Of course it sounds good that the banks want to coordinate their security efforts. Probably one part of their analysis has to create profiles of common usage to be able to discern uncommon and possibly dangerous usage. These profiles will be much more detailed than their internal ones. Might they not use those profiles for other things like customer scoring, targeted advertising, etc., too? Or should I assume that they already share some data about their customers?
You said: "See below a message from A.Back. Basically GnuPG is NOT a victim of this 'attack'."
As I understood the problem, this is not going to help. The problem is, that there could be added an ADK to a key that is in Version-4 format. GnuPG generates keys in this format as well. So, even if YOU use gnupg and see that the key of your communications partner is compromised by an ADK, _his_ software he uses to encrypt to you (e.g. some PGP for Windoze) does NOT warn about the ADK that compromises your public key on the keyserver.
Yes, you might check the keyserver again and again for your own key and revoke it as soon as you see an ADK in it there. But how do you know if your communication partner has an untampered key? You don't. And that is way Schneier asks for an additional finger print that checks the signatures, too.
To be safe from having your key possibly compromised, you have to have it in Version-3 format and that means you have to use PGP 2.6.3
or PGP 2.6.3i.
AFAIK some nuclear reactors are designed to generate weapon grade Plutonium as part of their waste (Or at least products that can be used to get that Plutonium). Couldn't those reactors be changed somewhat to rather produce this usable variant of Plutonium? (There are too many nuclear weapons already anyway.) Then they would have enough of that for the mentioned missions and probably enough for others as well.
It appears that there are firms that offer space travel to civilians. On June, the 9th, the Rheinische Post (a German newspaper) reported about a man who won a space travel, but decided (because he was afraid of that (according to the newspaper)) to rather get the money (182.000 DEM). The name of the American firm, that offers such travels, wasn't mentioned.
Here is the link to that newspaper article (in German!): Lottogewinner
I think Lessig got it right to point out the importance of keeping the focus on "Progress". As we have seen with firms like Intel and Microsoft, IP can be used to slow progress.
So, we want laws that support progress, but at the same time leave enough freedom for the authors to make a profit with their findings. (They should at least be able to get their invested money back.) Where should the line between the need of protection of the authors rights and the wish for progress from the public be drawn?
In my opinion that line was drawn at the right place, but the latest changes indicate that big businesses push successfully to change the "balance" (Lessig got that right as well) to their favor. Is there a way to influence this trend without having lots of money? I don't really believe that many politicians listen to intelligent remarks from normal citizens. So, what is the way to get heard without using illegal means?
The article mentions the idea of Ferrari to swindle the immune system with using nano pore membranes that have holes too small for antibodies. But what about viruses? What is their size? Do viruses exist that are smaller than the antibodies and which may be able to pass the membranes? What happens if they attack the "shielded" cells inside the capsule? IIRC those cells would be changed by the viruses to produce more viruses. Fine for the virus, because the altered cells are safe from the antibodies. Thus those cells change from being a help for the body to being a danger!
Or did I miss something fundamental? (Like "viruses are always bigger than antibodies". I just don't know.)
Sorry, a misinformation. I misread the article stating the part about Linuxland. Linuxland is going to finance some connected activities and projects. The 250.000 DM are from the BMWi (Bundesministerium für Wirtschaft = Ministry of Economics).
(Sorry again, next time I will not post at 01.45 am...)
> I'd be curious to see exactly what government agency or arm is giving this money to the GPG project.
None. The BMWi (I guess that would be something like the ministry for commerce or something like that in the US) just found a worthy target (GPG) for the money and a donator willing to help. The donator is a firm named Linuxland.
---sarcasm on--- I don't think there would have been money from the government for something like that. The lobby for that is to small to matter. Only big industries like the automobile or tobacco industry get financial aids worth mentioning.:-( ---sarcasm off---
(This information is from the article which is referenced from the original article.)
I guess it would get really interesting, if they could provide even more operating systems from the *nix sector. How about comparing several Linux distributions to each other plus the free *BSDs and several commercial *nix variants?
From my point of view the decision of the banks makes sense. First, they have to protect themselves from the loss if customers. This can be acomplished by paying the ransom. As someone else pointed out already, you can try to catch the blackmailers when picking up the money.
Second, you fix the holes quietly to prevent other crackers to do the same. And you still keep it quiet.
Trust is really important when you give somebody your money. You trust the bank that they give back the money you gave them. Therefor you trust them to be able to protect the integrity of the finance tracking system.
Let's take that a bit farther: What if it becomes known, that more than one or two banks, namely nearly all banks, are vulnerable and not too difficult to crack? What might happen? The customers may lose their trust in the banks and get their money back and/or keep it to themselves. If this happens on a big scale you decrease the available money for the servies of the banks like investing and credits. Without being able to get a decent credit other investments will not be made and so on... The financial system slows and the economy suffers. Therefor there is less money on the side of the investors, which they still keep to themselves...
Trust is really important for the economy. You have to trust the government, that those cheap printed paper slips with numbers on them are really worth more than the paper value. You have to trust the banks, that you get your money back. And therefor they have to pretend that they are invulnerable. Behind the scenes they may act completely different, but in the face of the public they have to keep their face.
BTW: I really liked it, too, that the author didn't mix hackers with crackers as many others do.
