Concerning "Steganography is considered the third biggest threat to US security after biological and chemical attack"
1) They left out nuclear attack.
2) Did anyone else notice that the article was littered with unlikely spelling mistakes? It seems to me that the Financial Times wouldn't let bad copy on to the internet, which makes me think - Maybe there's a message hidden in the article?
Which would make their claims about steganography seem pretty hypocritical/dumb.
Here in England we had the a regional election won by the British National Party (Who are racist bigots), simply because the turnout was something like 10%.
This example alone should make it obvious that not voting is one of the most idiotic ways you could possibly "protest" your current system of government
Imagine at some point in the future if the 1% of people who did vote only did so because they were fanatically against democracy?
Two days ago there was a fuss about the European Convention on Human Rights (or something) becoming law. This was billed as "The greatest change to English law for 300 years", and one of the things it stops is employee surveillance.
And I am aware of the fact that DSL and ADSL are not the same. The UK can blame BT for the "A"(asynchronous{sp?}) as well as the 3-year roll-out time and the coverage. 75% in 18 months time.
Disclaimer: I've just had ADSL installed in the UK, and there is quite a difference between the UK and the US. So, for your comparison:
It took two weeks to install a 512kbps line. That cost 275 pounds from British Telecom. There are different contention ratios depending on whether or not you're a business of home user. I got mine from the company I work for, so mine is 20:1. Home user is usually 50:1, but BT's own ADSL provider use 80:1, which can be as bad as a 14.4 modem at peak times.
After that, it's 100 pounds a month without static IP addresses. That turned out to be a mistake: If you don't have static IPs you get something called NAT: Network Address Translation. And it sucks. It screws up Napster, Gnutella, NetMeeting (yes, I run Win98), and all sorts.
IP addresses come in lots of five with ADSL, and add a small amount to the monthly charge. I await the outcome...
The ISP, Inweb, have been very cool, answering all my obscure questions etc.
My only gripe is with British Telecom. I could rant, but an example of what they do will suffice.
Since you have to have a BT line to get ADSL, and BT are the only people authorised to install the ADSL routers, they abuse this fact by configuring the router to block important ports like those used for voiceIP. This is obviously to protect their revenue, but still, they claim that the router is their property (despite the 275 pounds and the fact that I didn't sign any such contract) and if you change any settings they cut you off, fine you etc.
the FBI is likely to use is "open source can't be trusted".
This is going to be difficult considering the President's Information Technology Advisory Committee published a report (Covering letter) recommending the use of open source for high-end computers, and suggesting government-funded development(IIRC)
I think the RSA alogrithm is available for free for non-commercial use. Cryptext uses RSA, and is non-commercial.
The patent expiring means that any big company can use the alogrithm in their product.
Which means that, theoretically speaking, Microsoft could build in 'Privacy enhancements' using a (kerberos'd?) version of RSA. I'm not MS-bashing, just food for thought.
I think there's a slight difference between holding car/cigarette manufacturers responsible for the effects of their product, and holding programmers responsible for what they create.
On one hand, you have global corporations who's every intention is to make money, and damn the consequonces(sp?), and on the other hand, you have a coder looking to increase his "noosphere"
I don't know about anybody else, but sueing me for writing a GPL'd piece of code would be totally counter-productive, as anybody with an interest in the code could then develop it.
Technology advances regardless of the law. Laws written to govern todays technology will be obsolete when tomorrows technology comes along.
OK, I'm being glib, and I wish Corley, Garbus et al all the best against the MPAA, but I don't live in America. I have the DeCSS code, the DOD speed ripper, the DivX codec etc. and I'll give them to anybody who asks for them.
And I promise that if the case is lost I'm going to put them on Gnutella, Scour and (if I can get it working) FreeNet.
You have to turn over a plain text version of all encrypted files. Unless you say you've forgotten the keys.
Does anybody else spot the flaw here? I could take all my encrypted stuff, put it in a zip/rar file, encrypt the resulting file, then change the date modified/created to 2 years ago.
I could first claim to have forgotten the password, and if they do somehow prove that I do know it (is there a telepath in the house?), then I print of a plain ASCII text dump of the zip file, which would come to over 100 pages at least. It's complying with the letter but not the spirit of the law
If I had written ILOVEYOU, it would have sent out copies of itself with the recipients' first name (from Outlook address book) as well, and reply to all e-mails in the inbox with "re:" + subject + something else.
