Go read some back issues of www.ntk.net to know more about the most outrageous cyber-journalist in the UK, Jon Ungoed-Thomas. This story is pure fantasy, as are most of his stories. He is a scare-monger of the worst kind.
Many times he has been caught sending out emails from his work account, pretending to be a female eco-terrorist. Then he started using hotmail but filled out the registration form with his own name, and it was sent with the emails. He is astoundingly stupid and clueless.
Now, there may have been some extortion attempts against banks recently by script-kiddies. During the Secondary DNS Con, civic minded hackers announced that the Scottish National Party's web site had no security. They then gave the web masters 2 weeks to fix it (the idiots applied a single M$ patch), then cracked the system and defaced the home page with some very funny stuff. Obviously the hack was long in the making.
Since then, there has been a lot of poking around websites all over the place in the UK, and since most of the security holes are application based, adding firewalls doesn't do much good.
I expect some script-kiddies sent an email to a web master at a major bank, demanding money or "the web site gets it". Mr double-plus-Ungoed has managed to fabricate a huge threat out of that with his tabloid trash writing.
Bank security for transactions doesn't go through web sites, despite what clueless wanna-be hackers would love to think. Any real cyber-threat to banks is well funded by organized crime, and the hacks are months in the execution. The payoff can be huge, and usually requires inside knowledge. Mr Ungoed can't even figure out hotmail:-)
people are confusing a Professional Engineering license with some other sort of "professional" certification
Ignore all the comments in this thread concerning MCSE or CNE. The E in all those professional certifications stands for EXPERT, not ENGINEER. It is illegal in most places (the U.S., England, Ireland, France, Belgium) to use the term engineer if you do not have a license from the state run board controlling the term.
When Novell started their CNE program back in 1984, they used the term Certified Novell Engineer. Some idiots managed to pass the Novell exam with no knowledge of computers or engineering, and got themselves sued in a California court. They tried to use their CNE pieces of paper to get them out of it, and ended up getting slapped with a US$10K fine by the court. Right after that, Novell changed the wording to Expert, and any CNI who teaches a CNE course is supposed to say repeatedly that the CNE is not an engineering certificate, and is never to be represented as one. The same goes for Cisco and their CCIE (which I consider to be the best).
I'm a Chartered Engineer (UK and Ireland equivalent of a PE), and occasionally I have to sign off the electrical parts of a communications project. As the only EE with a radio comms and networking background on many projects, I get to charge whatever I want for my review and signature.
Since the CE license requires me to act responsibly, I actually do review the engineering aspects of a project before I sign, since its my ass on the line if anything goes wrong. I charge GBP15,000 for a review, and have only done 6 since I got my C.E. 10 years ago. They were all public communication projects for either voice or data comms.
So take your EIT test, and if your career takes you in that direction, you are covered. If you end up as a code jockey, then you will be making as much as a PE and that scrap of paper is just a nice feeling that you accomplished something. Its good to have insurance now, than tear your hair out years down the road.
I'm pretty sure the large majority of the population don't have an opinion, since they don't all buy computers on a regular basis.
The analogy of buying a car without an engine is wrong. I would consider the CPU to be the engine, and the OS to be petrol.
In M$ case, you are being forced to buy a 5 year supply of petrol from only one supplier at a fixed price way above the price of petrol at other suppliers. If you don't want to buy the petrol, don't buy the car, is their rationale. Sure, you can buy the car, and then put any other petrol into it, and it will run, but you still have to pay for theirs even if you don't use it.
Thats a better analogy, but I think reducing a complex problem to an analogy doesn't work very well.
Remember the story I posted last week about a neighbor who was in the Polish resistance, and helped some of the Polish Intelligence agents smuggle the Enigma plans to England. His wife has a tatoo on her arm, and she had no problems re-telling what life was like in a concentration camp.
I have a feeling this guy will soon be the target of a lot of people with some very bad memories of tatoos. I wouldn't want to be the guy who sold him life insurance.
Ouch. Poor micro~1. They have the "La Service de la Répression des Frauds" unleashed on them. In the international tax-dodging world, these guys are known as the pitbulls. If you ever try to claim you work for a company in the British Virgin Islands, or any other tax haven, you can be sure your dossier will end up on their desk. Then you can be sure of paying up or going to jail.
The SRF is known for creating teams of elite investigators to research the toughest white collar criminal cases in France. They are well funded, probably they have a budget bigger than the tax revenue they recover (but they make up for it by scaring all the little fry into being more honest).
M$ was put on notice last year of a preliminary investigation. That is two steps away from being charged with a crime. Today the morning radio had lots of commentary on this, with speculation that criminal charges would not be far behind. Fraud cases don't get this far without solid evidence and a guaranteed win in the courts.
The one nice/scary thing about France is that corporations don't shield individuals from criminal charges. If this case is won by the government, they will probably request prison sentences for the senior M$ employees who signed the contracts with the PC distributors in France. I would expect 5 to 7 people to get ~1 year sentences, and another 20 to 50 to get suspended (avec surcis, similar to american parole) sentences.
Watch this one carefully, the EC in Brussels (whom we all love to hate), is watching as well. Talk is that if the EC moves against M$ after a French win, you will not be able to buy windoze along with your computer, it will have to be purchased separately and installed by the user. This is where cool looking installation scripts like Caldera/TrollTech will help Linux get used by the masses.
I think the Clinton administration is just throwing the dog a bone on this one. They have eased up only slightly on large companies with existing export agreements on crypto previously approved for export. In the future, a company will have to go through an export review only once before being allowed to ship crypto inside of another product. There is clearly no mention of freeware or OSS products in these press releases.
What this bill does not cover includes sales to any foreign government, military, or ISP. Those will still require a case-by-case review. Only products that meet the requirements for law-enforcement intercept will get this one time approval, so key-escrow and door-bell systems will quickly get the green light, others will have to slog through a years long process. They will still criminalize exports to "terrorist" countries, such as Cuba, but allow it to friendly nations like Columbia.
Nobody gets to see the wording of this new policy until December, so it is hard to tell why Hamre and Reno are smiling at this announcement. I have a feeling there is nothing new here except a minor improvement for big companies in return for a drop-in-the-bucket US$80million for a dedicated cryptanalysis team for the FBI. Its just a PR move.
For another slightly pessimistic view, go read this San Jose Merc article. Given the track record of the administration, I really don't think they've suddenly given up the fight and want strong crypto everywhere.
It wasn't engima that was solved by Marian Rejewski, it was a number of other military cyphers used during the 1920s and 30s. He was a brilliant man. He later was stationed in France to help de-cypher intercepted low power radio comms between low level military units. They used a number of older cypher techniques, since they already knew them and not every unit had an Enigma (only units with a protection group were allowed to have them, and they were destroyed whenever there was the chance of the allies capturing them, only 4 were captured before the end of the war).
The enigma machines were rare at the beginning of the war, used for only the most important traffic. By 1943 there were about 25,000 of them spread among units all over the place.
