No, it's a great name doing exactly what it should be doing. Carnivore, when operating correctly, records only emails relevant to a court ordered case. It was used (not counting cases involving large ISPs which provide the logging themselves, *cough*AOL*Cough*) in somewhere between 25 and 100 cases in just 1999.
Omnivore, an 'earlier version' (which I'm/sure/ has gotten totally replaced!) sucked in 6 gigs of data an hour. For comparison, James Joyce's Ulysses is 1.6megs. so, 3840 copies of Ulysses an hour.
The real question is when are they gonna product an OpenBSD/Trusted Extensions or a Linux version? I mean, it's running on Windows. I don't want to trust the FBI with the power to monitor all my email, much less every skript kiddie in the world.
This was my point. It would be prohibitively costly and problematic to change the ending, but not impossible.
I'm leaning towards a creative webhead, but the general rule is to never explain with creativity what can be best mapped by stupidity and bullheadedness. How important to the network was their image of not being ignorant and have the finale of a tv show exposed? Enough to reshoot, say, 5-6 episodes? I doubt it, but...
I'm sure in a few years (5-10) if it was reshot, some novel will be written and the truth revealed. and the author sued, but hey.
My question is, was it false information (which would be mondo-cool, and evidence of a really perversely cool webmaster) or did they change the ending (which would be the 3vi1 corporate CYA)? I hope for the first, but wouldn't be surprised at the second. Anyone have inside info?
And if the t-shirt contains PGP or the perl crypto code, since those are munitions, can you get arrested for carrying concealed weaponry w/o a permit???
Yah, I think we'll have to expand into the rest of the hotel's facilities, or reorganize those we have. Stick the vendors somewhere else, the CTF crowd in the small room (uberhaxor, then the newbie area this year) and generally organize and predict which talks will be the most attended better.
They have more space, it just is paying for it I'd imagine.
Spot the Fed will have to be replaced by spot the hacker come next year. I was talking with Priest and he estimated well over 6000 attendees this year- almost twice Defcon 7, which was too big as it was. It was overly crowded, and while many of the presentations were top-notch (the mojonation and freenet), there were just TOO MANY PEOPLE.
Duncan has been following Echelon since long before it was even admitted to existing. He's done extensive research into it and did in fact break the news to the EU Parliament as claimed. do a google search for echelon and he'll show up quite a bit if you're still concerned.
encryption, people, encryption!
on
Inside Echelon
·
· Score: 3
We have PGP, PGPi, and myriads of other secure email methods. why are people not using them? They'd render Carnivore and Echelon much, much less useful. Well, that and anoynmous browsing, IPSec, etc.
The default presumption must now be that someone is reading your email and parsing your logs--it's almost certainly automatic, but it's there. You should check your personal website logs and see what interesting.mil and.gov and.arpa hits/you/ get. I've been spidered by NIPR.mil -- an interesting site in and of itself. Search cryptome.org for what it does...
So, today's moral is USE ENCRYPTION. I have my 4096 bit public key on the standard servers and on my/. user page.
Now, wait a minute here. this is a Good Thing. It's a fantastic ruling to be referred to later on--the rights must travel with the data, as is legally enforced (don't make me rant on DRM today!). This means that us consumers can use this ruling later on to keep from getting screwed over by many manipulations. It may even be referencable in those wonderful TOSes that can update and change dramatically without any notification, it'll bring back the concept of what was signed (clicked) is what is the law--and those original rights must be propogated in each incarnation of the data.
It won't end spam, but it will serve as a valuable tool in other circles.
This matters hugely. Did Napster pay for the research to be done? Did Jupiter do it out of the kindess of their hearts? (prolly not)? Did they do it to get headlines during their merger with media metrix? (maybe).
I'm not saying the research is invalid--in fact I agree with it--but when push comes to shove defending napster against RIAA and the like, these questions will come up and we should have the answers. preliminary browsing at Jupiter's site didn't reveal anything...
make sure you write to yesmail and tell them that you are doing this and why. I'm going to do the same, put a filter that searches all headers and auto-trashes it.
exactly. I was lucky enough to, even though I was a wet-behind the ears graduate, define my boundaries very early and very definitively. Enjoying life is first. (example: Sunday night, go dancing. monday morning, catch plane to conference at 8am, wednesday night, return home, go dancing...)
Further, damnit, I'm NOT a criminal, so I shouldn't be treated as one. This is a classic case of guilty until proven innocent. Just because I'm not a criminal doesn't mean I want the gov't, or my next door neighbor, to be able to read my email. Of course, that's why I have a huge PGP key (check my userpage)...
I am a private citizen, and my personal life is no business of the government.
So, if anyone finds or guesses the list of people the FBI listens for, cc: them and/or spoof them in every email you send. Add a few extra X-headers to trip it up. It'll fit nicely with the X-Jam-Echelon header, and will in fact maybe even be synergistic.
My time from M-F 9am to 6pmish comes relatively cheap. time beyond that, expectations that I'll be around to work on the weekends, nope. unpriced. you can't buy that time off me. sorry. My job I enjoy, and it is part of my life. NOT my whole life. gotsta do salsa/merengue dancing, gotsta trek around the hillcountry, gotsta party.
