Flexcrypt Folder
Bear Bottoms
limitations. I installed the program and tried encrypting my USB drive
backup folder. It installs as a right click shell menu item and worked in
WindowsExplorer and Q-Dir. When you right click a file, a menu item to
"Encrypt with FlexCrypt folder" is contained. When you choose to encrypt,
it creates an encrypted exe file that does not require any software to
unencrypt it...simply the password you provide during encryption.
The folder I encrypted was 420Mb and it took 2 minutes to do so. You are
given the option to name the exe file and enter a password twice. When it
was finished the exe file was 257Mb. It took 2 minutes to unencrypt the
file. The icon for the exe file is a lock with the name you provided. When
you run the file, it unencrypts in the same location the exe file resides,
so you need to be aware of the size of the unencrypted file and the
available space (say a USB stick) for both the exe and the unencrypted
file/folder. It has no file/folder size limitation.
http://www.flexcrypt.com/flexcryptfolder.html
"Flexcrypt Folder
Flexcrypt Folder enables you to encrypt a file or a folder. After
installation, right-click on a file/folder and select Encrypt with
Flexcrypt folder, make up a password, thats it.
Decryption is done by double-clicking on the encrypted file and enter the
correct password.
The BIG advantage with Flexcrypt Folder is that it does not require any
software to decrypt an encrypted file, simply click on it and enter the
correct password.
Flexcrypt Folder is Free to use."
--
Bear Bottoms
Freeware website: http://bearware.info
Bear Bottoms
wrote:
> The BIG advantage with Flexcrypt Folder is that it does not require any
> software to decrypt an encrypted file, simply click on it and enter the
> correct password.
>
> Flexcrypt Folder is Free to use."
>
BTW, the folder I encrypted contained many folder/file levels of all of my
portable programs and associated files. I use a 2gig USB stick and have
only 400Mb on it. Since it encrypts to 250MB...the two added together are
only 650Mb so I can carry the encrypted exe on my stick. Decrypt it on the
stick, use the programs and then delete the decrypted folder.
This would however present an event that you could not re-encrypt that
folder with any changes made to the files contained unless you had the
Flexcrypt Folder program installed on the computer you are using. You
would need to have the program installed or work around that event.
Ari
> www.Flexcrypt.com...
<extreme snipping>
Bottoms, May I ask several questions? Thank you.
Why in God's Holy World would anyone wish to trust their information to
these people?
--
http://www.bushflash.com/idiot.html
Bear Bottoms
> On Sat, 07 Jun 2008 12:55:52 -0500, Bear Bottoms wrote:
>
>> www.Flexcrypt.com...
>
> <extreme snipping>
>
> Bottoms, May I ask several questions? Thank you.
>
> Why in God's Holy World would anyone wish to trust their information to
> these people?
Seems like your misunderstanding of how the software works. It is an
installed program with shell menu functionality to encrypt a file locally.
It doesn't call home when it is doing so...so your statement makes no
sense.
Ari...this is not a web service.
Now, where are the other questions?
Anonymous
> On Sat, 07 Jun 2008 13:19:21 -0500, Ari
> <arisilv...@yahoo.com> wrote:
>
> > On Sat, 07 Jun 2008 12:55:52 -0500, Bear Bottoms wrote:
> >
> >> www.Flexcrypt.com...
> >
> > <extreme snipping>
> >
> > Bottoms, May I ask several questions? Thank you.
> >
> > Why in God's Holy World would anyone wish to trust their
> > information to these people?
>
> Seems like your misunderstanding of how the software works. It is
> an installed program with shell menu functionality to encrypt a
> file locally. It doesn't call home when it is doing so...so your
> statement makes no sense.
You aparently understand little about encryption software or
security in general. Not trusting them has nothing at all to do
with "phoning home" or anything so rudimentary. Those things are
easily detected and even defended against.
Flexcrypt is a closed box. You have absolutely no way of knowing if
their software is worth a damn or not, but you're apparently
trusting it to secure potentially confidential or even critical
information. That's nothing but naive, to put it nicely.
On the other hand we have PGP and GnuPG, which are free and open
source, time tested, peer reviewed, standards compliant for
the most part, widely distributed, and very well supported by their
authors and third parties as well. And you can configure PGP/GnuPG
to be even more transparent than Flexcrypt purports to be, so
they're easier to use, too.
It's not rocket science. Proprietary, expensive outside some
awfully strict limits, and more problematic to use, versus open
source, free, and ultimate compatibility and ease of use for the
class of software being discussed.
> Ari...this is not a web service.
Ironically enough they do have a web service available for use in
conjunction with their software. They give fair warning about its
horrible lack of security as a matter of fact.
> Now, where are the other questions?
1. How do you know Flexcrypt doesn't encrypt everything to some
sort of "master key", so that anyone with that key can read all
your encrypted data.
2. Who do you suppose would have access to that key, if it exists?
3. How do you know there isn't a purposefully inserted back door in
the product which is "unlocked" by some specially crafted email,
for example. Something that allows free and clear access to every
encrypted file on that machine, or worse?
4. Why would you assume 1 or 3 were even necessary to compromise a
Flexcrypt installation or its secured data. How do you know their
encryption isn't simply trivial to break, as about 99 out of 100
proprietary encryption implementations turn out to be.
5. How do you know they're even encrypting anything at all to
begin with, or just BASE64 encoding it so it looks that way.
6. If you do just blindly trust that none of the above questions
are real issues, would you mind allowing me to handle all your
finances from now on? No need for you to know anything about what
I'm doing with your hard earned pesos or anything of course, just
trust me. ;)
Bear Bottoms
>> Now, where are the other questions?
>
> 1. How do you know Flexcrypt doesn't encrypt everything to some
> sort of "master key", so that anyone with that key can read all
> your encrypted data.
I suppose if I lose my USB stick, and the person who finds it has a
"master key" then I'm fucked eh?
>
> 2. Who do you suppose would have access to that key, if it exists?
Don Juan?
>
> 3. How do you know there isn't a purposefully inserted back door in
> the product which is "unlocked" by some specially crafted email,
> for example. Something that allows free and clear access to every
> encrypted file on that machine, or worse?
They may have inserted a camera in my wall also.
>
> 4. Why would you assume 1 or 3 were even necessary to compromise a
> Flexcrypt installation or its secured data. How do you know their
> encryption isn't simply trivial to break, as about 99 out of 100
> proprietary encryption implementations turn out to be.
You might be right...I saw a black suburban parked down the street. I
think they have been following me waiting for my USB stick to fall out of
my pocket.
>
> 5. How do you know they're even encrypting anything at all to
> begin with, or just BASE64 encoding it so it looks that way.
Decompile it and let us know...wanna take bets?
>
> 6. If you do just blindly trust that none of the above questions
> are real issues, would you mind allowing me to handle all your
> finances from now on? No need for you to know anything about what
> I'm doing with your hard earned pesos or anything of course, just
> trust me. ;)
>
Considering your paranoia...er I don't think so. You would be the one with
the briefcase handcuffed to your wrist, suspiciously taking it everywhere
with you, and sweating profusely...no thanks. Hang on...I hear a
helicopter outside...gotta go.
Sul@Motzarella
encrypt one file and let anyone have a go at cracking it
depending on the hardware resources, it may take days ..............
or even months .....................................................
--
Posting from news.motzarella.org
hummingbird
On Sun, 8 Jun 2008 01:16:06 +0200 (CEST) 'Anonymous'
wrote this on alt.comp.freeware:
>Bear Bottoms wrote:
>> Seems like your misunderstanding of how the software works. It is
>> an installed program with shell menu functionality to encrypt a
>> file locally. It doesn't call home when it is doing so...so your
>> statement makes no sense.
>
>You aparently understand little about encryption software or
>security in general. Not trusting them has nothing at all to do
>with "phoning home" or anything so rudimentary. Those things are
>easily detected and even defended against.
You are comparing everyday security against casual snooping as
provided by the program BB mentioned -vs- industrial strength
encryption which may/may not be crackable by Govt agencies
and LE ...eg PGP.