It's a nice scaremongering document, but the hypothetical worm is a *worm*. We've already been bitten by vbs and StagesA, so the potential for a virus that self-replicates is, IMHO, diminished.
As for having web-servers which relay instructions/recieve data, the 'bot would have to know how to fill out registration forms/upload information, and even then the server would have to have some kind of handshake with the worm, which could be detected by the hosts of the web-site.(i.e. geocities)
Why not have the server host misc. content, with the instuctions embedded in the HTML?
In any case, is it a good thing to have people publishing design documents for killer virii? The script kiddies which came up with ILOVEYOU weren't smart enough to design something really nasty, and HNN are just providing inspiration, which means they'd be liable in the event such a worm was released.
Slashdot Mirror
I haven't heard that much except for how the head of the organisation is a bit of a crackpot. Could you post some links please?
I would make the subscription usage-based, as follows:
You top up your credit at Napster with $40.
Every time you download a track, $0.x is subtracted from your credit.
[9|8]0% * $0.x goes to the record company (if found) who owns the copyright.The extra [1|2]0% * $0.x is split between Napster and the person you're downloading from.
In that way, people are paid(in fractions of a download) for their time, space and bandwidth.
Of course, there are problems with this, not least being the reliability of the service. At present ~50% of up/downloads are "Transfer Error!"s.
Simple. Although running different programs may have different outputs, they all use the same basic machine code instructions.
It is these instructions, one would assume, that get faster with repeated execution.
Concerning "Steganography is considered the third biggest threat to US security after biological and chemical attack"
1) They left out nuclear attack.
2) Did anyone else notice that the article was littered with unlikely spelling mistakes? It seems to me that the Financial Times wouldn't let bad copy on to the internet, which makes me think - Maybe there's a message hidden in the article?
Which would make their claims about steganography seem pretty hypocritical/dumb.
Here in England we had the a regional election won by the British National Party (Who are racist bigots), simply because the turnout was something like 10%.
This example alone should make it obvious that not voting is one of the most idiotic ways you could possibly "protest" your current system of government
Imagine at some point in the future if the 1% of people who did vote only did so because they were fanatically against democracy?
Two days ago there was a fuss about the European Convention on Human Rights (or something) becoming law. This was billed as "The greatest change to English law for 300 years", and one of the things it stops is employee surveillance.
So preseumably this law is out of date already.
And I am aware of the fact that DSL and ADSL are not the same. The UK can blame BT for the "A"(asynchronous{sp?}) as well as the 3-year roll-out time and the coverage. 75% in 18 months time.
Disclaimer: I've just had ADSL installed in the UK, and there is quite a difference between the UK and the US. So, for your comparison:
It took two weeks to install a 512kbps line. That cost 275 pounds from British Telecom. There are different contention ratios depending on whether or not you're a business of home user. I got mine from the company I work for, so mine is 20:1. Home user is usually 50:1, but BT's own ADSL provider use 80:1, which can be as bad as a 14.4 modem at peak times.
After that, it's 100 pounds a month without static IP addresses. That turned out to be a mistake: If you don't have static IPs you get something called NAT: Network Address Translation. And it sucks. It screws up Napster, Gnutella, NetMeeting (yes, I run Win98), and all sorts.
IP addresses come in lots of five with ADSL, and add a small amount to the monthly charge. I await the outcome...
The ISP, Inweb, have been very cool, answering all my obscure questions etc.
My only gripe is with British Telecom. I could rant, but an example of what they do will suffice.
Since you have to have a BT line to get ADSL, and BT are the only people authorised to install the ADSL routers, they abuse this fact by configuring the router to block important ports like those used for voiceIP. This is obviously to protect their revenue, but still, they claim that the router is their property (despite the 275 pounds and the fact that I didn't sign any such contract) and if you change any settings they cut you off, fine you etc.
And I'm not gloating.
This is going to be difficult considering the President's Information Technology Advisory Committee published a report (Covering letter) recommending the use of open source for high-end computers, and suggesting government-funded development(IIRC)
I think the RSA alogrithm is available for free for non-commercial use. Cryptext uses RSA, and is non-commercial.
The patent expiring means that any big company can use the alogrithm in their product.
Which means that, theoretically speaking, Microsoft could build in 'Privacy enhancements' using a (kerberos'd?) version of RSA. I'm not MS-bashing, just food for thought.
