[iwar] [fc:Research.slaps.crypto-banning.Feds]

From: Fred Cohen (fc@all.net)
Date: 2001-09-21 22:54:50


Return-Path: <sentto-279987-2206-1001138091-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Fri, 21 Sep 2001 22:57:11 -0700 (PDT)
Received: (qmail 9664 invoked by uid 510); 22 Sep 2001 05:55:20 -0000
Received: from n18.groups.yahoo.com (216.115.96.68) by 204.181.12.215 with SMTP; 22 Sep 2001 05:55:20 -0000
X-eGroups-Return: sentto-279987-2206-1001138091-fc=all.net@returns.onelist.com
Received: from [10.1.4.52] by mr.egroups.com with NNFMP; 22 Sep 2001 05:54:51 -0000
X-Sender: fc@big.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-7_3_2_2); 22 Sep 2001 05:54:51 -0000
Received: (qmail 86557 invoked from network); 22 Sep 2001 05:54:50 -0000
Received: from unknown (10.1.10.142) by m8.onelist.org with QMQP; 22 Sep 2001 05:54:50 -0000
Received: from unknown (HELO big.all.net) (65.0.156.78) by mta3 with SMTP; 22 Sep 2001 05:54:50 -0000
Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id WAA04408 for iwar@onelist.com; Fri, 21 Sep 2001 22:54:50 -0700
Message-Id: <200109220554.WAA04408@big.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Fri, 21 Sep 2001 22:54:50 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:Research.slaps.crypto-banning.Feds]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Research slaps crypto-banning Feds

By Andrew Orlowski in San Francisco

Posted: 22/09/2001 at 01:03 GMT

While America's own fundamentalists - led by US Attorney General John
Ashcroft - prepare the most draconian assault on Americans' civil
liberties since the second world war, their very own causus beli seems
to be vanishing. 

The enormous increase in surveillance has been justified by claims that
terrorists are using cryptography, and in particular steganography: the
art of hiding information.  USA Toady has run a series of articles on
the theme, all predictably quoting 'anonymous' security sources,
describing how messages are passed hidden in picture innocuous picture
files on sites such as eBay. 

Or maybe, not so innocuous.  The tabloid even managed to score a
tasteless bullseye last week with an article that combined pornography,
cryptography, terrorism and sport in the same article.  For any readers
who doubted the message, it was illustrated with a picture of /bin/laden
himself. 

But steganography isn't nearly as widespread a threat as you'd believe. 

A research paper published a fortnight before the attacks on US
civilians and made public this week has discovered no examples of
steganographic content on eBay whatsoever. 

Having exhaustively examined two million images on eBay, not one was
found to contain steganographic content, according to academics Niels
Provos and Peter Honeyman, who've published the paper at the University
of Michigan's website. 

15,000 of the two million images were deemed to have some form of
steganographically-encrypted content by the JPIIhide program.  But after
subjecting the images to dictionary attacks, not a single hidden message
was discovered.  The researchers discuss, and dismiss, the possibility
that strong passwords were being used.  In short, they conclude, there
is no significant use of steganography on the Internet. 

Put in context, this research could simply prove that terrorists don't
use eBay to as a source for populating their model Ewok Villages. 

But more seriously it rubbishes one of the primary reasons for cracking
down on personal privacy in the US. 

The paper, available in Postscript or PDF formats (and rendered in that
spidery font that cryptographers seem to love) is a 800KB download

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide!
http://us.click.yahoo.com/JNm9_D/33_CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:47 PDT