Have you ever heard the phrase 'horses for courses'?
--
most people don't like to hear the truth,
so they elect politicians to hide it from them.
Bear Bottoms
> I suppose there is one way to test it;
> encrypt one file and let anyone have a go at cracking it
>
> depending on the hardware resources, it may take days ..............
> or even months .....................................................
>
Have a go: http://bearware.info/HackThis.exe
Cyberiade.it Anonymous Remailer
[...]
> > 4. Why would you assume 1 or 3 were even necessary to
> > compromise a Flexcrypt installation or its secured data. How do
> > you know their encryption isn't simply trivial to break, as
> > about 99 out of 100 proprietary encryption implementations turn
> > out to be.
> >
> > 5. How do you know they're even encrypting anything at all to
> > begin with, or just BASE64 encoding it so it looks that way.
> >
> > 6. If you do just blindly trust that none of the above questions
> > are real issues, would you mind allowing me to handle all your
> > finances from now on? No need for you to know anything about
> > what I'm doing with your hard earned pesos or anything of
> > course, just trust me. ;)
> >
> I suppose there is one way to test it;
> encrypt one file and let anyone have a go at cracking it
Nope! Those sorts of public tests are generally meaningless. On
very, VERY rare occasions someone will stumble across something,
but the vast majority of weaknesses in encryption products are
found by thorough auditing of code, or painstaking reverse
engineering of the product itself. Little if anything can be
gleaned from a file "encrypted" by even moderately well crafted
snake oil.
The fact is, in any serious context at all closed source encryption
is largely ignored. Nobody wastes their time poking it with a fork
at all unless they have some sort of personal reason for doing so.
The business, government, and the vast majority of the private
sector simply ignore such idiocy, due in large part to the fact
that we do have very well tested and widely distributed options.
For the minuscule numbers who are actually clueless enough to be
suckered in by empty claims and pretty pictures on a web page,
well.... it's a shame and all but it's not like this information
isn't out there for you to find if you bothered with even a cursory
glance at a couple Google searches. And if you're not interested
enough to at least to a little research on the tools you're
depending on to secure your potentially sensitive data, then you
pretty much deserve what you get.
> depending on the hardware resources, it may take
> days .............. or even
> months .....................................................
Or eons. Or maybe minutes or seconds. That's the whole point. You
have absolutely no way of even making an educated estimate, let
alone any actual proof one way or another. It's a coin flip, and
unless you've lost large sections of gray matter in a train wreck
or something you don't bet your security on coin flips if there's
something better, easier, and more compatible with everyone else
right there in front of you. It would be like the betting of your
financial portfolio on the integrity of some random stranger,
which even Mr. Exposed Glutes seems to be *just* able to recognize
as a BadThing(tm).
Sparky
> On Sat, 07 Jun 2008 19:25:26 -0500, Sul@Motzarella <S...@e888.com> wrote:
>
>> I suppose there is one way to test it;
>> encrypt one file and let anyone have a go at cracking it
>>
>> depending on the hardware resources, it may take days ..............
>> or even months .....................................................
>>
>
> Have a go: http://bearware.info/HackThis.exe
>
Are you some sort of new and improved type of muttonhead or something?
HackThis.exe: Trojan.Dropper-6392 FOUND
You are aware that maliciously distributing malware is actually a crime
in many jurisdictions, right? And that while your rather odd psyche may
see this as a harmless prank, others may not.
X-Complaints-To: newsm...@cox.net
Interesting side note; this particular bit of malware has close ties to
a file called boytoy16 and certain shady porn sites in the Netherlands
which no longer exist, as far as my brief research tells me. That you'd
select it specifically for such a bold demonstration of puerility is a
real eyebrow raiser. A sterling reference for a site that uses words
like "top" and "best" in its meta tags, I'd have to say. :-(
Sul@Motzarella
I downloaded the file and used Norton to scan it and found nothing
--
Posting from news.motzarella.org
Bear Bottoms
OK dude...I lost my USB stick...here are the files on it...get the
information: [That is the point]
Bear Bottoms
As are false accusations with intent.
Ari
> Seems like your misunderstanding of how the software works. It is an
> installed program with shell menu functionality to encrypt a file locally.
> It doesn't call home when it is doing so...so your statement makes no
> sense.
>
> Ari...this is not a web service.
>
> Now, where are the other questions?
Bottoms, I will stand quietly to the side whilst you get your ass reamed
by others.
Don't fuck with security software, Bottoms, it's neither funny nor
becoming.
--
http://www.bushflash.com/idiot.html
Ari
> You are comparing everyday security against casual snooping as
> provided by the program BB mentioned -vs- industrial strength
> encryption which may/may not be crackable by Govt agencies
> and LE ...eg PGP.
>
> Have you ever heard the phrase 'horses for courses'?
Feathers, I see you dropped the sci.crypt boys off your reply. Good move
for you, they eat people like you and Bottoms for breakfast.
As a bow to Brenda, I have also removed alt. privacy, they eat people
like you and Bottoms after breakfast. For breakfast, they eat whole
countries.
--
http://www.bushflash.com/idiot.html
Bear Bottoms
Sul@Motzarella
I have installed it and going to play with it :-)
--
Posting from news.motzarella.org
Some links;
http://www.neowin.net/forum/index.php?showtopic=320017
Cyberiade.it Anonymous Remailer
> OK dude...I lost my USB stick...here are the files on it...get
> the information: [That is the point]
>
> http://bearware.info/HackThis.exe
You have a severe reading comprehension problem. Juvenile
challenges like this are completely meaningless. They tell you
absolutely nothing except that the person making them is frightened
by the proposition of subjecting whatever it is he's testing to a
*proper* test.
And I don't care for your virus infested kiddie porn files either,
thank you. It's obvious even without scanning anything that you're
up to something because Flexcrypt doesn't produce Windows
executables.
Anonymous Sender
> On Sat, 07 Jun 2008 18:16:06 -0500, Anonymous <cri...@ecn.org>
> wrote:
>
> >> Now, where are the other questions?
> >
> > 1. How do you know Flexcrypt doesn't encrypt everything to some
> > sort of "master key", so that anyone with that key can read all
> > your encrypted data.
>
> I suppose if I lose my USB stick, and the person who finds it has
> a "master key" then I'm fucked eh?
Rhetorical question. Genetics has already sodomized you far more
thoroughly than mere data loss ever could.
That depressing truth aside, for those in possession of said keys
it may not even be necessary for your inherent carelessness to rear
its ugly head. Did you somehow miss the part about this particular
bit of snake squeezin's being an email-centric application?
Or perhaps you're unfamiliar with the term email, or how it works??
> >
> > 2. Who do you suppose would have access to that key, if it
> > exists?
>
> Don Juan?
Highly unlikely. You see, Don Juan is a fictional character. He's
not an actual person. Just words on paper.
Now in whatever twisted "reality" you inhabit it may be possible
for your contrived friends and acquaintances to possess something
beyond your excuse for a mind, but consider yourself educated
regarding the fact that the subset of the population of this planet
roughly definable as not totally batshit insane, believes otherwise.
A snoooping ISP/employer, or a government agency run amok with a
bag full of emails collected by way of whatever Echelon permutation
is popular this week, is another matter entirely.
> > 3. How do you know there isn't a purposefully inserted back
> > door in the product which is "unlocked" by some specially
> > crafted email, for example. Something that allows free and
> > clear access to every encrypted file on that machine, or worse?
>
> They may have inserted a camera in my wall also.
How would they have known where you live prior to you buying their
premium crapware? And why would they waste time with anything like
that, when it's so much easier to trojanize a piece of crapware that
you're too clueless to even suspect, let alone catch with any sort
of appendage in a metaphorical cookie jar?
I think you may watch a few too many spy flicks on TV. Mission
Impossible was a purely fictional work too, in case you were just
asking yourself. :)
> >
> > 4. Why would you assume 1 or 3 were even necessary to
> > compromise a Flexcrypt installation or its secured data. How do
> > you know their encryption isn't simply trivial to break, as
> > about 99 out of 100 proprietary encryption implementations turn
> > out to be.