There are actually audit standards already extant for high-security hosting--financial hosting sites all go through something called a SAS-70, which--depending on the level of the institution, are pretty harsh security.
void has a point, the percentage of inside hacks seems to be upwards of 70% of all breaches--but any decent insurance policy (and we are talking L loyd's) will cover insider hacks as well.
Importantly, thoght, what's the mantra of the security aware? No system is secure. OK, a system filled with concrete unplugged at the bottom of the ocean comes close. But, there will always be a new vulnerability, an insider bribed, a way in. Always. Insurance is really the only solution for businesses in this area, much like, as other posters have realized, the niches where insurance is popularized in the real world.
In an uncertain world, insurance becomes needed. The wonderful and insidious thing about this, however, is that you know what the trend of insured internet businesses will drive? security! You want a good rate on our security insurance? Better freakin' install the latest patches, have a subscription to Security Focus, get a good firewall, implement access policies, do background checks, shred your paper trash...
This will be a fantastic wave of actual implemented security.
all the anonymous/freenet/ZKS/crypto&privacy projects could really use some convergence and working together. OTOH, I suppose that if there are many, the likelyhood of them all being shut down approaches zero. but. maybe just extreme interoperability....
With all the bulkmail filters on web accounts nowadays, I want to either make a scrub script or convince postmasters to do an automated spam-complaint to the originating servers of bulkmail craaaap. Also, I wonder if they'd share their filters...?
When I was in venezuela Cybercafes were all the rage, and it was very 1997Q4-esque (just as the Internet Economy was really beginning to ramp up) there were big banners offering HTML and computing workshops, the middle class tended to own computers and sometime dialup access--a major problem was that the phone company charged per-minute for even local calls, but there were a few wireless/cell companies competing. It makes me happy to see that the problems are being moved past.
wasn't Xerox PARC already doing this? well, capturing all the text, storing terabytes at a time? I can't seem to find the link currently, unfortunately.
Slashdot Mirror
No, it's a great name doing exactly what it should be doing. Carnivore, when operating correctly, records only emails relevant to a court ordered case. It was used (not counting cases involving large ISPs which provide the logging themselves, *cough*AOL*Cough*) in somewhere between 25 and 100 cases in just 1999.
/sure/ has gotten totally replaced!) sucked in 6 gigs of data an hour. For comparison, James Joyce's Ulysses is 1.6megs. so, 3840 copies of Ulysses an hour.
= 1 ; Calculation (6gig*(1024meg/gig)) * (1 book/1.6meg)) )
Omnivore, an 'earlier version' (which I'm
( http://www.msnbc.com/news/431355.asp?0nm=B16M&cp1
Hear anything about Omnivore recently?
Right. So, the Carnivore name is perfect.
The real question is when are they gonna product an OpenBSD/Trusted Extensions or a Linux version? I mean, it's running on Windows. I don't want to trust the FBI with the power to monitor all my email, much less every skript kiddie in the world.
This was my point. It would be prohibitively costly and problematic to change the ending, but not impossible.
I'm leaning towards a creative webhead, but the general rule is to never explain with creativity what can be best mapped by stupidity and bullheadedness. How important to the network was their image of not being ignorant and have the finale of a tv show exposed? Enough to reshoot, say, 5-6 episodes? I doubt it, but...
I'm sure in a few years (5-10) if it was reshot, some novel will be written and the truth revealed. and the author sued, but hey.
My question is, was it false information (which would be mondo-cool, and evidence of a really perversely cool webmaster) or did they change the ending (which would be the 3vi1 corporate CYA)? I hope for the first, but wouldn't be surprised at the second. Anyone have inside info?
And if the t-shirt contains PGP or the perl crypto code, since those are munitions, can you get arrested for carrying concealed weaponry w/o a permit???
Yah, I think we'll have to expand into the rest of the hotel's facilities, or reorganize those we have. Stick the vendors somewhere else, the CTF crowd in the small room (uberhaxor, then the newbie area this year) and generally organize and predict which talks will be the most attended better.
They have more space, it just is paying for it I'd imagine.
Spot the Fed will have to be replaced by spot the hacker come next year. I was talking with Priest and he estimated well over 6000 attendees this year- almost twice Defcon 7, which was too big as it was. It was overly crowded, and while many of the presentations were top-notch (the mojonation and freenet), there were just TOO MANY PEOPLE.
Duncan has been following Echelon since long before it was even admitted to existing. He's done extensive research into it and did in fact break the news to the EU Parliament as claimed. do a google search for echelon and he'll show up quite a bit if you're still concerned.
We have PGP, PGPi, and myriads of other secure email methods. why are people not using them? They'd render Carnivore and Echelon much, much less useful. Well, that and anoynmous browsing, IPSec, etc.
.mil and .gov and .arpa hits /you/ get. I've been spidered by NIPR.mil -- an interesting site in and of itself. Search cryptome.org for what it does...
/. user page.