Slashdot Mirror
Of course it sounds good that the banks want to coordinate their security efforts. Probably one part of their analysis has to create profiles of common usage to be able to discern uncommon and possibly dangerous usage. These profiles will be much more detailed than their internal ones. Might they not use those profiles for other things like customer scoring, targeted advertising, etc., too? Or should I assume that they already share some data about their customers?
You said: "See below a message from A.Back. Basically GnuPG is NOT a victim of this 'attack'."
As I understood the problem, this is not going to help. The problem is, that there could be added an ADK to a key that is in Version-4 format. GnuPG generates keys in this format as well. So, even if YOU use gnupg and see that the key of your communications partner is compromised by an ADK, _his_ software he uses to encrypt to you (e.g. some PGP for Windoze) does NOT warn about the ADK that compromises your public key on the keyserver.
Yes, you might check the keyserver again and again for your own key and revoke it as soon as you see an ADK in it there. But how do you know if your communication partner has an untampered key? You don't. And that is way Schneier asks for an additional finger print that checks the signatures, too.
To be safe from having your key possibly compromised, you have to have it in Version-3 format and that means you have to use PGP 2.6.3
or PGP 2.6.3i.
AFAIK some nuclear reactors are designed to generate weapon grade Plutonium as part of their waste (Or at least products that can be used to get that Plutonium). Couldn't those reactors be changed somewhat to rather produce this usable variant of Plutonium? (There are too many nuclear weapons already anyway.) Then they would have enough of that for the mentioned missions and probably enough for others as well.
Here is the link to that newspaper article (in German!): Lottogewinner
I think Lessig got it right to point out the importance of keeping the focus on "Progress". As we have seen with firms like Intel and Microsoft, IP can be used to slow progress.
So, we want laws that support progress, but at the same time leave enough freedom for the authors to make a profit with their findings. (They should at least be able to get their invested money back.) Where should the line between the need of protection of the authors rights and the wish for progress from the public be drawn?
In my opinion that line was drawn at the right place, but the latest changes indicate that big businesses push successfully to change the "balance" (Lessig got that right as well) to their favor. Is there a way to influence this trend without having lots of money? I don't really believe that many politicians listen to intelligent remarks from normal citizens. So, what is the way to get heard without using illegal means?
The article mentions the idea of Ferrari to swindle the immune system with using nano pore membranes that have holes too small for antibodies. But what about viruses? What is their size? Do viruses exist that are smaller than the antibodies and which may be able to pass the membranes? What happens if they attack the "shielded" cells inside the capsule? IIRC those cells would be changed by the viruses to produce more viruses. Fine for the virus, because the altered cells are safe from the antibodies. Thus those cells change from being a help for the body to being a danger!
Or did I miss something fundamental? (Like "viruses are always bigger than antibodies". I just don't know.)
Sorry, a misinformation. I misread the article stating the part about Linuxland. Linuxland is going to finance some connected activities and projects. The 250.000 DM are from the BMWi (Bundesministerium für Wirtschaft = Ministry of Economics).
(Sorry again, next time I will not post at 01.45 am...)
> I'd be curious to see exactly what government agency or arm is giving this money to the GPG project.
:-(
None. The BMWi (I guess that would be something like the ministry for commerce or something like that in the US) just found a worthy target (GPG) for the money and a donator willing to help. The donator is a firm named Linuxland.
---sarcasm on---
I don't think there would have been money from the government for something like that. The lobby for that is to small to matter. Only big industries like the automobile or tobacco industry get financial aids worth mentioning.
---sarcasm off---
(This information is from the article which is referenced from the original article.)
I guess it would get really interesting, if they could provide even more operating systems from the *nix sector. How about comparing several Linux distributions to each other plus the free *BSDs and several commercial *nix variants?
Bjoern
From my point of view the decision of the banks makes sense. First, they have to protect themselves from the loss if customers. This can be acomplished by paying the ransom. As someone else pointed out already, you can try to catch the blackmailers when picking up the money.
Second, you fix the holes quietly to prevent other crackers to do the same. And you still keep it quiet.
Trust is really important when you give somebody your money. You trust the bank that they give back the money you gave them. Therefor you trust them to be able to protect the integrity of the finance tracking system.
Let's take that a bit farther: What if it becomes known, that more than one or two banks, namely nearly all banks, are vulnerable and not too difficult to crack? What might happen? The customers may lose their trust in the banks and get their money back and/or keep it to themselves. If this happens on a big scale you decrease the available money for the servies of the banks like investing and credits. Without being able to get a decent credit other investments will not be made and so on... The financial system slows and the economy suffers. Therefor there is less money on the side of the investors, which they still keep to themselves...
Trust is really important for the economy. You have to trust the government, that those cheap printed paper slips with numbers on them are really worth more than the paper value. You have to trust the banks, that you get your money back. And therefor they have to pretend that they are invulnerable. Behind the scenes they may act completely different, but in the face of the public they have to keep their face.
BTW: I really liked it, too, that the author didn't mix hackers with crackers as many others do.
Björn
Your hint helped me to locate the piece. Here is a link to the complete poem including the copyright notice of the original author Gene Ziegler.
T ML
http://www.gsm.cornell.edu/staff/Gene/DrSeuss.H
Have fun...
Björn