IMHO Isn't the idea of Linux that you can go your own way? That no-one will tell you what OS to install?
OK I wouldn't expect Red Hat to install/support Debian or anything, but if the guy paid for the hardware, he should at least get support for that.Kudos to /. for posting something which knocks their parent company. You wouldn't see that on MSDN.
here
There was a link on Cryptome a while a go.
I tried to open the ink in IE5.5 and it crashed. Something strange is happening in Redmond...
I think there's a slight difference between holding car/cigarette manufacturers responsible for the effects of their product, and holding programmers responsible for what they create.
On one hand, you have global corporations who's every intention is to make money, and damn the consequonces(sp?), and on the other hand, you have a coder looking to increase his "noosphere"
I don't know about anybody else, but sueing me for writing a GPL'd piece of code would be totally counter-productive, as anybody with an interest in the code could then develop it.
Technology advances regardless of the law. Laws written to govern todays technology will be obsolete when tomorrows technology comes along.
Wishing the defendants the best of luck. Nothing useful to say, so I suppose that makes me a troll. Hehe
By the way, which member of the /. editorial team was it that predicted defeat for 2600 et al? 'Cos the NYT is predicting the opposite.
and it's 26/7/2000 12:47 GMT. On a similar note, kuro5hin.org has been taken down due to DOS attacks...
Point taken, My bad.
OK, I'm being glib, and I wish Corley, Garbus et al all the best against the MPAA, but I don't live in America. I have the DeCSS code, the DOD speed ripper, the DivX codec etc. and I'll give them to anybody who asks for them.
And I promise that if the case is lost I'm going to put them on Gnutella, Scour and (if I can get it working) FreeNet.
So up yours MPAA.
As I write this, Cryptome is still down. This is at 10:14 GMT July 24th 2000.
Lucky I saved all the offending material to my HD...
FYI, the people who requested the removal of the information were Special Agent James Castano and his immediate superior, Dave Marzigliano.
The published e-mail address was nccs-ny@fbi.gov
Be sure to let them know your views!
They've now modified the bill.
You have to turn over a plain text version of all encrypted files. Unless you say you've forgotten the keys.
Does anybody else spot the flaw here? I could take all my encrypted stuff, put it in a zip/rar file, encrypt the resulting file, then change the date modified/created to 2 years ago.
I could first claim to have forgotten the password, and if they do somehow prove that I do know it (is there a telepath in the house?), then I print of a plain ASCII text dump of the zip file, which would come to over 100 pages at least. It's complying with the letter but not the spirit of the law
If I had written ILOVEYOU, it would have sent out copies of itself with the recipients' first name (from Outlook address book) as well, and reply to all e-mails in the inbox with "re:" + subject + something else.
It's a nice scaremongering document, but the hypothetical worm is a *worm*. We've already been bitten by vbs and StagesA, so the potential for a virus that self-replicates is, IMHO, diminished.
As for having web-servers which relay instructions/recieve data, the 'bot would have to know how to fill out registration forms/upload information, and even then the server would have to have some kind of handshake with the worm, which could be detected by the hosts of the web-site.(i.e. geocities)
Why not have the server host misc. content, with the instuctions embedded in the HTML?
In any case, is it a good thing to have people publishing design documents for killer virii? The script kiddies which came up with ILOVEYOU weren't smart enough to design something really nasty, and HNN are just providing inspiration, which means they'd be liable in the event such a worm was released.
They should start a Napster-like service for DivX ;-) trailers, I can never seem to find any new ones on Gnutella :-)
And this isn't the sames as MP3 i.e. downloading whole tracks - the trailers may make people go out and buy DVDs.
At least, after seeing the Bullitt trailer that's what it did to me.
Statistical patterns in data have been used for a while in computer forensics.
It's called "ASCII Profiling" and was used against the Black Baron (Story here) about a third of the way down, "Shadow Copies".
Curiously enough, I'm working on something related to this...
please crack one of these so-called "Black Boxes"?
If it's running Windows xx then we can crack the security, and if it's running a Linux variant we can subpoena the source-code from the FBI.
Of course, if it's running Solaris, we're buggered.
But I wouldn't mind getting a look at the working of one of these...
This is, no matter which way you look at it, good news. This is better than *.Net becoming de facto in all devices connected to the Internet.
As for violating the GPL, I believe that there was a news article a while back in Slashdot about the GPL being tested in a court of law sometime soon.
This is another step to world domination. Hopefully