>
> You might be right...I saw a black suburban parked down the
> street. I think they have been following me waiting for my USB
> stick to fall out of my pocket.
Then I would certainly suggest you either use an open source
encryption product which you can be reasonably sure is safe from
easy compromise, or take your foil beanie to Nutters-R-Us for some
long overdue maintenance.
> >
> > 5. How do you know they're even encrypting anything at all to
> > begin with, or just BASE64 encoding it so it looks that way.
>
> Decompile it and let us know...wanna take bets?
/me quickly decompiles Flexcrypt.
Nope, it just BASE64 encodes using a one time hash+password of the
message for salt, and the password is [CENSORED]. No encryption
used at all, and the password is compressed within the executable
so it's trivially accessible even though it's invisible to the
naked hex editor. Terribly amateur stuff actually.
Now clever fellow, prove me wrong.
Oh wait, you'll have a little trouble doing that because you don't
have a source listing to point to and say "seeeeeee", nor are you
anywhere *near* bright enough to sort any of it out on your own.
> > 6. If you do just blindly trust that none of the above questions
> > are real issues, would you mind allowing me to handle all your
> > finances from now on? No need for you to know anything about
> > what I'm doing with your hard earned pesos or anything of
> > course, just trust me. ;)
> >
> I don't think so.
Kudos to you for admitting in your own special round about way that
you actually do realize you're completely full of bull droppings.
And far too immature to simply admit it. :)
hummingbird
On Sun, 8 Jun 2008 09:13:12 -0400 'Ari'
wrote this on alt.comp.freeware:
>On Sun, 08 Jun 2008 01:29:35 +0100, hummingbird wrote:
>
>> You are comparing everyday security against casual snooping as
>> provided by the program BB mentioned -vs- industrial strength
>> encryption which may/may not be crackable by Govt agencies
>> and LE ...eg PGP.
>>
>> Have you ever heard the phrase 'horses for courses'?
>Feathers, I see you dropped the sci.crypt boys off your reply. Good move
>for you, they eat people like you and Bottoms for breakfast.
And you IIUC Ari ;-) On the substantive issue in your comment,
they are welcome to address my previous comment. I stand by it
totally and there was nothing controversial about it.
Plain commonsense.
The fact is that there are different levels of security available
and each person will decide how secure he wishes to be, based
upon what he perceives the threat to be.
Again, plain commonsense.
>As a bow to Brenda, I have also removed alt. privacy, they eat people
>like you and Bottoms after breakfast. For breakfast, they eat whole
>countries.
So far in my time on Usenet, nobody has eaten me for breakfast
or after breakfast. Some have tried unsuccessfully.
Now, do you have summat to say? or are you just trolling? :-)
Sul@usenet4all
installed it and had to reboot
tried one file and yucks
three thumbs down
removed it from the control panel and had to reboot
stay away
while encrypting one small file, I see ads asking me to download flexemail or
something like that
Anonymous
> I downloaded the file and used Norton to scan it and found nothing
ClamAV and Ikarus identify it as Trojan.Dropper-6392 and
Trojan-Dropper.Win32.Agent.nfg respectively.
*shrug*
Either way the file is useless, and most likely something
offensive. Public "CRACK THIS!" canards tell you nothing at all
about how secure something is, and this Bruin Asshole chap is
obviously nothing better than a narcissan cunt with too much time
on its hands. You don't need to do anything but read a couple of
its messages to figure that much out.
Bear Bottoms
wrote:
> I have installed it and going to play with it :-)
It is actually pretty neat. Very easy and convenient to use. Absolutely a
great way to password protect files on a USB stick, or on your computer
from normal unwanted access.
Bear Bottoms
wrote:
I see no ads...on first use it told me about fleximail, but none
thereafter. Fair enough for a freeware product to mention it's other
products...and this one just does it once. I've tried it on about forty
different kinds of files and folders and all it brings up is the screen to
input your password, then it encrypts the file. Quick judgements often
lead to erroneous conclusions.
Bear Bottoms
<anon...@remailer.cyberiade.it> wrote:
> It's obvious even without scanning anything that you're
> up to something because Flexcrypt doesn't produce Windows
> executables.
>
LOL...are you daft?
Sul@Motzarella
a warning about having to reboot after installation would be nice
including fleximail when you run it for the first time
and thereafter it doesn't remind after 40 runs
Bear Bottoms
wrote:
> a warning about having to reboot after installation would be nice
> including fleximail when you run it for the first time
> and thereafter it doesn't remind after 40 runs
>
I assumed too much I suppose, my bad.
Franklin
> On Sun, 08 Jun 2008 08:13:12 -0500, Ari <arisilv...@yahoo.com>
> wrote:
>
>
> OK smartie pants...you just found my USB stick...get the info:
> http://bearware.info/HackThis.exe
>
Mr Bottoms, how is it that you don't understand that the problem
suggested to you is that the author may have data from your system sent
back to him or to someone else.
Bear Bottoms
How is that when it is an installed application on my hard drive and
doesn't call out? Tell me troll.
Franklin
The idea of a back door to the app has been suggested to you already.
Data could exit on your regular ports such as those for SMTP or HTTP
and masequerade as ordinary traffic.
One problem mentioned earlier is that the code for Flexcrypt is not
open for inspection. If it were then various compromises would have a
better chance of being spotted and your confidence would increase.
Who can you trust? One theory doing the rounds is that the US
government has a back door to PGP. Others think that the government
has a Magic Lantern deal with a major anti-virus supplier to not detect
some government snoopware.
--
[Ari's widened groups restored]
Bear Bottoms
> The idea of a back door to the app has been suggested to you already.
> Data could exit on your regular ports such as those for SMTP or HTTP
> and masequerade as ordinary traffic.
I know...I've ignored paranoia over proof. That could be true of every
single app you are using. Show proof.
>
> One problem mentioned earlier is that the code for Flexcrypt is not
> open for inspection. If it were then various compromises would have a
> better chance of being spotted and your confidence would increase.
It can be decompiled, I'm sure. I doubt very seriously such a small app
along with a company selling other products would be so infected...if it
ever got out...it would be a company killer.
>
> Who can you trust? One theory doing the rounds is that the US
> government has a back door to PGP. Others think that the government
> has a Magic Lantern deal with a major anti-virus supplier to not detect
> some government snoopware.
>
Well if Government is the case, much more than a little freeware app is
contaminated. I have nothing to hide and none of my accounts have been
breeched...Paranoia will not stop me from doing my thang. I prefer real
evidence. As for Flexcrypt Folder...it is a good tool and I will use
it...I like it better than CruserLock or anything else I've tried. I
especially like not needing a program to decode it. That is built into the
encrypted exe as small files are much larger than the original, however, a
400+Mb encrypted to 287...compression algorithm at work.
Ari
> The fact is that there are different levels of security available
> and each person will decide how secure he wishes to be, based
> upon what he perceives the threat to be.
Feathers, since the simple implementation of the best security available
(Truecrypt, several open source inspected codes, AxCrypt, GnuPGP, many
others reviewed by cryptologists instead of bears and birds), why would
you consider a company like these charlatans?
It is not a matter of level of security, Feathers, if /they/ want your
data, they will get your data. It is a question of implementing crap
when good stuff prevails everywhere.
Ari
> it...I like it better than CruserLock or anything else I've tried. I
> especially like not needing a program to decode it. That is built into the
> encrypted exe as small files are much larger than the original, however, a
> 400+Mb encrypted to 287...compression algorithm at work.
Compression algorithm? What compression algorithm?
--
http://www.bushflash.com/idiot.html
Anonymous Remailer (austria)
Bear Bottoms wrote:
All anyone has to do is submit your trash to VirusTotal to see that
at least two AV softwares detect it as a trojan.
The only one displaying any maliciousness here is you.
>
Anonymous
Congratulations. Unless you're a sock puppet, you're p0n3d.
Anonymous
> On Sun, 08 Jun 2008 17:56:50 -0500, Franklin <nev...@d.sight.of.it> wrote:
>
> > The idea of a back door to the app has been suggested to you already.
