I find it odd that the Israeli's are developing this, due to their history with blind Arab hackers.
No. Really.
Israeli prosecutors say Munther and Muzhir Badir, two young and mischievous
Israeli Arab brothers, managed to tap into an Israeli Defense Force
radio-station switchboard last year and make international phone calls.
Piercing such sensitive networks would seem to be an achievement for two
members of Israel's marginalized Arab community - especially since the
brothers, who aren't college-educated, have been blind since birth. Even
prosecutor Doron Porat calls Munther Badir, the alleged "cybercrime"
ringleader who prosecutors say had other accomplices, a "genius... who has
clearly overcome this disability."
http://www.infowar.com/hacker/99/hack_102199b_j. sh tml
[Bet y'all didn't see this coming, say, five years ago. --Declan]
It's certainly a new (is that, gnu?) world out there. This does raise, however, further questions about PGP-via-NAI's security and lack of governmental collusion. One wonders if the talks leading up to this were what spurred Zimmerman to leave to focus on OpenPGP?
you obviously didn't read the entire RFC, they have to be carrier pigeons, you can't just grab some birds outa the park and hope to set up a wireless avian carrier network!!
elite spoof, my friend. Even did the URL up nice and pretty with the decimaled IP format.
[Offtopic] those style of spoofs are gonna get real dangerous, real fast[/offtopic]
As for Mir collectibles: titanium balls? I get yer titanium balls right'chere. (c'mon, it had to be said.)
Um, anyone read the Rainbow series lately??
on
NSA Inside?
·
· Score: 2
Gov't applications kinda have to implement some serious access controls. Read your orange book, guys.
The end result of this may just be a B-level certified Linux kernel, which would rock the house, and WinNT's C2 certification level (which, mind you, is useless--it's a certification for computers disconnected from a network)
There are lots of Class 1 certs (search under Option 2 for Microsoft) issued under the OU 'Microsoft' that are obviously invalid. Class 1 certs are only email-verified, so, it's certainly a caveat emptor world with Class 1s...
Anyone have any lead on the certs we should be avoiding? Are they on their CRL (even though codesigning wisely (cough) doesn't check the CRL)?
Contact the RIAA I sent them:
"
I read your petition to the Copyright office requesting that streaming music not require royalty payments to the artists.
I find this unfathomably hypocritical, after your lawsuits against MP3.com and Napster, Inc.
I will never buy another CD from an RIAA-associated artist or label for myself or as a gift until such time as the RIAA mends its ways, supports its artists and embraces the advantages of digital distribution with proceeds from tours.
Learn from history. Read Jack Valenti's arguments against Betamax, and notice the Blockbuster video rental store(s) on your commute home. I don't think the video industry was ruined.
"
I can guarantee that the entire set of CDDB files, while they might all be copyrighted due to inherent copyrights by artists and their creations, the set of music which is copyrighted is NOT the same as the set of music the RIAA has a right to control.
I know many local bands here in Austin who WANT their music on Napster. In fact, I've been explicitly asked to share it. I also inserted their files into CDDB (this was before they went all evil on us, mind you, which reminds me, I need to resubmit to the friendlier, open versions).
...as it is being made out to be.
This will only fully hijack unencrypted transmissions, and only if the hacker can predict the ISN sequence. It's made easier if the seed isn't random, but it's a long way from being a major threat, and it's not an unknown threat--many TCP/IP stack implementations are not vulnerable.
2000 donations by TV/movies/music combined. -- over 100% increase since the 96 presedential election. The entertainment industry is ranked 8 in amount contributed to elections across ALL industries.
Time Warner, Seagram and Sons, and Disney leading the pack.
You can also look up individual investors. Jack Valenti (MPAA) knows which side of the bread to butter--ALL of them, donating equally to Gore, Bush, and McCain. His congressional donations are...interesting.
Hilary Rosen actually has a decent donation list. She gave Hatch 1000, but then took it back (apparently) and donated a decent chuck to a pro-choice group.
They've taken aim square at their foot, and pulled the trigger. Let's see what happens as they shut napster, opennap clones, and other servers down, and piss off not just us geeks who will grumblingly return to FTP servers and ratios or guntella/freenet/mojonation/etc., but the millions of Joe Sixpacks who got highspeed access just for napster.
The RIAA is pissing off a huge portion of their fan base. They can see the impact on their bottom line when sales decrease after napster is gone.
is equal to when I go buy ZeroKnowledge or full anonymizer services, less five minutes. Frankly, I'd be surprised if there isn't some of that already going on (naturally, NetZero and the like, but I mean normal, paid ISPs)
Companies with negative profits can't use.com, they have to use the inverse,.moc , and we can call it, 'being mocked'. Kinda like delisting, but more prevalent, variable, and hellish on routing!