The Polish intelligence service was able to completely reconstruct an entire working Enigma down to the last detail, all except for the wiring of the wheels which was done in a more secure location before final assembly. They realised how important it was going to be to the allies, and managed to smuggle the plans to the French and the Brits. France, unfortunately, fell the next year.
The team at Bletchley applied some good crypto (they kept copies of every intercepted transmission from about 1937 onwards) and discovered the wiring of the wheels.
If it weren't for the Poles, Turing and his group wouldn't have broken the code until one of the machines was captured from a sub in 1942. They did a lot of other stuff with the allies as well, but thats a history lesson and not a slashdot topic.
So quick, discover a cure. The human race doesn't need amazing discoveries, inventions, leaps of science, breakthough advances in medicine:-)
Take that with a gallon of sarcasm.
But its nice to see someone start to look at geek and nerd habits as possibly a heriditary function, which may make us deviate from the non-existant human norm. But I think most of us wouldn't trade out geek abilities for a nice normal life. We prefer the admiration of our fellow geeks for a well crafted hack as opposed to the minor platitudes for behaving well in public.
Which of the current geek-cult heroes that you draw into your strip have you met in person? Did they know at the time you were Nitrozac? Did you take their picture or just find the photos on the web?
Is Relic or Dude based on anyone you know?
Will the aliens ever reveal themselves to you, and will you press charges or just giggle?
How long in advance do you draw your strip, and how long does it take to complete each one?
Actually, I'm going to concede the "Datenschutz" part to you, since I've already gotten some emails that Germany has good privacy laws.
I base my anonymity guidelines on whether I can buy a pre-paid telephone for cash and walk out the store without once ever giving my name. You can't do that in France or England, but you can do it in all the Nordic countries. I tried to get a pre-paid phone in Germany, and was told I could only buy one with proof of residence and a recent telephone bill. I was told by the salesman they send all that information to a collection center, so the police know who has bought which phones, and if the phone is used in a crime they know who bought it.
My German co-workers here are also following the Bertelsmann expansion into the internet, since it is getting quite agressive. But I base my criticisms of them on reports in the print media documenting where the ex-SS and other convicted war criminals ended up after serving their prison sentences. Bertelsmann was at the top of the list, although I suppose you could chalk that up to a company with a good civic conscience.
I belive what Bertelsmann is trying to do goes beyond trying to squeeze more money out of the market. The tactics used are strikingly similar to the arguments used when the SS was set up to enforce a strict moral code wherever the Nazis ruled. They had their own judicial branch, and documented many of their prosecutions of people for "thought crimes" and "anti-aryan attitudes". There is a strong outcry here on slashdot, and hopefully there will be a similar outrage in the real world press to stop this before it gets turned into law. But this time they are using the panic buttons of "protecting the children" instead of "eugenics".
So long as I have the individual option of receiving unfiltered data
You have to go and read some of the proposals. They are aimed squarely at NOT allowing any individual the option of unfiltered data.
All the data flowing around the tier 1 and tier 2 data carriers will be filtered based on content rating. Unrated content, or content from a site on a blacklist for mis-rating, will be dropped before it gets to any ISP customer.
This will force all web site and other content sources to provide content tags in thier data flows, outside of any encryption or proprietary format. This proposal looks to the Internet Standards and Open Source models to provide an idea of how to implement censorship. Just like every web page has HTML tags in it, and IP packets have a destination and source address and packet type, they want every packet processed have a "content rating" tag. That tag will have to be present in order for a router to process it, just like every packet hitting a router today has a specific format.
The timescale proposed by the EC is a bit optimistic, but that is just a timescale to implement some laws. The technology will lag until they start arresting the CEOs of some large ISPs and throwing them in jail for "contributing to the distribution of child pr0n". Then all of a sudden they will all start to filter your internet for you (for your protection, of course).
A lot of what I know about Bertelsmann has been documented in several magazines in Europe. The one I can think of is a 20+ page article in the French "L'Express" (a slightly left leaning right wing weekly that prides itself on long researched articles with plenty of detail and facts) [as I write this, I realise they are owned by Hachette, a direct competitor in both print and internet].
They are also punted about by the conspiracy theorists, who study any connection with Bavaria and powerful groups based there. Tends to generate a lot of material, most of which I discount.
I also know of them since they are a competitor in the internet world, especially picking up consulting jobs advising large scale communication projects, which is where I make all my money. So I tend to read what I can about them. They are considered "conservative" by my Bavarian friends, who I consider to be the most conservative people I know. Their views on "self-censorship" are widely known in Bavaria, and stir up old memories and a lot of discussion. They also employ more people there than BMW and the beer industry combined.
the AC
[As I read back over what I've posted, I'm beginning to get the idea I should go find my flame retardant undies, or perhaps not read/. for a day:-) ]
Hold on. This story covers some of the early codebreakers using the German "double dice" method of encryption, which was not the Nazi inspired Enigma machine. But this article gets the facts right on the listening post at Uzes, which was set up to intercept certain local radio messages still using double dice, since the enigma machines were too valuable for every Nazi unit in the field to have one. The old-time commanders in the field just kept using what they knew from the 1920s.
The real Polish involvement in Enigma started in 1936, when the Nazis were using forced labor in a factory southeast of Berlin to manufacture the wheels and typewriter keyboards. There was heavy security which piqued the interest of the Polish secret service, and there just happened to be several germans of Polish descent working in the factory (the border between Germany and Poland moved many times over the last few centuries). Those workers were considered to be good germans by the Nazis, since they never spoke a word of Polish which would have led to their execution.
The Polish secret police played on the loyalty to the Polish cause with some of the workers, and they basically sketched out every piece of the enigma machine. The only part missing was the actual wiring of the wheels, which was done in another secret plant (not stupid, these crypto people). With the invasion in 1938, the Polish security services fled to other parts of Europe to escape the special Gestapo teams sent to hunt them down. There were 3 teams sent out with their copies of the plans of Enigma, one group piloted a ship from near Gdansk to Scotland, where they were captured and held as Nazi spies. Eventually the Brits figured out they were Poles, and got the plans to Bletchley Park. [I got the story of the escape first hand from one of the participants. He didn't know at the time what was so important, his group of resistance fighters were assigned to get a handful of people to England "at all costs". There were also some members of the royal family and a government minister, and their safety was considered "secondary". Basically they stole a fishing boat, traveled at night, hid the boat in swedish/norwegian coves each day, and eventually made north Scotland. Later they were all moved to Canada, and after the war he settled in Ireland.]
Once Turing and company were able to see exactly how the system physically worked, they went back and found a few test transmissions some poor fool in the field sent to his buddy. Those copies of the plain text and the crypto text (plus several attempts of sending the starting wheel positions in the clear) enabled them to figure out the wiring.
Colossus was built to figure out the starting wheel positions, since it changed each day based on either a OTP or other pre-arranged sequence. Each pair or group of Enigma stations maintained their own keys and key distribution scheme.
Thats the Polish story as it relates to Enigma. They didn't break it, but they certainly knew the value of it. Bletchley couldn't have broken it without the physical plans.
Various things in Michael and Jamie's well written article need some clarification for our American audience.