> > Data could exit on your regular ports such as those for SMTP or HTTP
> > and masequerade as ordinary traffic.
>
> I know...I've ignored paranoia over proof.
Proof?
<laugh>
It's painfully obvious you're out of your element here. Oblivious to
the fact that one can't even obtain something like FIPS level-1
certification without full disclosure of (annotated) source code, for
instance.
The only things you've ignored here are facts, and common sense. In
favor of gross incompetence and a markedly puerile inability to accept
and admit that you're wrong. You suggested something so utterly
disserviceable even casual users shouldn't be considering it, got
called on that when someone cross posted your layperson's "wisdom" to a
place where people generally do know what they're talking about, and
immediately started acting like a spanked child in response.
Bear Bottoms
> Bear Bottoms wrote:
> Proof?
> <laugh>
You're full of shit. I review freewares all day long, and you? You do
what? Troll successful freeware people like me? Teach me what? Nothing,
troll.
hummingbird
>On Sun, 08 Jun 2008 17:56:50 -0500, Franklin <nev...@d.sight.of.it> wrote:
>> Who can you trust? One theory doing the rounds is that the US
>> government has a back door to PGP. Others think that the government
>> has a Magic Lantern deal with a major anti-virus supplier to not detect
>> some government snoopware.
Oh! the pleasures of living in an accountable democracy!
The PGP back-door story has been going round since Zimmerman quit.
I think it's safe to assume that versions of PGP produced by him
before his departure are safe. That is up to v7.0 IIRC, maybe
someone can confirm that.
As for Magic Lanterns, well, nothing would surprise me.
.
.
.
uh oh! gotta go ... I can hear the sound of jackboots...
hummingbird
On Sun, 8 Jun 2008 20:07:07 -0400 'Ari'
wrote this on alt.comp.freeware:
>On Sun, 08 Jun 2008 18:26:43 -0500, Bear Bottoms wrote:
Doesn't 400megs - 287megs equal a compression algorithm Ari?
hummingbird
On Sun, 8 Jun 2008 20:05:28 -0400 'Ari'
wrote this on alt.comp.freeware:
>On Sun, 08 Jun 2008 16:02:07 +0100, hummingbird wrote:
>
>> The fact is that there are different levels of security available
>> and each person will decide how secure he wishes to be, based
>> upon what he perceives the threat to be.
>Feathers, since the simple implementation of the best security available
>(Truecrypt, several open source inspected codes, AxCrypt, GnuPGP, many
>others reviewed by cryptologists instead of bears and birds), why would
>you consider a company like these charlatans?
I wouldn't. If I wanted security, I'd use eg: PGP or whatever.
But that wasn't my point was it.
>It is not a matter of level of security, Feathers, if /they/ want your
>data, they will get your data. It is a question of implementing crap
>when good stuff prevails everywhere.
>
>Free.
You're missing my point Ari.
1.there are different levels of security for different purposes.
You should know that and I'm sure your lady does.
2.whether good stuff prevails everywhere is a matter of definition
and opinion. IME, good security is not easy to implement. Whereas
this product is quick and simple to set up for your average dork.
A product such as this is probably *good enough* for Jane Doe
who wants to *feel safe* if she drops her USB stick in the local
supermarket.
That's all I'm saying. I don't think anybody can argue with that.
--
uh oh...black helicopter ... gotta run
Bear Bottoms
Spoof
Bear Bottoms
wrote:
> A product such as this is probably *good enough* for Jane Doe
> who wants to *feel safe* if she drops her USB stick in the local
> supermarket.
> That's all I'm saying. I don't think anybody can argue with that.
No one here has come up with what HackThis.exe contains so it would be
fair to say it extends beyond Jane Doe. :)
If someone from the Government comes and gets your hard drive under
subpoena, I would venture to say few here could hide anything from them.
hummingbird
On Mon, 09 Jun 2008 05:02:33 -0500 'Bear Bottoms'
wrote this on alt.comp.freeware:
Except *perhaps* those using PGP.
But in the UK it is a criminal offence punishable by 2 years in
the slammer to withhold a password or encryption phrase from
the police when asked (RIPA). That is irrespective of what the
encrypted data might contain.
Acceptable defences are "I forgot it" or *I lost it" but they're
unlikely to be accepted if there is other evidence against you.
Krazee Brenda
> I have installed it and going to play with it :-)
Did it get hard? And all straitlike?
--
See Brenda's UniWorldWare
http://tinyurl.com/nm2yt
Loverly Vagina
> On Sun, 08 Jun 2008 11:22:18 -0500, Sul@Motzarella <"dun bother"@live.com>
> wrote:
>
>> a warning about having to reboot after installation would be nice
>> including fleximail when you run it for the first time
>> and thereafter it doesn't remind after 40 runs
>>
> I assumed too much I suppose, my bad.
"It is actually pretty neat. Very easy and convenient to use. Absolutely
a great way to password protect files on a USB stick, or on your
computer from normal unwanted access."
Sir Bear, time past, few moments, momentarily ago, above, quoted, you, a
post, posted past. No need, needless to say, for you, kind Bear, to bear
the brunt of you lack of forbearance.
Next time you stick your dick in a guillotine, don't be so fukken
surprised when you have bear meat on the cutting room floor.
Ari
>>Compression algorithm? What compression algorithm?
>
> Doesn't 400megs - 287megs equal a compression algorithm Ari?
Feathers, if i cut your wings off, did I compress you?
--
http://www.bushflash.com/idiot.html
Ari
>>> The fact is that there are different levels of security available
>>> and each person will decide how secure he wishes to be, based
>>> upon what he perceives the threat to be.
>
>>Feathers, since the simple implementation of the best security available
>>(Truecrypt, several open source inspected codes, AxCrypt, GnuPGP, many
>>others reviewed by cryptologists instead of bears and birds), why would
>>you consider a company like these charlatans?
>
> I wouldn't. If I wanted security, I'd use eg: PGP or whatever.
>
> But that wasn't my point was it.
The only point I saw was that you claimed people wanted to be secure,
more secure or really really secure. I'm saying why put in a wooden door
to your safe when you can have a 12" concrete/steel reinforced one for
no more hassle or penalty.
Then you don't have to wonder if your attacker is the Mossad or Mamie
The Pancake Flipper.
--
http://www.bushflash.com/idiot.html
Sul@Motzarella
> On Sun, 08 Jun 2008 21:49:58 +0700, Sul@Motzarella wrote:
>
>> I have installed it and going to play with it :-)
>
> Did it get hard? And all straitlike?
--
Posting from news.motzarella.org
Some links;
http://www.neowin.net/forum/index.php?showtopic=522081
Ari
> You're missing my point Ari.
> 1.there are different levels of security for different purposes.
> You should know that and I'm sure your lady does.
>
> 2.whether good stuff prevails everywhere is a matter of definition
> and opinion. IME, good security is not easy to implement. Whereas
> this product is quick and simple to set up for your average dork.
Feathers, tell me, how did you come to define that this product is
secure?
> A product such as this is probably *good enough* for Jane Doe
> who wants to *feel safe* if she drops her USB stick in the local
> supermarket.
>
> That's all I'm saying. I don't think anybody can argue with that.
Let's say you're right, you're not, but, WTF, you have a short memory,
and since I'm a kind and indulgent soul I will not refresh it by
repeating the information I gave in a previous post.
Jane feels safe. She goe back to the store, whoa, lookee there, right
next to the KY Jelly is her stick.
What proof, Feathers, can you give us that when she decrypts her stick,
her data will be there whole, as before, bit for byte for byte for bit??
Before you said that the reduction in file size (400mgs to 287) was due
to "compression".
Was it?
--
http://www.bushflash.com/idiot.html
Cyberiade.it Anonymous Remailer
>
> >On Sun, 08 Jun 2008 17:56:50 -0500, Franklin <nev...@d.sight.of.it> wrote:
>
> >> Who can you trust? One theory doing the rounds is that the US
> >> government has a back door to PGP. Others think that the government
> >> has a Magic Lantern deal with a major anti-virus supplier to not detect
> >> some government snoopware.