Of course, police never aim for the eyes with non-lethal weaponry. Didn't just happen this week in Austin, possibly partially blinding a bystander with his arms raised in the air. nope. right?
Um, no accounting for Blowfish (used in hushmail) or TwoFish (NIST finalist for the AES standard, beating out 12 other algorithms from luminaries such as RSA). Don't forget Solitaire, either.
It occurs to me that this method of key distribution is ill-thought out. While it is true that capturing the entire stream is impracticle in terms of storage, it's also unnecessary.
*traffic analysis will quickly reveal times of day/night that your targets are exchanging messages
*Depending on the protocol, if both parties have to be communicating in realtime, it's trivially easy to watch the traffic and see the channel being set up and capture the correct OTP bitstream.
*target parties must still communicate when to start using the stream--the OTP crypto here is only as strong as this link, which could rely on repetition or an algorithm for time-to-start, other encryption (which changes 'unbreakable' to 'impractical-like-breaking-RSA'), and can be determined by power analysis (Alice always flips on her sat. dish at 9:05:43...)
*MitM -- how is the bitstream authorized? Who would notice if some TLA changed it from a highly-random algorith to a deduceable algorithm?
*EVEN IF none of these work, storage remains cheap. write the bitstream--or, chunks of 5 characters of the bitstream, wait 5, store 5 more, etc.--to a tape.
OTPs remain very difficult to use and use correctly. This is nice, but it's not going to magically solve our problems.
Contact the ACLU, or the national library association that is bringing suit against the forced use of censorware. You and your friends are ideal poster children (sorry for the term, you know what I mean) for the cause. Just remember to read all the/. and peacefire stories on the stupidities of censorware before getting up on the witness stand, 'k?
Are you making the distinction between deterministic and non-deterministic functions? Just asking.
As for quantum encryption, there are still problems. The MitM factor becomes very serious in quantum key exchange. But if you can get around that, it's possibly provable.
All those itanium satellites have found a new role as the suicide bombers of the 21st century. We'll just start changing their orbits to collide with enemy sats (or de-orbiting them into the enemey's nation...)
(that's not supposed to be serious. I'm sure the future will prove it otherwise)
Slashdot Mirror
No. Really.
[Bet y'all didn't see this coming, say, five years ago. --Declan]
It's certainly a new (is that, gnu?) world out there. This does raise, however, further questions about PGP-via-NAI's security and lack of governmental collusion. One wonders if the talks leading up to this were what spurred Zimmerman to leave to focus on OpenPGP?
you obviously didn't read the entire RFC, they have to be carrier pigeons, you can't just grab some birds outa the park and hope to set up a wireless avian carrier network!!
one is good. two is OK. A day of mediocre april fool's jokes is NOT OK.
I, for one, was really depressed by the lackluster April 1 RFC this year. I much prefer IP over Avian Carriers.
*sigh*
In the new millennium, there will be no good humor...
elite spoof, my friend. Even did the URL up nice and pretty with the decimaled IP format.
[Offtopic] those style of spoofs are gonna get real dangerous, real fast[/offtopic]
As for Mir collectibles: titanium balls? I get yer titanium balls right'chere. (c'mon, it had to be said.)
Gov't applications kinda have to implement some serious access controls. Read your orange book, guys.
The end result of this may just be a B-level certified Linux kernel, which would rock the house, and WinNT's C2 certification level (which, mind you, is useless--it's a certification for computers disconnected from a network)
There are lots of Class 1 certs (search under Option 2 for Microsoft) issued under the OU 'Microsoft' that are obviously invalid. Class 1 certs are only email-verified, so, it's certainly a caveat emptor world with Class 1s...
Anyone have any lead on the certs we should be avoiding? Are they on their CRL (even though codesigning wisely (cough) doesn't check the CRL)?
Contact the RIAA
I sent them:
"
I read your petition to the Copyright office requesting that streaming music not require royalty payments to the artists.
I find this unfathomably hypocritical, after your lawsuits against MP3.com and Napster, Inc.
I will never buy another CD from an RIAA-associated artist or label for myself or as a gift until such time as the RIAA mends its ways, supports its artists and embraces the advantages of digital distribution with proceeds from tours.
Learn from history. Read Jack Valenti's arguments against Betamax, and notice the Blockbuster video rental store(s) on your commute home. I don't think the video industry was ruined.
"
I can guarantee that the entire set of CDDB files, while they might all be copyrighted due to inherent copyrights by artists and their creations, the set of music which is copyrighted is NOT the same as the set of music the RIAA has a right to control.
I know many local bands here in Austin who WANT their music on Napster. In fact, I've been explicitly asked to share it. I also inserted their files into CDDB (this was before they went all evil on us, mind you, which reminds me, I need to resubmit to the friendlier, open versions).