Anonymity. This is one of my regular problems working in Europe. France has codified into law outlawing all anonymity, and has even criminalized attempting to hide your identity from any governmental organisation. This is one of the remnants of the Vichy government, and was kept by the domestic surveillance DST and SCSSI services. Other countries with a history of terrorist acts on their soil have also outlawed anonymity (England and Germany), but Italy and Norway allow it.
Bertelsmann. The European Commission (DG13) created a budget of 10 Million Euros to study "the threat to national laws by the internet, and methods to enforce national laws within European borders" (paraphrased from memory). Bertelsmann picked up the entire E10million (no euro symbol in ISO8859, yet) through their contacts with an "old boys network" controlling DG XIII [*disclaimer*, this could be sour grapes, I helped a client bid on the project, and there were 12 shortlisted big companies all locked out]. They have created a draft proposal designed to protect all their interests as the largest publisher in Europe, as well as a major shareholder in dozens of ISPs including AOL. Bertelsmann also controls several of the largest publishing houses in the U.S., and is the largest single owner of copyright material in the U.S.
If other posters start using inflammatory terms like "Hitler", "Nazism", and "Censorship", it could be justified in this slashdot thread.
Bertelsmann made its fortune during the Nazi's rise to power in the 1930s, as the publisher of the Nazi manifests. They gained the favor of the Nazi party by being the first publisher to openly embrace "self-censorship" when the Nazi party wasn't yet powerful enough to create laws. They purged their entire publishing line of questionable materials (what we might call free-thinking), then taunted other publishing houses to do the same.
When the Nazis came to power, all the publishers defending "free press" or "freedom of speech" were put out of business, and their facilities were given to Bertelsmann. This gave Bertelsmann 90% of the publishing market during the war.
After WWII, the Bertelsmann empire came through mostly intact, and used Marshall plan reconstruction funds to rebuild its antiquated facilities into a modern (for the 1950s) business. There was only a few prosecutions of Bertelsmann upper management for war crimes (but only in conjunction for military activities), and Bertelsmann became a major haven for ex-Nazis looking for a new life after the war.
Back to the problem at hand.
There is a realisation that the internet can route around most problems related to network connectivity. But by crafting restrictive laws tied into the licensing of tier 1 & 2 internet carriers (all in europe are considered telcos, and licensed accordingly), then effective censorship can be imposed. There are a few technical work arounds, but for every hackish proposal of IPSec tunnels, there is an easier government response of pressure on the license holders.
So, all you slashdotters should be afraid, if you want to continue to have free (as in liberty) and unlimited access to the internet. Once the EU gets a handful of workable laws on the books, the U.S. and Australia will follow suit. I would also expect every militaristic/fascist/religious government to take notice as well.
Expect within 10-15 years you will look back on the '90s as the golden years before the big evil governments woke up and took back control. Not only do we have to fight this at the law making level, we also have to create bigger and better protocols and workarounds to make it impossible for tier 1 & 2 providers to filter content.
I was in the U.S. a few years ago stuck in my hotel room with the usual assortment of boring cable channels. I was zapping around and found a presentation to congress by some crypto expert about the breaking of the enigma cypher, and why it was necessary to keep all crypto out of enemy hands. It covered it all, including the role of the Polish inteligence agency, and the fact that they all spent the rest of the war in Canada in a special POW camp after giving the Brits a crude copy of the enigma machine.
The most frustrating part was that the camera work was obviously directed to not show any of his notes flashing up on the board behind him. There were a few glances from other cameras showing the inner workings of an enigma machine, as well as the math used to find the initial wheel position. The talk was absolutely interesting, since it was un-edited, but I was dying to see the slides as well. I had to leave before the talk was over (it ran at least 2 hours).
If anybody can find a tape of that lecture, it was pretty interesting. I remember that they never announced the name of the speaker during the whole show, but they were showing the name of the sub-commitee.
There was also a bit about why crypto is good for the U.S. spy agencies, and why it is bad for everyone else. The usual tripe discussed to death on slashdot, and this guy was even squirming talking about it. Just his job on the line, I guess.
the AC
Debian scrapes at old wound, might get some action
on
How Free is BIND 8.2?
·
· Score: 4
When RSA asked if their code could become the de-facto standard for protecting AXFR and IXFR transfers in Bind 8, they were told they would have to offer up a completely free version with "no restrictions whatsoever", including export restrictions from the U.S. and no EULAs or patent/copyright problems. See comp.protocols.domains.* in dejanews for a long history of the discussion.
There was a lot of talk at the time about whether the RSA code was truly free. General opinion was that it was not, but people have been using the code and just shrugging it off. Others preferred PGP or similar variations, but the strong crypto meant the ISC couldn't make the source available for free anonymous download. But the majority of voices wanted only one standard, since this stuff is pretty complex and having to support PGP/RSA/BlowFish/Joe'sXORhack would have been a nightmare.
Now I expect some clients to start asking me about this, since I tend to put the latest Bind in every project I build. Seems that every client site I've been on, the techies all start reading slashdot:-) and following the issues.
I mentioned this sometime earlier on slashdot, the U.S. and Russia have an exchange program for defence analysts to keep an eye on each others silos and command centres.
During the mini-revolution that almost unseated Gorbachev, the russian missile command centre opened all the doors on the silos so the CIA (actually the NRO) could peer into them with the spy satellites and confirm that rogue forces hadn't taken over the government and ordered a launch. They even grabbed a CIA analyst from the moscow embassy and flew him to one of the military bases so he could report back on what was going on. It kept the U.S. in a "peaceful posture".
There were some small announcements in defence magazines more than a year ago that both sides would be monitoring each other, and were working to get the chinese involved as well. Now they also have to worry about India and Pakistan, although only India has orbital technology and isn't currently pissed at anyone other than neighbor Pakistan.
But its nice to see a splashy PR piece to calm Y2K fears.
This was an ongoing saga, first published by some famed media hackers, then confirmed by a handful of groups, then denied, exposed as a hoax, then confirmed again.
If you read Need To Know now, you can track this saga as it pops its head up in various magazines at various times. Typical internet bizarness familiar to slashdotters, where a good story gets repeated by legitimate news outlets with no fact checking. I still haven't made up my mind on this one:-)
There are a few companies out there with X10 style interfaces for networks. Usually the bandwidth is under 1 Mbps.
There was a company with a claim of exobit speeds a while back, and was completely shredded by the slashdot community. It was either a hoax or rogue marketing droid.
The new bluetooth wireless lans and Apple's AirPort are going to be a cheap commodity product soon enough, the way ethernet has sort of become the defacto standard at the moment.
These are one component of the new Secure Electronic Transaction group of protocols to protect financial details while transiting electronic communications facilities. It specs everything starting at the main credit mainframes out to banks, regional centers, and finally out to doing authentication/verification of individual retailer's POS registers. It is so complicated and assembled by a commitee of hostile interests it makes the whole TCP/IP suite look like childs play. People are making entire careers specialising in SET integration (second only to SAP/PeopleSoft programmers in europe for excessive salaries, ~350K GBP/year for one year's experience, ~500K for a project lead)
Similar chip cards have been used widely in Europe for years, and the French, Belgian, and German banking systems use them almost exclusively. In Holland they have an NVRAM/crypto function and you can load the card with some credit and use it at merchants without having to verify every transaction.