>
>
> Oh! the pleasures of living in an accountable democracy!
>
> The PGP back-door story has been going round since Zimmerman quit.
> I think it's safe to assume that versions of PGP produced by him
> before his departure are safe. That is up to v7.0 IIRC, maybe
> someone can confirm that.
PGP is still open source. I believe there was a version or two in the
7.x era that weren't, but even the suits who took over from PRZ quickly
figured out that if you don't let your crypto be scrutinized by your
peers and anyone else who cares to poke and prod, your product is
considered useless. Your peers will discard it completely, the nuts
will invent all manner of conspiracy theories, and the average Joe's
will rightfully assign at least some level of credibility to both.
> As for Magic Lanterns, well, nothing would surprise me.
You nee to Google "magic lantern".
Then do a little research into a program called JAP.
Surprise levels being irrelevant, you will find out that government
sponsored back doors are nothing any newer than the ability to sponsor
them, and that open source has historically been a pretty good
> uh oh! gotta go ... I can hear the sound of jackboots...
If only it were that easy. The problem here is you can't see them
coming, and apparently some people remain in a willful state of
ignorance regarding the fact that they not only can blind side you,
they have more than once already.
hummingbird
On Mon, 9 Jun 2008 10:10:55 -0400 'Ari'
wrote this on alt.comp.freeware:
>On Mon, 09 Jun 2008 10:38:55 +0100, hummingbird wrote:
>
>>>Compression algorithm? What compression algorithm?
>>
>> Doesn't 400megs - 287megs equal a compression algorithm Ari?
>Feathers, if i cut your wings off, did I compress you?
lol. Are you saying that the program chops chunks off?
That's called FcukMeWhatNextWare.
hummingbird
On 9 Jun 2008 17:12:21 +0200 'Cyberiade.it Anonymous Remailer'
wrote this on alt.comp.freeware:
>hummingbird wrote:
>
>>
>> >On Sun, 08 Jun 2008 17:56:50 -0500, Franklin <nev...@d.sight.of.it> wrote:
>>
>> >> Who can you trust? One theory doing the rounds is that the US
>> >> government has a back door to PGP. Others think that the government
>> >> has a Magic Lantern deal with a major anti-virus supplier to not detect
>> >> some government snoopware.
>> Oh! the pleasures of living in an accountable democracy!
>>
>> The PGP back-door story has been going round since Zimmerman quit.
>> I think it's safe to assume that versions of PGP produced by him
>> before his departure are safe. That is up to v7.0 IIRC, maybe
>> someone can confirm that.
>PGP is still open source. I believe there was a version or two in the
>7.x era that weren't,
Indeed.
>but even the suits who took over from PRZ quickly
>figured out that if you don't let your crypto be scrutinized by your
>peers and anyone else who cares to poke and prod, your product is
>considered useless. Your peers will discard it completely, the nuts
>will invent all manner of conspiracy theories, and the average Joe's
>will rightfully assign at least some level of credibility to both.
Thanks for that. I had no idea it had become open source again.
That kills my conspiracy theory that the suits were funded by
a govt agency, and secretly put a backdoor in whilst continuing
to market the program as secure! :-)
>> As for Magic Lanterns, well, nothing would surprise me.
>
>You nee to Google "magic lantern".
>
>Then do a little research into a program called JAP.
Ta, I'll do some research...
>Surprise levels being irrelevant, you will find out that government
>sponsored back doors are nothing any newer than the ability to sponsor
>them, and that open source has historically been a pretty good
>
>> uh oh! gotta go ... I can hear the sound of jackboots...
>
>If only it were that easy. The problem here is you can't see them
>coming, and apparently some people remain in a willful state of
>ignorance regarding the fact that they not only can blind side you,
>they have more than once already.
Sure, good security is always pre-emptive or anticipative.
Anonymous Remailer (austria)
Bear Bottoms wrote:
> On Sun, 08 Jun 2008 09:49:58 -0500, Sul@Motzarella <"dun bother"@live.com>
> wrote:
>
> > I have installed it and going to play with it :-)
>
> It is actually pretty neat. Very easy and convenient to use. Absolutely a
> great way to password protect files on a USB stick, or on your computer
> from normal unwanted access.
It's a sucky, clunky, untrustworthy way of doing God knows what
to your files. PGP is free, integrates better, works better, is
easier to use, and we know it's not full of holes like Baby Swiss.
You should stick with reviewing kids games and fLicker
hand-holders or whatever. Maybe you won't make such a complete
fool of yourself.
>
hummingbird
On Mon, 9 Jun 2008 10:17:57 -0400 'Ari'
wrote this on alt.comp.freeware:
>On Mon, 09 Jun 2008 10:47:43 +0100, hummingbird wrote:
>
>>>> The fact is that there are different levels of security available
>>>> and each person will decide how secure he wishes to be, based
>>>> upon what he perceives the threat to be.
>>
>>>Feathers, since the simple implementation of the best security available
>>>(Truecrypt, several open source inspected codes, AxCrypt, GnuPGP, many
>>>others reviewed by cryptologists instead of bears and birds), why would
>>>you consider a company like these charlatans?
>>
>> I wouldn't. If I wanted security, I'd use eg: PGP or whatever.
>>
>> But that wasn't my point was it.
>The only point I saw was that you claimed people wanted to be secure,
>more secure or really really secure. I'm saying why put in a wooden door
>to your safe when you can have a 12" concrete/steel reinforced one for
>no more hassle or penalty.
That is true providing your "12" concrete/steel reinforced" door
is as easy to install and cheap as the wooden door. I'd bet that
in most cases it isn't. So, we get back to horses for courses.
An example are window locks and burglar alarms on/in homes.
You and I know they are not very effective at keeping a determined
burglar at bay. However, they do achieve two things: a) provide
some security from casual opportunistic burglars and b) make the
home owner *feel* safer. The latter is quite important where
women are concerned.
>Then you don't have to wonder if your attacker is the Mossad or Mamie
>The Pancake Flipper.
--
Ari
>> Bottoms, May I ask several questions? Thank you.
>>
>> Why in God's Holy World would anyone wish to trust their information to
>> these people?
>
> Seems like your misunderstanding of how the software works. It is an
> installed program with shell menu functionality to encrypt a file locally.
> It doesn't call home when it is doing so...so your statement makes no
> sense.
>
> Ari...this is not a web service.
>
> Now, where are the other questions?
We haven't close to finishing this one yet, Bottoms.
I fully understand encryption, its implementations and this program.
1) The company is all of 6 months old.
2) It has shown no independent or other studies of its encryption,FTm,
what encryption methodology?But it does reward us with "First version of
Flexcrypt ready for raw testing, results are VERY positive." wow
3) Bottoms, click on "Policy", my goodness, they don't have one!
4) Click on "Press"; impressive, no,. they can't work a comon website,
Bottoms.
5) Note the remove the exe, return the exe, do you know why they have to
do that, Bottoms?
6) 2007-10-01 - "Enhanced" testing; wow
7) My fav page
http://www.nordicis.com/coworkers.html
Two with no contact info, all with no background info, "Keys to the
Kingdom"?
On and on and on I could go, Bottoms, these are fools, not science based
encryption experts, Bottoms.
You may trust your data to them, I wouldn't trust doggie poo-poo in
their greedy little hands.
Bottoms, may I suggest, I shall, a suggestion?
Post what you want but don't fuck around with data security.
OK?
hummingbird
On Mon, 9 Jun 2008 10:25:51 -0400 'Ari'
wrote this on alt.comp.freeware:
>On Mon, 09 Jun 2008 10:47:43 +0100, hummingbird wrote:
>
>> You're missing my point Ari.
>> 1.there are different levels of security for different purposes.
>> You should know that and I'm sure your lady does.
>>
>> 2.whether good stuff prevails everywhere is a matter of definition
>> and opinion. IME, good security is not easy to implement. Whereas
>> this product is quick and simple to set up for your average dork.
>
>Feathers, tell me, how did you come to define that this product is
>secure?
I've never said it was secure, as you define secure.
I'm debating it based upon the blurb BB posted from the website.
