Return-Path: <sentto-279987-2206-1001138091-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Fri, 21 Sep 2001 22:57:11 -0700 (PDT) Received: (qmail 9664 invoked by uid 510); 22 Sep 2001 05:55:20 -0000 Received: from n18.groups.yahoo.com (216.115.96.68) by 204.181.12.215 with SMTP; 22 Sep 2001 05:55:20 -0000 X-eGroups-Return: sentto-279987-2206-1001138091-fc=all.net@returns.onelist.com Received: from [10.1.4.52] by mr.egroups.com with NNFMP; 22 Sep 2001 05:54:51 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_3_2_2); 22 Sep 2001 05:54:51 -0000 Received: (qmail 86557 invoked from network); 22 Sep 2001 05:54:50 -0000 Received: from unknown (10.1.10.142) by m8.onelist.org with QMQP; 22 Sep 2001 05:54:50 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta3 with SMTP; 22 Sep 2001 05:54:50 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id WAA04408 for iwar@onelist.com; Fri, 21 Sep 2001 22:54:50 -0700 Message-Id: <200109220554.WAA04408@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Fri, 21 Sep 2001 22:54:50 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Research.slaps.crypto-banning.Feds] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Research slaps crypto-banning Feds By Andrew Orlowski in San Francisco Posted: 22/09/2001 at 01:03 GMT While America's own fundamentalists - led by US Attorney General John Ashcroft - prepare the most draconian assault on Americans' civil liberties since the second world war, their very own causus beli seems to be vanishing. The enormous increase in surveillance has been justified by claims that terrorists are using cryptography, and in particular steganography: the art of hiding information. USA Toady has run a series of articles on the theme, all predictably quoting 'anonymous' security sources, describing how messages are passed hidden in picture innocuous picture files on sites such as eBay. Or maybe, not so innocuous. The tabloid even managed to score a tasteless bullseye last week with an article that combined pornography, cryptography, terrorism and sport in the same article. For any readers who doubted the message, it was illustrated with a picture of /bin/laden himself. But steganography isn't nearly as widespread a threat as you'd believe. A research paper published a fortnight before the attacks on US civilians and made public this week has discovered no examples of steganographic content on eBay whatsoever. Having exhaustively examined two million images on eBay, not one was found to contain steganographic content, according to academics Niels Provos and Peter Honeyman, who've published the paper at the University of Michigan's website. 15,000 of the two million images were deemed to have some form of steganographically-encrypted content by the JPIIhide program. But after subjecting the images to dictionary attacks, not a single hidden message was discovered. The researchers discuss, and dismiss, the possibility that strong passwords were being used. In short, they conclude, there is no significant use of steganography on the Internet. Put in context, this research could simply prove that terrorists don't use eBay to as a source for populating their model Ewok Villages. But more seriously it rubbishes one of the primary reasons for cracking down on personal privacy in the US. The paper, available in Postscript or PDF formats (and rendered in that spidery font that cryptographers seem to love) is a 800KB download ------------------------ Yahoo! Groups Sponsor ---------------------~--> Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide! http://us.click.yahoo.com/JNm9_D/33_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:47 PDT