The chip (in the french Carte Bleu system) is an 8-bit processor with enough power to provide a challenge-handshake for a secret shared key, and the agreed upon result is used to encypher the additional details of the card. The machine reading the card then uses that coupled with the PIN the user types in to further encypher the communications back to a regional control center, providing a second level of authentication. The crypto used is not difficult to crack or spoof, but just by raising the bar a little has dramatically reduced fraud from the old system which was just like the american system of today.
I'm glad to see Amex doing this. I think they announced this system about 2 years ago, and its been an oft delayed vapor promise since.
If you read the small print on the bottom of the page, they guarantee you against all fraud when you use this system. There isn't even a $50 deductible for each fraud. That in itself is pretty amazing.
Its obvious this is only for win95/98/NT4, since there is some software you have to load on your computer which is always running and will ask for your PIN when you insert the card. And the software somehow stores some "electronic cash" in your "wallet" on your system, and only uses the card and PIN to unlock it.
Hmmm, I have an idea that anyone smart enough to crack the system is not stupid enough to bring the wrath of the law on their heads by actually spoofing a transaction (unless it was their own). But I can see a day soon when someone releases a script-kiddie and howto package and suddenly the system gets taken offline for a few months of "maintenance" after a passing lightning storm:-)
But if it increases security even a little bit, then its a good thing. I just hope slashdotters remember there is no such thing as perfect security, just continuing improvements.
All this guy has done is built a simple pulsed DC Tesla coil using some sort of vibrator and a huge step-up transformer. Lots of people have done that, its nothing new.
He'd have to have at least three stages of RLC circuits to get an efficient power coupling into the antenna and then radiated off into the ether (maybe he has, it doesn't show in the photo). Yes, it can be done by winding your own coils, and buying an old 20kV capacitor from an electric company auction or scrap dealer. Then you would have a very effective disruptor of unprotected electronics (but not likely to cause permanent damage except with a proximity of a few inches). Making it highly directional is left as an exercise for the student;-)
Years ago I helped tune a HUGE multi-stage step up system to duplicate the experiments of Nikola Tesla (sending spark gap morse code). This guy had built it into his garage, and had collected huge old power supplies from an old AM radio station to power it. We tested it briefly for a few seconds each evening. Whenever we worked on it, one of his cooler neighbors came over to play with it as well. Seems that every time it was switched on, all radio and cable TV reception in the area was overpowered. Fluorescent lights glowed up to 30 feet away, and nearby computers would crash.
For a few months there were cable TV trucks patrolling his neighborhood with all kinds of detecting/directional antennas looking for the source of the HERF (he kept it off most of the time), eventually they posted reward notices on phone poles in the area. He dismantled his whole setup and moved it that day (his house has never been cleaner:-). Cops came around the next day with a search warrant, didn't find anything and left. Now he only does his experiments in an old barn in the middle of nowhere, with no electical lines nearby. Any cars driving near the place stall and the CD player will skip, and he advises leaving all credit cards and watches somewhere else when visiting. I think some day he will actually discover zero-point energy or tap into the earth's natural resonance of 12Hz.
I cringe when I think of how this idea will be mutilated by the movie industry. A HERF gun that looks like an M16 or a.45 caliber pistol and shoots star-wars-like bolts of light, or the death ray in "Revenge of the Pink Panther", or the size of a packet of cigarets with some big LED numbers counting down with an audible click.
I like your theory. Hopefully it will get moderated up a few points (hint!)
Here is my theory, which goes along with yours:
There is a small team of M$ programmers who take pride in the code they are crafting, and have worked hard to create a working Crypto API. At some point, the NSA sends around their "pressure tactics" team to influence how crypto modules get signed. These guys are good, without a doubt they have been trained in psychology and have rehearsed and play-acted the scenario many times and are now *VERY* effective at persuasion.
M$ management crumbles like a bunch of spineless wimps, giving in to every demand of the NSA, and then order the crypto team to implement a second key for the NSA, in effect nominating a second "root" CSP. You need to have a dual root system to do effective Revocation Lists, but it is not necessary.
So the programmers implement the second key, but chafe at being forced to do a weak crypto implementation. So they make sure the second root key can be replaced without breaking their crypto API, although replacing the M$ root key will cause a failure. They even give the variable the name _NSAKEY so others who maintain the code know what shit is going on.
Then someone in the software build group who pulls together all the source code from each project and does the compiles, forgets to strip symbols and the _NSAKEY symbol is left in the code.
Now the world knows it can rip out the second root key, and let windows fail the check with the first root and failover to the second. Now you can set up any strong crypto system yourself, but this is probably most useful for foreign banks and governments who can afford an expert to set up and test the system before rolling it out.
And the word gets out a little louder than before: U.S. crypto laws are there to make the NSAs job easier, not to protect american citizens or e-commerce or privacy or anything else.
But the best quote today from anonymous (finkPloyd) coward is: Let's face it, if you are depending on Windows for security, you have more problems than the NSA:)
There has been quiet reports that Carin auto navigation units have been affected by the 1024 week rollover bug. The only problem is that the initial acquisition of visible satellites has gone from the normal 20-40 seconds to a period of 5-10 minutes. This means people are driving around for a while entirely on inertial guidance.
The technical explanation had something to do with pre-calculating positions based on an almanac of known positions based on picking up the intial time signal from the strongest satellite. If you know which week & day & minute etc, you can make a quick pre-calc of where some satellites are supposed to be, saving you a bunch of time sorting out the signals. But the Carin's have the 1024 bug and the cheap-o GPS receiver eventually times out on the pre-calc and does a full calc of the positions.
A friend reports this as extremely annoying but still usable. He says when he complained his car dealership has asked him to come by for a free retrofit of the main unit in about 8 weeks, since they have been asked to replace all their installed units but to start with people complaining. I think these are made by Phillips in the netherlands or germany, so I don't know if any are in the U.S.
the AC [obOnTopic: no, I haven't seen any 9/9/99 bugs today, but I'm about to get on an airplane in a blind show of faith:-) ]
Did anyone notice that the Mir station actually flew over Paris just before the eclipse hit northern france?
Just as Paco Rabanne claimed in his book on Nostradamus. Of course, nothing has happened, but I was actually slightly freaked out when I heard radio amateurs (HAMs) in france trying to contact the Mir 90 minutes before the eclipse. The Mir orbits the earth about once every 90 minutes, and its next pass put it near Paris just as the eclipse hit the west coast of France. Freaky!
Slashdot Mirror
Go read some back issues of www.ntk.net to know more about the most outrageous cyber-journalist in the UK, Jon Ungoed-Thomas. This story is pure fantasy, as are most of his stories. He is a scare-monger of the worst kind.