I have no reason to believe they are lying, although they won't be
telling anybody how secure it is compared to (say) PGP.
But I repeat: it has *some* use for *some* people.
>> A product such as this is probably *good enough* for Jane Doe
>> who wants to *feel safe* if she drops her USB stick in the local
>> supermarket.
>>
>> That's all I'm saying. I don't think anybody can argue with that.
>Let's say you're right, you're not, but, WTF, you have a short memory,
>and since I'm a kind and indulgent soul I will not refresh it by
>repeating the information I gave in a previous post.
>
>Jane feels safe. She goe back to the store, whoa, lookee there, right
>next to the KY Jelly is her stick.
>
>What proof, Feathers, can you give us that when she decrypts her stick,
>her data will be there whole, as before, bit for byte for byte for bit??
>
>Before you said that the reduction in file size (400mgs to 287) was due
>to "compression".
>
>Was it?
Well, you are now alleging that the program fcuks the data in some
way and makes it inaccessible. You may be right but I doubt it.
Compressing data is not exactly rocket science nowadays.
Getting it right shouldn't be difficult.
Craig
> Bear Bottoms <bearb...@bearbottoms.com>:
>
>> You're full of shit. I review freewares all day long, and you? You do
>> what? Troll successful freeware people like me? Teach me what? Nothing,
>> troll.
>
> don't "review freewares all day long", you only copy and paste blurbs
> from various websites.
>
Yrrah;
BB pointed out, and from the headers it looks like, that someone spoofed
BB on this one.
fwiw,
-Craig
Ari
> On Mon, 9 Jun 2008 10:10:55 -0400 'Ari'
> wrote this on alt.comp.freeware:
>
>>On Mon, 09 Jun 2008 10:38:55 +0100, hummingbird wrote:
>>
>>>>Compression algorithm? What compression algorithm?
>>>
>>> Doesn't 400megs - 287megs equal a compression algorithm Ari?
>
>>Feathers, if i cut your wings off, did I compress you?
>
> lol. Are you saying that the program chops chunks off?
>
> That's called FcukMeWhatNextWare.
What do we know? There is no testing and, although in their super-dooper
oh so professional website
<snickies>
they failed to mention that the program was full of nags, ads and crap.
I certainly trust them lol. With my fallen out, lying on the floor,
useless gonad hairs.
--
http://www.bushflash.com/idiot.html
Ari
>> Oh! the pleasures of living in an accountable democracy!
>>
>> The PGP back-door story has been going round since Zimmerman quit.
>> I think it's safe to assume that versions of PGP produced by him
>> before his departure are safe. That is up to v7.0 IIRC, maybe
>> someone can confirm that.
>
> PGP is still open source. I believe there was a version or two in the
> 7.x era that weren't, but even the suits who took over from PRZ quickly
> figured out that if you don't let your crypto be scrutinized by your
> peers and anyone else who cares to poke and prod, your product is
> considered useless. Your peers will discard it completely, the nuts
> will invent all manner of conspiracy theories, and the average Joe's
> will rightfully assign at least some level of credibility to both.
Translation: Flexcrypt is shite.
--
http://www.bushflash.com/idiot.html
John Hadstate
Ari,
Please don't take this as an insult. I have to say that you seem to
have gotten a lot smarter in your old age (or maybe you've just gotten
smarter in my old age ;-)
Basically, you hit all the points of interest and then some.
Personally, I wouldn't have gone to that much effort.
-jeh
Ari
>> As for Magic Lanterns, well, nothing would surprise me.
>
> You nee to Google "magic lantern".
>
> Then do a little research into a program called JAP.
>
> Surprise levels being irrelevant, you will find out that government
> sponsored back doors are nothing any newer than the ability to sponsor
> them,
Who said Arkansas?
Why it was in Arkansas that modifications were made to the
stolen PROMIS software system to enable it to spy on banking
transactions. For where there are drugs, there must be money laundering,
or so one can suppose. ?
The PROMIS software was created by Inslaw for a single purpose: to track
people, to be used by federal prosecutors. Want to know who the judge
was on a particular case? Ask PROMIS. Want to know all the similar cases
that same judge has heard? Ask PROMIS. How about all the accused money
launderers a particular attorney has defended? And so on. But after the
Justice Department acquired the PROMIS software by "trickery, deceit and
fraud" (to quote a federal bankruptcy judge who tried the case) and
installed it in most of its regional offices, the system was modified
and sold to foreign intelligence organizations, then modified again and
sold to banks as Enhanced.
With a hyoooge back door in it.
In the 1980's, intelligence organizations around the world salivated
over PROMIS's ability to track terrorists, spies, political opponents,
and attractive models. How do you think I found Brenda, Feathers?
Aside from distribution to almost all the TLAs in America, PROMIS was
sold to intell orgs in Canada, Joosreal, Singapore, Iraq, Egypt and
Jordan, among others. The US has had three Attorney Generals who have
corroborated this scheme (it was a chip based methodology btw)
--
http://www.bushflash.com/idiot.html
Ari
Where's nemo outis? I was so hoping he would join us. lol
--
http://www.bushflash.com/idiot.html
Ari
>>The only point I saw was that you claimed people wanted to be secure,
>>more secure or really really secure. I'm saying why put in a wooden door
>>to your safe when you can have a 12" concrete/steel reinforced one for
>>no more hassle or penalty.
>
> That is true providing your "12" concrete/steel reinforced" door
> is as easy to install and cheap as the wooden door. I'd bet that
> in most cases it isn't. So, we get back to horses for courses.
Bzzt. Schneier has a binaries version of Two and Blowfish that is just
as easy as Flexcrap. Axcrypt has been well received, there are dozens of
others, ease of use does not necessarily equate with shitware, Feathers.
See what Flexcrap has done to you? Addled.
I do admire that you can fly with your hands.
--
http://www.bushflash.com/idiot.html
Cyberiade.it Anonymous Remailer
> >Feathers, tell me, how did you come to define that this product is
> >secure?
>
> I've never said it was secure, as you define secure.
>
> I'm debating it based upon the blurb BB posted from the website.
> I have no reason to believe they are lying, although they won't be
> telling anybody how secure it is compared to (say) PGP.
>
> But I repeat: it has *some* use for *some* people.
Only because Barnum was right. There will always exist *some* number of
people that can be convinced bad solutions to problems work. That a
solution which relies on nothing more tangible than luck is as useful
as one that implements actual security.
Anecdotes and suppositions are irrelevant here. Whether "grandma" can
crack your porn files is meaningless. Good or bad security isn't defined
that way by anyone who is even remotely serious, it's defined by
evidence and facts pointing to the conclusion that if granny is
replaced by the FBI your data is still safe. To assume that only
attackers with limited abilities will ever come into contact with your
data is pure self delusion. You plan for the worst case, and let lesser
scenarios take care of themselves. Especially when a truly good
solution is both cheaper, and more functional. ;)
Ari
>>Feathers, tell me, how did you come to define that this product is
>>secure?
>
> I've never said it was secure, as you define secure.
>
> I'm debating it based upon the blurb BB posted from the website.
> I have no reason to believe they are lying, although they won't be
> telling anybody how secure it is compared to (say) PGP.
>
> But I repeat: it has *some* use for *some* people.
Feathers, wet cow shit has a dietary use for some people.
--
http://www.bushflash.com/idiot.html
Ari
>>Jane feels safe. She goe back to the store, whoa, lookee there, right
>>next to the KY Jelly is her stick.
>>
>>What proof, Feathers, can you give us that when she decrypts her stick,
>>her data will be there whole, as before, bit for byte for byte for bit??
>>
>>Before you said that the reduction in file size (400mgs to 287) was due
>>to "compression".
>>
>>Was it?
>
> Well, you are now alleging that the program fcuks the data in some
> way and makes it inaccessible. You may be right but I doubt it.
>
> Compressing data is not exactly rocket science nowadays.
> Getting it right shouldn't be difficult.