I feel doubly betrayed.
...as it is being made out to be.
This will only fully hijack unencrypted transmissions, and only if the hacker can predict the ISN sequence. It's made easier if the seed isn't random, but it's a long way from being a major threat, and it's not an unknown threat--many TCP/IP stack implementations are not vulnerable.
How about just open secrets?
The RIAA's 98 lobbying moneys
2000 donations by TV/movies/music combined. -- over 100% increase since the 96 presedential election. The entertainment industry is ranked 8 in amount contributed to elections across ALL industries.
Time Warner, Seagram and Sons, and Disney leading the pack.
You can also look up individual investors. Jack Valenti (MPAA) knows which side of the bread to butter--ALL of them, donating equally to Gore, Bush, and McCain. His congressional donations are...interesting.
Hilary Rosen actually has a decent donation list. She gave Hatch 1000, but then took it back (apparently) and donated a decent chuck to a pro-choice group.
They've taken aim square at their foot, and pulled the trigger. Let's see what happens as they shut napster, opennap clones, and other servers down, and piss off not just us geeks who will grumblingly return to FTP servers and ratios or guntella/freenet/mojonation/etc., but the millions of Joe Sixpacks who got highspeed access just for napster.
The RIAA is pissing off a huge portion of their fan base. They can see the impact on their bottom line when sales decrease after napster is gone.
Doesn't matter. It's a security method, and therefor covered.
is equal to when I go buy ZeroKnowledge or full anonymizer services, less five minutes. Frankly, I'd be surprised if there isn't some of that already going on (naturally, NetZero and the like, but I mean normal, paid ISPs)
Companies with negative profits can't use .com, they have to use the inverse, .moc , and we can call it, 'being mocked'. Kinda like delisting, but more prevalent, variable, and hellish on routing!
Of course, police never aim for the eyes with non-lethal weaponry. Didn't just happen this week in Austin, possibly partially blinding a bystander with his arms raised in the air. nope. right?
Um, no accounting for Blowfish (used in hushmail) or TwoFish (NIST finalist for the AES standard, beating out 12 other algorithms from luminaries such as RSA). Don't forget Solitaire, either.
Schneier knows crypto.
It occurs to me that this method of key distribution is ill-thought out. While it is true that capturing the entire stream is impracticle in terms of storage, it's also unnecessary.
*traffic analysis will quickly reveal times of day/night that your targets are exchanging messages
*Depending on the protocol, if both parties have to be communicating in realtime, it's trivially easy to watch the traffic and see the channel being set up and capture the correct OTP bitstream.
*target parties must still communicate when to start using the stream--the OTP crypto here is only as strong as this link, which could rely on repetition or an algorithm for time-to-start, other encryption (which changes 'unbreakable' to 'impractical-like-breaking-RSA'), and can be determined by power analysis (Alice always flips on her sat. dish at 9:05:43...)
*MitM -- how is the bitstream authorized? Who would notice if some TLA changed it from a highly-random algorith to a deduceable algorithm?
*EVEN IF none of these work, storage remains cheap. write the bitstream--or, chunks of 5 characters of the bitstream, wait 5, store 5 more, etc.--to a tape.
OTPs remain very difficult to use and use correctly. This is nice, but it's not going to magically solve our problems.
Contact the ACLU, or the national library association that is bringing suit against the forced use of censorware. You and your friends are ideal poster children (sorry for the term, you know what I mean) for the cause. Just remember to read all the /. and peacefire stories on the stupidities of censorware before getting up on the witness stand, 'k?
Aren't people worried about their computer getting an STD (SMTP-transmitted Disease)??
Can Linux Boxen ever get along with Windows, or is the book, _Linux is from Finland, Microsoft is from Seattle_ the end?
And, seriously, what about problematic relationships and their ends? Core dumps can be nasty.
Are you making the distinction between deterministic and non-deterministic functions? Just asking.
As for quantum encryption, there are still problems. The MitM factor becomes very serious in quantum key exchange. But if you can get around that, it's possibly provable.
Amazingly enough, that wasn't me. Maybe one of my peeps.
long day. yes I mean iridium.
PCMCIA
People Can't Memorize Computer Industry Acronyms.
All those itanium satellites have found a new role as the suicide bombers of the 21st century. We'll just start changing their orbits to collide with enemy sats (or de-orbiting them into the enemey's nation...)
(that's not supposed to be serious. I'm sure the future will prove it otherwise)
I was serious, moderator. Jan 28 is my birthday. It was quite disturbing. So step off.
Hell, I take that back. Bring it on. I've been at max karma since I was dropped 40 points to bring me down to the new max.