:-)
Many times he has been caught sending out emails from his work account, pretending to be a female eco-terrorist. Then he started using hotmail but filled out the registration form with his own name, and it was sent with the emails. He is astoundingly stupid and clueless.
Now, there may have been some extortion attempts against banks recently by script-kiddies. During the Secondary DNS Con, civic minded hackers announced that the Scottish National Party's web site had no security. They then gave the web masters 2 weeks to fix it (the idiots applied a single M$ patch), then cracked the system and defaced the home page with some very funny stuff. Obviously the hack was long in the making.
Since then, there has been a lot of poking around websites all over the place in the UK, and since most of the security holes are application based, adding firewalls doesn't do much good.
I expect some script-kiddies sent an email to a web master at a major bank, demanding money or "the web site gets it". Mr double-plus-Ungoed has managed to fabricate a huge threat out of that with his tabloid trash writing.
Bank security for transactions doesn't go through web sites, despite what clueless wanna-be hackers would love to think. Any real cyber-threat to banks is well funded by organized crime, and the hacks are months in the execution. The payoff can be huge, and usually requires inside knowledge. Mr Ungoed can't even figure out hotmail
the AC
This is an excellent post. Read this again
people are confusing a Professional Engineering license with some other sort of "professional" certification
Ignore all the comments in this thread concerning MCSE or CNE. The E in all those professional certifications stands for EXPERT, not ENGINEER. It is illegal in most places (the U.S., England, Ireland, France, Belgium) to use the term engineer if you do not have a license from the state run board controlling the term.
When Novell started their CNE program back in 1984, they used the term Certified Novell Engineer. Some idiots managed to pass the Novell exam with no knowledge of computers or engineering, and got themselves sued in a California court. They tried to use their CNE pieces of paper to get them out of it, and ended up getting slapped with a US$10K fine by the court. Right after that, Novell changed the wording to Expert, and any CNI who teaches a CNE course is supposed to say repeatedly that the CNE is not an engineering certificate, and is never to be represented as one. The same goes for Cisco and their CCIE (which I consider to be the best).
I'm a Chartered Engineer (UK and Ireland equivalent of a PE), and occasionally I have to sign off the electrical parts of a communications project. As the only EE with a radio comms and networking background on many projects, I get to charge whatever I want for my review and signature.
Since the CE license requires me to act responsibly, I actually do review the engineering aspects of a project before I sign, since its my ass on the line if anything goes wrong. I charge GBP15,000 for a review, and have only done 6 since I got my C.E. 10 years ago. They were all public communication projects for either voice or data comms.
So take your EIT test, and if your career takes you in that direction, you are covered. If you end up as a code jockey, then you will be making as much as a PE and that scrap of paper is just a nice feeling that you accomplished something. Its good to have insurance now, than tear your hair out years down the road.
the AC
I'm pretty sure the large majority of the population don't have an opinion, since they don't all buy computers on a regular basis.
The analogy of buying a car without an engine is wrong. I would consider the CPU to be the engine, and the OS to be petrol.
In M$ case, you are being forced to buy a 5 year supply of petrol from only one supplier at a fixed price way above the price of petrol at other suppliers. If you don't want to buy the petrol, don't buy the car, is their rationale. Sure, you can buy the car, and then put any other petrol into it, and it will run, but you still have to pay for theirs even if you don't use it.
Thats a better analogy, but I think reducing a complex problem to an analogy doesn't work very well.
the AC
Arrgh. This brings back too many bad memories.
Remember the story I posted last week about a neighbor who was in the Polish resistance, and helped some of the Polish Intelligence agents smuggle the Enigma plans to England. His wife has a tatoo on her arm, and she had no problems re-telling what life was like in a concentration camp.
I have a feeling this guy will soon be the target of a lot of people with some very bad memories of tatoos. I wouldn't want to be the guy who sold him life insurance.
the AC
Ouch. Poor micro~1. They have the "La Service de la Répression des Frauds" unleashed on them. In the international tax-dodging world, these guys are known as the pitbulls. If you ever try to claim you work for a company in the British Virgin Islands, or any other tax haven, you can be sure your dossier will end up on their desk. Then you can be sure of paying up or going to jail.
The SRF is known for creating teams of elite investigators to research the toughest white collar criminal cases in France. They are well funded, probably they have a budget bigger than the tax revenue they recover (but they make up for it by scaring all the little fry into being more honest).
M$ was put on notice last year of a preliminary investigation. That is two steps away from being charged with a crime. Today the morning radio had lots of commentary on this, with speculation that criminal charges would not be far behind. Fraud cases don't get this far without solid evidence and a guaranteed win in the courts.
The one nice/scary thing about France is that corporations don't shield individuals from criminal charges. If this case is won by the government, they will probably request prison sentences for the senior M$ employees who signed the contracts with the PC distributors in France. I would expect 5 to 7 people to get ~1 year sentences, and another 20 to 50 to get suspended (avec surcis, similar to american parole) sentences.
Watch this one carefully, the EC in Brussels (whom we all love to hate), is watching as well. Talk is that if the EC moves against M$ after a French win, you will not be able to buy windoze along with your computer, it will have to be purchased separately and installed by the user. This is where cool looking installation scripts like Caldera/TrollTech will help Linux get used by the masses.
the AC
I think the Clinton administration is just throwing the dog a bone on this one. They have eased up only slightly on large companies with existing export agreements on crypto previously approved for export. In the future, a company will have to go through an export review only once before being allowed to ship crypto inside of another product. There is clearly no mention of freeware or OSS products in these press releases.
What this bill does not cover includes sales to any foreign government, military, or ISP. Those will still require a case-by-case review. Only products that meet the requirements for law-enforcement intercept will get this one time approval, so key-escrow and door-bell systems will quickly get the green light, others will have to slog through a years long process. They will still criminalize exports to "terrorist" countries, such as Cuba, but allow it to friendly nations like Columbia.
Nobody gets to see the wording of this new policy until December, so it is hard to tell why Hamre and Reno are smiling at this announcement. I have a feeling there is nothing new here except a minor improvement for big companies in return for a drop-in-the-bucket US$80million for a dedicated cryptanalysis team for the FBI. Its just a PR move.
For another slightly pessimistic view, go read this San Jose Merc article. Given the track record of the administration, I really don't think they've suddenly given up the fight and want strong crypto everywhere.
the AC
It wasn't engima that was solved by Marian Rejewski, it was a number of other military cyphers used during the 1920s and 30s. He was a brilliant man. He later was stationed in France to help de-cypher intercepted low power radio comms between low level military units. They used a number of older cypher techniques, since they already knew them and not every unit had an Enigma (only units with a protection group were allowed to have them, and they were destroyed whenever there was the chance of the allies capturing them, only 4 were captured before the end of the war).
The enigma machines were rare at the beginning of the war, used for only the most important traffic. By 1943 there were about 25,000 of them spread among units all over the place.
The Polish intelligence service was able to completely reconstruct an entire working Enigma down to the last detail, all except for the wiring of the wheels which was done in a more secure location before final assembly. They realised how important it was going to be to the allies, and managed to smuggle the plans to the French and the Brits. France, unfortunately, fell the next year.