Getting compression right is difficult, Feathers, especially when there
is encryption involved. There is an ongoing debate as to the appropriate
sequencing of encryption/compression and since
refuses to tell us a friggin' thing about their product, I would err on
the side that they are spazoid charlatans who prefer to sell their
shitware anyway they can, without any scruples or decency of any kind.
Maybe I am wrong, maybe he fact that their website links don't work has
nothing at all to do with their capabilities. lol
--
http://www.bushflash.com/idiot.html
Ari
Hi, John, well, it's not like I haven't had excellent teachers, is it?
Sci.crypt guys have put up with a lot from me, I do tell, as have the
alt.privacy fartheads, er, wunnerful fellows (not sure where this is
posting from) lol
I have new fiends and friends over at alt.comp.freeware, I fell in love
and am dating the Queen of Freeware, Krazee Brenda. Well, she's free
anyway.
Thanks for the compliment and thanks for your patience over the years.
--
http://www.bushflash.com/idiot.html
Anonymous
> >The only point I saw was that you claimed people wanted to be secure,
> >more secure or really really secure. I'm saying why put in a wooden door
> >to your safe when you can have a 12" concrete/steel reinforced one for
> >no more hassle or penalty.
>
> That is true providing your "12" concrete/steel reinforced" door
> is as easy to install and cheap as the wooden door. I'd bet that
> in most cases it isn't. So, we get back to horses for courses.
In this case, it absolutely is. In fact this particular concrete-steel
door is a *lot* cheaper for the same functionality, Installs exactly
the same way, swings easier on its hinges, works just like every other
door of its type so authorized strangers won't have any trouble using
it, and has design specs freely available so you can be sure the thing
is filled with concrete and not Styrofoam, or build your own if you
want. :)
>
> An example are window locks and burglar alarms on/in homes.
>
> You and I know they are not very effective at keeping a determined
> burglar at bay. However, they do achieve two things: a) provide
> some security from casual opportunistic burglars and b) make the
> home owner *feel* safer. The latter is quite important where
> women are concerned.
Actually, that's not true at all. Good home security is *very*
effective at keeping determined criminals at bay. It's the "amateurs"
who will still try, and often fail. The "pros" will generally look for
an easier target, because criminals are after all essentially cowards.
And there's no shortcuts. Determined criminals can spot snake oil
faster than many determined "experts".
Note that I said *good* security. If you install crap or don't use what
you do have to its fullest, even the most well conceived security will
fail.
Anonymous Remailer (austria)
hummingbird wrote:
<snippage>
> >PGP is still open source. I believe there was a version or two in the
> >7.x era that weren't,
>
> Indeed.
>
> >but even the suits who took over from PRZ quickly
> >figured out that if you don't let your crypto be scrutinized by your
> >peers and anyone else who cares to poke and prod, your product is
> >considered useless. Your peers will discard it completely, the nuts
> >will invent all manner of conspiracy theories, and the average Joe's
> >will rightfully assign at least some level of credibility to both.
>
> Thanks for that. I had no idea it had become open source again.
It's a fact not widely known outside certain circles, and unlike
"traditional" open source software you have to agree to their terms. No
modifications, you can't compile your own production copy, etc. But the
important part is there in this context. It can be peer reviewed and a
known good copy compared to an off the shelf copy.
>
> That kills my conspiracy theory that the suits were funded by
Kill is such a strong sentiment. ;)
Nothing is infallible. Being open source doesn't mean there can't be
flaws in something, purposefully or otherwise. But it truly *is* the
best way we have to guard against that sort of thing, and historically
very useful for doing so.
> >You nee to Google "magic lantern".
> >
> >Then do a little research into a program called JAP.
>
> Ta, I'll do some research...
Briefly, Magic Lantern is the code name for a real life US Government
program and software, whereby they could install "undetectable" key
logging software on any and every machine they cared to.
JAP is a piece of anonymous proxy software and an anonymous mix network
that was back doored under gag orders by the German feds. Being open
source that compromise was spotted, with a little amusing help from the
maintainers of the software themselves it seems. I forget the exact
wording, but they actually inserted language like "Crime Detection
Function" several places in the source itself.
> >Surprise levels being irrelevant, you will find out that government
> >sponsored back doors are nothing any newer than the ability to sponsor
> >them, and that open source has historically been a pretty good
> >
> >> uh oh! gotta go ... I can hear the sound of jackboots...
> >
> >If only it were that easy. The problem here is you can't see them
> >coming, and apparently some people remain in a willful state of
> >ignorance regarding the fact that they not only can blind side you,
> >they have more than once already.
>
> Sure, good security is always pre-emptive or anticipative.
And open. :)
There are no black boxes in good security. If you can't dissect it you
have little chance of proactively spotting weaknesses, and security is
even more about knowing specifically what might be exploited and how,
than it is being confident that some mathematical formula or trying to
guess what the BadGuys(tm) will do next. It's as much about knowing
your weaknesses, as your strengths. :)
hummingbird
On Mon, 9 Jun 2008 13:08:58 -0400 'Ari'
wrote this on alt.comp.freeware:
>On Mon, 09 Jun 2008 16:59:19 +0100, hummingbird wrote:
>
>>>The only point I saw was that you claimed people wanted to be secure,
>>>more secure or really really secure. I'm saying why put in a wooden door
>>>to your safe when you can have a 12" concrete/steel reinforced one for
>>>no more hassle or penalty.
>>
>> That is true providing your "12" concrete/steel reinforced" door
>> is as easy to install and cheap as the wooden door. I'd bet that
>> in most cases it isn't. So, we get back to horses for courses.
>Bzzt. Schneier has a binaries version of Two and Blowfish that is just
>as easy as Flexcrap. Axcrypt has been well received, there are dozens of
>others, ease of use does not necessarily equate with shitware, Feathers.
Good. I didn't know that. Links? Is it freeware?
Folks here don't appreciate ads for payware or shareware.
>See what Flexcrap has done to you? Addled.
Not at all.
Plse understand that I'm not sticking up for flexicrap.
All I've said is that it will be adequate for *some* people.
I understand the principles of security well, although I've
no doubt that you and others know more about it on these
furshlugginer computer systems.
>I do admire that you can fly with your hands.
Takes years of practice doncha know ;-)
hummingbird
On Mon, 9 Jun 2008 20:08:03 +0200 (CEST) 'Anonymous'
wrote this on alt.comp.freeware:
>hummingbird wrote:
>
>> >The only point I saw was that you claimed people wanted to be secure,
>> >more secure or really really secure. I'm saying why put in a wooden door
>> >to your safe when you can have a 12" concrete/steel reinforced one for
>> >no more hassle or penalty.
>>
>> That is true providing your "12" concrete/steel reinforced" door
>> is as easy to install and cheap as the wooden door. I'd bet that
>> in most cases it isn't. So, we get back to horses for courses.
>In this case, it absolutely is. In fact this particular concrete-steel
>door is a *lot* cheaper for the same functionality, Installs exactly
>the same way, swings easier on its hinges, works just like every other
>door of its type so authorized strangers won't have any trouble using
>it, and has design specs freely available so you can be sure the thing
>is filled with concrete and not Styrofoam, or build your own if you
>want. :)
I didn't know we were debating a specific door in a specific
location. Where is this door?
>> An example are window locks and burglar alarms on/in homes.
>>
>> You and I know they are not very effective at keeping a determined
>> burglar at bay. However, they do achieve two things: a) provide
>> some security from casual opportunistic burglars and b) make the
>> home owner *feel* safer. The latter is quite important where
>> women are concerned.
>Actually, that's not true at all. Good home security is *very*
>effective at keeping determined criminals at bay.
I said nothing to the contrary. I said that window locks and
alarms are often ineffective.
>It's the "amateurs"
>who will still try, and often fail. The "pros" will generally look for
>an easier target, because criminals are after all essentially cowards.
ditto.
>And there's no shortcuts. Determined criminals can spot snake oil
>faster than many determined "experts".
Agreed. Hence my original comments.
>Note that I said *good* security. If you install crap or don't use what
>you do have to its fullest, even the most well conceived security will
>fail.
