Enforcement, Innovation

Washington, D.C. - Responding to a petition from the Department of Justice, the Federal Bureau of Investigation, and the Drug Enforcement Agency, the Commission determined that providers of certain broadband and interconnected voice over Internet Protocol (VoIP) services must be prepared to accommodate law enforcement wiretaps, the Federal Communications Commission ruled today.

I too would look for a new ISP if I were a customer. I'd encourage any Rackspace customer to Boycott them.

Show them the true meaning of having extra RACK-SPACE

Cisco Web Site Hacked 3:18 PM

According to an article at ZDNet, Cisco's web site has been hacked and they are advising users to change their passwords. As someone who was at Ciscogate (Michael Lynn's Blackhat presentation) I can not go without wondering if this event is related. Lynn stated in his presentation last week that the older IOS archives were removed from the download site due to his research. That begs the question, did someone hack Cisco's site in an attempt to get at those versions of IOS? BTW, if you are still looking for the orginal presentation this previous slashdot story mentions an article at Wired, which has a link to lynn-cisco.pdf

You can get your copy lynne-cisco.zip from cryptome.org.

Also, you can get the original lynn slides at http://cryptome.org/lynn-cisco.zip.

Is that your excuse for occupying Iraq? Sometimes our country's soldiers have to pay for your misguided aggression. They don't deserve that. You, like Karl Rove, deserve a prison cell.