The team at Bletchley applied some good crypto (they kept copies of every intercepted transmission from about 1937 onwards) and discovered the wiring of the wheels.
If it weren't for the Poles, Turing and his group wouldn't have broken the code until one of the machines was captured from a sub in 1942. They did a lot of other stuff with the allies as well, but thats a history lesson and not a slashdot topic.
the AC
Now nerds are afflicted with a shadow symptom.
:-)
So quick, discover a cure. The human race doesn't need amazing discoveries, inventions, leaps of science, breakthough advances in medicine
Take that with a gallon of sarcasm.
But its nice to see someone start to look at geek and nerd habits as possibly a heriditary function, which may make us deviate from the non-existant human norm. But I think most of us wouldn't trade out geek abilities for a nice normal life. We prefer the admiration of our fellow geeks for a well crafted hack as opposed to the minor platitudes for behaving well in public.
the AC
Hi Nitrozac,
Which of the current geek-cult heroes that you draw into your strip have you met in person? Did they know at the time you were Nitrozac? Did you take their picture or just find the photos on the web?
Is Relic or Dude based on anyone you know?
Will the aliens ever reveal themselves to you, and will you press charges or just giggle?
How long in advance do you draw your strip, and how long does it take to complete each one?
What is your day job like?
There, one of those should make it.
the AC
Actually, I'm going to concede the "Datenschutz" part to you, since I've already gotten some emails that Germany has good privacy laws.
I base my anonymity guidelines on whether I can buy a pre-paid telephone for cash and walk out the store without once ever giving my name. You can't do that in France or England, but you can do it in all the Nordic countries. I tried to get a pre-paid phone in Germany, and was told I could only buy one with proof of residence and a recent telephone bill. I was told by the salesman they send all that information to a collection center, so the police know who has bought which phones, and if the phone is used in a crime they know who bought it.
My German co-workers here are also following the Bertelsmann expansion into the internet, since it is getting quite agressive. But I base my criticisms of them on reports in the print media documenting where the ex-SS and other convicted war criminals ended up after serving their prison sentences. Bertelsmann was at the top of the list, although I suppose you could chalk that up to a company with a good civic conscience.
I belive what Bertelsmann is trying to do goes beyond trying to squeeze more money out of the market. The tactics used are strikingly similar to the arguments used when the SS was set up to enforce a strict moral code wherever the Nazis ruled. They had their own judicial branch, and documented many of their prosecutions of people for "thought crimes" and "anti-aryan attitudes". There is a strong outcry here on slashdot, and hopefully there will be a similar outrage in the real world press to stop this before it gets turned into law. But this time they are using the panic buttons of "protecting the children" instead of "eugenics".
the AC
So long as I have the individual option of receiving unfiltered data
You have to go and read some of the proposals. They are aimed squarely at NOT allowing any individual the option of unfiltered data.
All the data flowing around the tier 1 and tier 2 data carriers will be filtered based on content rating. Unrated content, or content from a site on a blacklist for mis-rating, will be dropped before it gets to any ISP customer.
This will force all web site and other content sources to provide content tags in thier data flows, outside of any encryption or proprietary format. This proposal looks to the Internet Standards and Open Source models to provide an idea of how to implement censorship. Just like every web page has HTML tags in it, and IP packets have a destination and source address and packet type, they want every packet processed have a "content rating" tag. That tag will have to be present in order for a router to process it, just like every packet hitting a router today has a specific format.
The timescale proposed by the EC is a bit optimistic, but that is just a timescale to implement some laws. The technology will lag until they start arresting the CEOs of some large ISPs and throwing them in jail for "contributing to the distribution of child pr0n". Then all of a sudden they will all start to filter your internet for you (for your protection, of course).
the AC
A lot of what I know about Bertelsmann has been documented in several magazines in Europe. The one I can think of is a 20+ page article in the French "L'Express" (a slightly left leaning right wing weekly that prides itself on long researched articles with plenty of detail and facts) [as I write this, I realise they are owned by Hachette, a direct competitor in both print and internet].
/. for a day :-) ]
They are also punted about by the conspiracy theorists, who study any connection with Bavaria and powerful groups based there. Tends to generate a lot of material, most of which I discount.
I also know of them since they are a competitor in the internet world, especially picking up consulting jobs advising large scale communication projects, which is where I make all my money. So I tend to read what I can about them. They are considered "conservative" by my Bavarian friends, who I consider to be the most conservative people I know. Their views on "self-censorship" are widely known in Bavaria, and stir up old memories and a lot of discussion. They also employ more people there than BMW and the beer industry combined.
the AC
[As I read back over what I've posted, I'm beginning to get the idea I should go find my flame retardant undies, or perhaps not read
Hold on. This story covers some of the early codebreakers using the German "double dice" method of encryption, which was not the Nazi inspired Enigma machine. But this article gets the facts right on the listening post at Uzes, which was set up to intercept certain local radio messages still using double dice, since the enigma machines were too valuable for every Nazi unit in the field to have one. The old-time commanders in the field just kept using what they knew from the 1920s.
The real Polish involvement in Enigma started in 1936, when the Nazis were using forced labor in a factory southeast of Berlin to manufacture the wheels and typewriter keyboards. There was heavy security which piqued the interest of the Polish secret service, and there just happened to be several germans of Polish descent working in the factory (the border between Germany and Poland moved many times over the last few centuries). Those workers were considered to be good germans by the Nazis, since they never spoke a word of Polish which would have led to their execution.
The Polish secret police played on the loyalty to the Polish cause with some of the workers, and they basically sketched out every piece of the enigma machine. The only part missing was the actual wiring of the wheels, which was done in another secret plant (not stupid, these crypto people). With the invasion in 1938, the Polish security services fled to other parts of Europe to escape the special Gestapo teams sent to hunt them down. There were 3 teams sent out with their copies of the plans of Enigma, one group piloted a ship from near Gdansk to Scotland, where they were captured and held as Nazi spies. Eventually the Brits figured out they were Poles, and got the plans to Bletchley Park. [I got the story of the escape first hand from one of the participants. He didn't know at the time what was so important, his group of resistance fighters were assigned to get a handful of people to England "at all costs". There were also some members of the royal family and a government minister, and their safety was considered "secondary". Basically they stole a fishing boat, traveled at night, hid the boat in swedish/norwegian coves each day, and eventually made north Scotland. Later they were all moved to Canada, and after the war he settled in Ireland.]
Once Turing and company were able to see exactly how the system physically worked, they went back and found a few test transmissions some poor fool in the field sent to his buddy. Those copies of the plain text and the crypto text (plus several attempts of sending the starting wheel positions in the clear) enabled them to figure out the wiring.
Colossus was built to figure out the starting wheel positions, since it changed each day based on either a OTP or other pre-arranged sequence. Each pair or group of Enigma stations maintained their own keys and key distribution scheme.
Thats the Polish story as it relates to Enigma. They didn't break it, but they certainly knew the value of it. Bletchley couldn't have broken it without the physical plans.
the AC
Various things in Michael and Jamie's well written article need some clarification for our American audience.