The default presumption must now be that someone is reading your email and parsing your logs--it's almost certainly automatic, but it's there. You should check your personal website logs and see what interesting
So, today's moral is USE ENCRYPTION. I have my 4096 bit public key on the standard servers and on my
It wasn't /that/ funny. Perhaps you've had too much coffee? There's a reason I'm withholding my +1 bonus, y'know.
Windows DNA... (wait, that's taken already) Anyway. BSODs on genes would just be bad. And literal. New meaning to "Abort, Retry, Fail?" I suppose.
Now, wait a minute here. this is a Good Thing. It's a fantastic ruling to be referred to later on--the rights must travel with the data, as is legally enforced (don't make me rant on DRM today!).
This means that us consumers can use this ruling later on to keep from getting screwed over by many manipulations. It may even be referencable in those wonderful TOSes that can update and change dramatically without any notification, it'll bring back the concept of what was signed (clicked) is what is the law--and those original rights must be propogated in each incarnation of the data.
It won't end spam, but it will serve as a valuable tool in other circles.
This matters hugely. Did Napster pay for the research to be done? Did Jupiter do it out of the kindess of their hearts? (prolly not)? Did they do it to get headlines during their merger with media metrix? (maybe).
I'm not saying the research is invalid--in fact I agree with it--but when push comes to shove defending napster against RIAA and the like, these questions will come up and we should have the answers. preliminary browsing at Jupiter's site didn't reveal anything...
make sure you write to yesmail and tell them that you are doing this and why. I'm going to do the same, put a filter that searches all headers and auto-trashes it.
exactly. I was lucky enough to, even though I was a wet-behind the ears graduate, define my boundaries very early and very definitively. Enjoying life is first. (example: Sunday night, go dancing. monday morning, catch plane to conference at 8am, wednesday night, return home, go dancing...)
Further, damnit, I'm NOT a criminal, so I shouldn't be treated as one. This is a classic case of guilty until proven innocent.
Just because I'm not a criminal doesn't mean I want the gov't, or my next door neighbor, to be able to read my email. Of course, that's why I have a huge PGP key (check my userpage)...
I am a private citizen, and my personal life is no business of the government.
So, if anyone finds or guesses the list of people the FBI listens for, cc: them and/or spoof them in every email you send. Add a few extra X-headers to trip it up. It'll fit nicely with the X-Jam-Echelon header, and will in fact maybe even be synergistic.
Hell yeah.
My time from M-F 9am to 6pmish comes relatively cheap. time beyond that, expectations that I'll be around to work on the weekends, nope. unpriced. you can't buy that time off me. sorry. My job I enjoy, and it is part of my life. NOT my whole life. gotsta do salsa/merengue dancing, gotsta trek around the hillcountry, gotsta party.
There are actually audit standards already extant for high-security hosting--financial hosting sites all go through something called a SAS-70, which--depending on the level of the institution, are pretty harsh security.
void has a point, the percentage of inside hacks seems to be upwards of 70% of all breaches--but any decent insurance policy (and we are talking L loyd's) will cover insider hacks as well.
Importantly, thoght, what's the mantra of the security aware? No system is secure. OK, a system filled with concrete unplugged at the bottom of the ocean comes close. But, there will always be a new vulnerability, an insider bribed, a way in. Always. Insurance is really the only solution for businesses in this area, much like, as other posters have realized, the niches where insurance is popularized in the real world.
In an uncertain world, insurance becomes needed. The wonderful and insidious thing about this, however, is that you know what the trend of insured internet businesses will drive? security! You want a good rate on our security insurance? Better freakin' install the latest patches, have a subscription to Security Focus, get a good firewall, implement access policies, do background checks, shred your paper trash...
This will be a fantastic wave of actual implemented security.
all the anonymous/freenet/ZKS/crypto&privacy projects could really use some convergence and working together. OTOH, I suppose that if there are many, the likelyhood of them all being shut down approaches zero. but. maybe just extreme interoperability....
With all the bulkmail filters on web accounts nowadays, I want to either make a scrub script or convince postmasters to do an automated spam-complaint to the originating servers of bulkmail craaaap. Also, I wonder if they'd share their filters...?
When I was in venezuela Cybercafes were all the rage, and it was very 1997Q4-esque (just as the Internet Economy was really beginning to ramp up) there were big banners offering HTML and computing workshops, the middle class tended to own computers and sometime dialup access--a major problem was that the phone company charged per-minute for even local calls, but there were a few wireless/cell companies competing. It makes me happy to see that the problems are being moved past.
I hope it doesn't ruin some of the really beautiful rustic scenery, tho.
hm. my hosts file is preventing me from easily reading the whole CNN article, but here's an article about a possibly different company doing the same thing, dating back to 97:, the website itself is http://www.archive.org/.
http://Slate.msn.com/webhead/97-02-27/webhead.asp
The related Xerox project I think is merely affiliated with Archive.org, actually, and is currently called the Internet Ecologies project
wasn't Xerox PARC already doing this? well, capturing all the text, storing terabytes at a time? I can't seem to find the link currently, unfortunately.
you know it's comming soon. Just remember--reindeer flotilla!