Anonymity. This is one of my regular problems working in Europe. France has codified into law outlawing all anonymity, and has even criminalized attempting to hide your identity from any governmental organisation. This is one of the remnants of the Vichy government, and was kept by the domestic surveillance DST and SCSSI services. Other countries with a history of terrorist acts on their soil have also outlawed anonymity (England and Germany), but Italy and Norway allow it.
Bertelsmann. The European Commission (DG13) created a budget of 10 Million Euros to study "the threat to national laws by the internet, and methods to enforce national laws within European borders" (paraphrased from memory). Bertelsmann picked up the entire E10million (no euro symbol in ISO8859, yet) through their contacts with an "old boys network" controlling DG XIII [*disclaimer*, this could be sour grapes, I helped a client bid on the project, and there were 12 shortlisted big companies all locked out]. They have created a draft proposal designed to protect all their interests as the largest publisher in Europe, as well as a major shareholder in dozens of ISPs including AOL. Bertelsmann also controls several of the largest publishing houses in the U.S., and is the largest single owner of copyright material in the U.S.
If other posters start using inflammatory terms like "Hitler", "Nazism", and "Censorship", it could be justified in this slashdot thread.
Bertelsmann made its fortune during the Nazi's rise to power in the 1930s, as the publisher of the Nazi manifests. They gained the favor of the Nazi party by being the first publisher to openly embrace "self-censorship" when the Nazi party wasn't yet powerful enough to create laws. They purged their entire publishing line of questionable materials (what we might call free-thinking), then taunted other publishing houses to do the same.
When the Nazis came to power, all the publishers defending "free press" or "freedom of speech" were put out of business, and their facilities were given to Bertelsmann. This gave Bertelsmann 90% of the publishing market during the war.
After WWII, the Bertelsmann empire came through mostly intact, and used Marshall plan reconstruction funds to rebuild its antiquated facilities into a modern (for the 1950s) business. There was only a few prosecutions of Bertelsmann upper management for war crimes (but only in conjunction for military activities), and Bertelsmann became a major haven for ex-Nazis looking for a new life after the war.
Back to the problem at hand.
There is a realisation that the internet can route around most problems related to network connectivity. But by crafting restrictive laws tied into the licensing of tier 1 & 2 internet carriers (all in europe are considered telcos, and licensed accordingly), then effective censorship can be imposed. There are a few technical work arounds, but for every hackish proposal of IPSec tunnels, there is an easier government response of pressure on the license holders.
So, all you slashdotters should be afraid, if you want to continue to have free (as in liberty) and unlimited access to the internet. Once the EU gets a handful of workable laws on the books, the U.S. and Australia will follow suit. I would also expect every militaristic/fascist/religious government to take notice as well.
Expect within 10-15 years you will look back on the '90s as the golden years before the big evil governments woke up and took back control. Not only do we have to fight this at the law making level, we also have to create bigger and better protocols and workarounds to make it impossible for tier 1 & 2 providers to filter content.
Ok, go back to sleep now.
the AC
I was in the U.S. a few years ago stuck in my hotel room with the usual assortment of boring cable channels. I was zapping around and found a presentation to congress by some crypto expert about the breaking of the enigma cypher, and why it was necessary to keep all crypto out of enemy hands. It covered it all, including the role of the Polish inteligence agency, and the fact that they all spent the rest of the war in Canada in a special POW camp after giving the Brits a crude copy of the enigma machine.
The most frustrating part was that the camera work was obviously directed to not show any of his notes flashing up on the board behind him. There were a few glances from other cameras showing the inner workings of an enigma machine, as well as the math used to find the initial wheel position. The talk was absolutely interesting, since it was un-edited, but I was dying to see the slides as well. I had to leave before the talk was over (it ran at least 2 hours).
If anybody can find a tape of that lecture, it was pretty interesting. I remember that they never announced the name of the speaker during the whole show, but they were showing the name of the sub-commitee.
There was also a bit about why crypto is good for the U.S. spy agencies, and why it is bad for everyone else. The usual tripe discussed to death on slashdot, and this guy was even squirming talking about it. Just his job on the line, I guess.
the AC
When RSA asked if their code could become the de-facto standard for protecting AXFR and IXFR transfers in Bind 8, they were told they would have to offer up a completely free version with "no restrictions whatsoever", including export restrictions from the U.S. and no EULAs or patent/copyright problems. See comp.protocols.domains.* in dejanews for a long history of the discussion.
:-) and following the issues.
There was a lot of talk at the time about whether the RSA code was truly free. General opinion was that it was not, but people have been using the code and just shrugging it off. Others preferred PGP or similar variations, but the strong crypto meant the ISC couldn't make the source available for free anonymous download. But the majority of voices wanted only one standard, since this stuff is pretty complex and having to support PGP/RSA/BlowFish/Joe'sXORhack would have been a nightmare.
Now I expect some clients to start asking me about this, since I tend to put the latest Bind in every project I build. Seems that every client site I've been on, the techies all start reading slashdot
the AC
I mentioned this sometime earlier on slashdot, the U.S. and Russia have an exchange program for defence analysts to keep an eye on each others silos and command centres.
During the mini-revolution that almost unseated Gorbachev, the russian missile command centre opened all the doors on the silos so the CIA (actually the NRO) could peer into them with the spy satellites and confirm that rogue forces hadn't taken over the government and ordered a launch. They even grabbed a CIA analyst from the moscow embassy and flew him to one of the military bases so he could report back on what was going on. It kept the U.S. in a "peaceful posture".
There were some small announcements in defence magazines more than a year ago that both sides would be monitoring each other, and were working to get the chinese involved as well. Now they also have to worry about India and Pakistan, although only India has orbital technology and isn't currently pissed at anyone other than neighbor Pakistan.
But its nice to see a splashy PR piece to calm Y2K fears.
the AC
Nuff said. Then I can keep an eye on the topics, and jump in when it looks good.
the AC
This was an ongoing saga, first published by some famed media hackers, then confirmed by a handful of groups, then denied, exposed as a hoax, then confirmed again.
:-)
0 515.txt
If you read Need To Know now, you can track this saga as it pops its head up in various magazines at various times. Typical internet bizarness familiar to slashdotters, where a good story gets repeated by legitimate news outlets with no fact checking. I still haven't made up my mind on this one
http://www.ntk.net/index.cgi?back=archive98/now
the AC
There are a few companies out there with X10 style interfaces for networks. Usually the bandwidth is under 1 Mbps.
There was a company with a claim of exobit speeds a while back, and was completely shredded by the slashdot community. It was either a hoax or rogue marketing droid.
The new bluetooth wireless lans and Apple's AirPort are going to be a cheap commodity product soon enough, the way ethernet has sort of become the defacto standard at the moment.
the AC
These are one component of the new Secure Electronic Transaction group of protocols to protect financial details while transiting electronic communications facilities. It specs everything starting at the main credit mainframes out to banks, regional centers, and finally out to doing authentication/verification of individual retailer's POS registers. It is so complicated and assembled by a commitee of hostile interests it makes the whole TCP/IP suite look like childs play. People are making entire careers specialising in SET integration (second only to SAP/PeopleSoft programmers in europe for excessive salaries, ~350K GBP/year for one year's experience, ~500K for a project lead)
:-)
Similar chip cards have been used widely in Europe for years, and the French, Belgian, and German banking systems use them almost exclusively. In Holland they have an NVRAM/crypto function and you can load the card with some credit and use it at merchants without having to verify every transaction.
The chip (in the french Carte Bleu system) is an 8-bit processor with enough power to provide a challenge-handshake for a secret shared key, and the agreed upon result is used to encypher the additional details of the card. The machine reading the card then uses that coupled with the PIN the user types in to further encypher the communications back to a regional control center, providing a second level of authentication. The crypto used is not difficult to crack or spoof, but just by raising the bar a little has dramatically reduced fraud from the old system which was just like the american system of today.
I'm glad to see Amex doing this. I think they announced this system about 2 years ago, and its been an oft delayed vapor promise since.
If you read the small print on the bottom of the page, they guarantee you against all fraud when you use this system. There isn't even a $50 deductible for each fraud. That in itself is pretty amazing.
Its obvious this is only for win95/98/NT4, since there is some software you have to load on your computer which is always running and will ask for your PIN when you insert the card. And the software somehow stores some "electronic cash" in your "wallet" on your system, and only uses the card and PIN to unlock it.
Hmmm, I have an idea that anyone smart enough to crack the system is not stupid enough to bring the wrath of the law on their heads by actually spoofing a transaction (unless it was their own). But I can see a day soon when someone releases a script-kiddie and howto package and suddenly the system gets taken offline for a few months of "maintenance" after a passing lightning storm
But if it increases security even a little bit, then its a good thing. I just hope slashdotters remember there is no such thing as perfect security, just continuing improvements.
the AC
All this guy has done is built a simple pulsed DC Tesla coil using some sort of vibrator and a huge step-up transformer. Lots of people have done that, its nothing new.
;-)
:-). Cops came around the next day with a search warrant, didn't find anything and left. Now he only does his experiments in an old barn in the middle of nowhere, with no electical lines nearby. Any cars driving near the place stall and the CD player will skip, and he advises leaving all credit cards and watches somewhere else when visiting. I think some day he will actually discover zero-point energy or tap into the earth's natural resonance of 12Hz.
.45 caliber pistol and shoots star-wars-like bolts of light, or the death ray in "Revenge of the Pink Panther", or the size of a packet of cigarets with some big LED numbers counting down with an audible click.
He'd have to have at least three stages of RLC circuits to get an efficient power coupling into the antenna and then radiated off into the ether (maybe he has, it doesn't show in the photo). Yes, it can be done by winding your own coils, and buying an old 20kV capacitor from an electric company auction or scrap dealer. Then you would have a very effective disruptor of unprotected electronics (but not likely to cause permanent damage except with a proximity of a few inches). Making it highly directional is left as an exercise for the student
Years ago I helped tune a HUGE multi-stage step up system to duplicate the experiments of Nikola Tesla (sending spark gap morse code). This guy had built it into his garage, and had collected huge old power supplies from an old AM radio station to power it. We tested it briefly for a few seconds each evening. Whenever we worked on it, one of his cooler neighbors came over to play with it as well. Seems that every time it was switched on, all radio and cable TV reception in the area was overpowered. Fluorescent lights glowed up to 30 feet away, and nearby computers would crash.
For a few months there were cable TV trucks patrolling his neighborhood with all kinds of detecting/directional antennas looking for the source of the HERF (he kept it off most of the time), eventually they posted reward notices on phone poles in the area. He dismantled his whole setup and moved it that day (his house has never been cleaner
I cringe when I think of how this idea will be mutilated by the movie industry. A HERF gun that looks like an M16 or a
the AC
I like your theory. Hopefully it will get moderated up a few points (hint!)
:)
Here is my theory, which goes along with yours:
There is a small team of M$ programmers who take pride in the code they are crafting, and have worked hard to create a working Crypto API. At some point, the NSA sends around their "pressure tactics" team to influence how crypto modules get signed. These guys are good, without a doubt they have been trained in psychology and have rehearsed and play-acted the scenario many times and are now *VERY* effective at persuasion.
M$ management crumbles like a bunch of spineless wimps, giving in to every demand of the NSA, and then order the crypto team to implement a second key for the NSA, in effect nominating a second "root" CSP. You need to have a dual root system to do effective Revocation Lists, but it is not necessary.
So the programmers implement the second key, but chafe at being forced to do a weak crypto implementation. So they make sure the second root key can be replaced without breaking their crypto API, although replacing the M$ root key will cause a failure. They even give the variable the name _NSAKEY so others who maintain the code know what shit is going on.
Then someone in the software build group who pulls together all the source code from each project and does the compiles, forgets to strip symbols and the _NSAKEY symbol is left in the code.
Now the world knows it can rip out the second root key, and let windows fail the check with the first root and failover to the second. Now you can set up any strong crypto system yourself, but this is probably most useful for foreign banks and governments who can afford an expert to set up and test the system before rolling it out.
And the word gets out a little louder than before: U.S. crypto laws are there to make the NSAs job easier, not to protect american citizens or e-commerce or privacy or anything else.
But the best quote today from anonymous (finkPloyd) coward is:
Let's face it, if you are depending on Windows for security, you have more problems than the NSA
the AC
There has been quiet reports that Carin auto navigation units have been affected by the 1024 week rollover bug. The only problem is that the initial acquisition of visible satellites has gone from the normal 20-40 seconds to a period of 5-10 minutes. This means people are driving around for a while entirely on inertial guidance.
:-) ]
The technical explanation had something to do with pre-calculating positions based on an almanac of known positions based on picking up the intial time signal from the strongest satellite. If you know which week & day & minute etc, you can make a quick pre-calc of where some satellites are supposed to be, saving you a bunch of time sorting out the signals. But the Carin's have the 1024 bug and the cheap-o GPS receiver eventually times out on the pre-calc and does a full calc of the positions.
A friend reports this as extremely annoying but still usable. He says when he complained his car dealership has asked him to come by for a free retrofit of the main unit in about 8 weeks, since they have been asked to replace all their installed units but to start with people complaining. I think these are made by Phillips in the netherlands or germany, so I don't know if any are in the U.S.
the AC
[obOnTopic: no, I haven't seen any 9/9/99 bugs today, but I'm about to get on an airplane in a blind show of faith
Did anyone notice that the Mir station actually flew over Paris just before the eclipse hit northern france?
Just as Paco Rabanne claimed in his book on Nostradamus. Of course, nothing has happened, but I was actually slightly freaked out when I heard radio amateurs (HAMs) in france trying to contact the Mir 90 minutes before the eclipse. The Mir orbits the earth about once every 90 minutes, and its next pass put it near Paris just as the eclipse hit the west coast of France. Freaky!
Just a bit of random, off topic rambling from...
the AC