Thanks for essentially agreeing with me. I'm glad there's
at least one sane person over there on alt.privacy ;-)
Anonymous
> On 9 Jun 2008 17:12:21 +0200, Cyberiade.it Anonymous Remailer wrote:
>
> Where's nemo outis? I was so hoping he would join us. lol
He's here. But not under that name.
I'm surprised you didn't spot it.
Ilmari Karonen
>
> Getting compression right is difficult, Feathers, especially when there
> is encryption involved. There is an ongoing debate as to the appropriate
> sequencing of encryption/compression and since
Actually, there isn't. Not a meaningful one, anyway. There's exactly
two choices: either you don't compress your data, or you compress it
before encrypting it, because you bloody well ain't going to compress
it afterwards.
If your encryption is any good, the choice won't make any difference
to security whatsoever. Unless, that is, the length of the data
you're encrypting is enough to leak some information you'd rather keep
private, in which case you've probably got a problem either way, and
should seriously consider padding the data to a known length before
encrypting (and after compressing, if you're going to do that, but why
bother?).
If your encryption is crap, compressing the data first might make it
marginally safer. Or it could make it less safe -- it's easy to come
up with scenarios either way. None of which has any bearing upon the
actual problem, which is that your encryption is crap.
--
Ilmari Karonen
To reply by e-mail, please replace ".invalid" with ".net" in address.
hummingbird
On Mon, 9 Jun 2008 13:17:04 -0400 'Ari'
wrote this on alt.comp.freeware:
>On Mon, 09 Jun 2008 17:07:27 +0100, hummingbird wrote:
Politicians? ;-)
hummingbird
On Mon, 9 Jun 2008 13:28:15 -0400 'Ari'
wrote this on alt.comp.freeware:
>On Mon, 09 Jun 2008 17:07:27 +0100, hummingbird wrote:
>
>>>Jane feels safe. She goe back to the store, whoa, lookee there, right
>>>next to the KY Jelly is her stick.
>>>
>>>What proof, Feathers, can you give us that when she decrypts her stick,
>>>her data will be there whole, as before, bit for byte for byte for bit??
>>>
>>>Before you said that the reduction in file size (400mgs to 287) was due
>>>to "compression".
>>>
>>>Was it?
>>
>> Well, you are now alleging that the program fcuks the data in some
>> way and makes it inaccessible. You may be right but I doubt it.
>>
>> Compressing data is not exactly rocket science nowadays.
>> Getting it right shouldn't be difficult.
>Getting compression right is difficult, Feathers, especially when there
>is encryption involved. There is an ongoing debate as to the appropriate
>sequencing of encryption/compression and since
Well, there are plenty of compression algorithms available.
It's not reinventing the wheel ... that's what I meant.
Surely any difficulty w/r/t encrpted data would depend on the
algorithm used? PGP compresses encrypted data just fine.
>www.flexcrypt.com
>
>refuses to tell us a friggin' thing about their product, I would err on
>the side that they are spazoid charlatans who prefer to sell their
>shitware anyway they can, without any scruples or decency of any kind.
>
>Maybe I am wrong, maybe he fact that their website links don't work has
>nothing at all to do with their capabilities. lol
--
hummingbird
On 9 Jun 2008 19:43:36 +0200 'Cyberiade.it Anonymous Remailer'
wrote this on alt.comp.freeware:
>hummingbird wrote:
I think that's a very purist view of security. Whilst I do
understand your point, I still maintain that in a scenario where
(say) 10yo kids or grannies are involved, you really don't need
to think in terms of PGP. All you need is something which is
effective when weighed against the perceived risk, and value
of the data being secured. Anything else is superfluous.
Anonymous Sender
> Plse understand that I'm not sticking up for flexicrap.
> All I've said is that it will be adequate for *some* people.
>
> I understand the principles of security well,
Those two statements are contradictions.
Nobody who has any understanding of security would ever
recommend encryption of completely unknown quality for
anything just because they assume it might "look real
nice" to some users.
And that's exactly what you're saying.
Simple truth of the matter is you don't know if it's
adequate, a trojan, spyware, crapware, or the best damn
encryption software in the world. You're basing your
first statement on blind assumption and the subjective
opinion that all the buttons and icons are in the right
places. And that, my friend, makes your second statement
categorically false.
Bear Bottoms
> Before you said that the reduction in file size (400mgs to 287) was due
> to "compression".
> Was it?
Well it certainly didn't expand did it ;)
BTW...no one has broken the password yet...still waiting.
--
Bear Bottoms
Freeware website: http://bearware.info
Franklin
I agree there is much to be vigilant about. One doesn't have to be
paranoid to realize there's an awful lot which governments want to
know about people.
If you haven't come across them already then here's some old reports
by STOA which gave an appraisal of what was possible. STOA is the
Scientific Technology Options Assessment unit of the European
Parliament.
-----
An interesting STOA project was one called 'DEVELOPMENT OF
SURVEILLANCE TECHNOLOGY AND RISK OF ABUSE OF ECONOMIC INFORMATION'
[Ref : (1998/14/01) 10/1999]
<http://www.europarl.europa.eu/stoa/publications/studies/default_en.
htm> <http://preview.tinyurl.com/6ngu8y>
Towards the end of this page are links for these reports:
Volume 2:'INTERCEPTION CAPABILITIES 2000'
Volume 3:'ENCRYPTION AND CRYPTOSYSTEMS IN ELECTRONIC SURVEILLANCE'
-----
More interesting still is a STOA report called:
'AN APPRAISAL OF TECHNOLOGIES OF POLITICAL CONTROL'
which is just too old to be held on the page above listing STOA's
Final Studies. [ref PE 166.499]
Never mind, this report can be seen at:
<http://jya.com/stoa-atpc-so.htm> or several other web sites.
This report is a particularly good read especially as it was an
official report of the European Union and not produced by some
unresearched web-site.
Franklin
Ari,
Hey! Steady on old chap!
I already have enough trouble with Mr Bottom's typical posts full of
advertizing material but made to look as if the app is something he's
tested and is recommending. Please don't send him off with
instructions to avoid security apps because all that'll happen is ACF
will get even more self-serving posts about other type of application!
-----
BTW is this FlexCrypt that'sbeing discussed any relation to an old
product by Globetrotter Software which was also called Flexcrypt? I
hope not because that one got busted open a very long time ago.
"Reversing Globetrotter Software's Flexcrypt"
<http://www.woodmann.com/fravia/flex2_45.htm>
-----
Say, you haven't got permanent room for Mr Bottoms over in your group
have you? Heh! :-) Here's a sampler of his recent over-enthusiastic
postings. Last week Mr Bottoms just loved the awesome nCleaner and list
of things the advertising material claimed it could do:
<news:op.uccpw...@bwwlxc1.br.no.cox.net> original posting
<news:<Xns9AB67BC2...@127.0.0.1>>
<news:Xns9AB67BF9...@127.0.0.1>
The week before that, Ultimate Defrag looked marvellous to Mr Bottoms
and he quoted the adertising material extensively as if it were his own
observations. It was a pretty thing but did very little that was
special, was very new and therefore potentially a buggy defragger.
<news op.ubnp5...@bwwlxc1.br.no.cox.net> original posting
<news:Xns9AAA10A...@127.0.0.1>
<news:Xns9AAAE691...@127.0.0.1>
Not long before that, Mr Bottoms was championing something called
Torrent Swapper with all his might and making generous use of copied
advertising material:
<news:op.ub2o9...@bwwlxc1.br.no.cox.net> original posting
<news:Xns9AB119B1...@127.0.0.1>
<news:Xns9AB2E12D...@127.0.0.1>
And so it goes on.
-----
Sometimes Mr Bottoms picks up a recommendation found on a freeware
website but as soon as you ask him about some point in detail, he
starts to get flustered. Why does he pretend? In truth, Mr Bottoms
does bring some useful apps to the attention of this group
(alt.comp.freeware) but surely it's not necessary to make out that an
app has been thoroughly checked over when he has hardly looked at it.
{{{sigh}}}
Franklin
hummingbird
On Mon, 9 Jun 2008 20:44:09 +0200 (CEST) 'Anonymous Remailer
(austria)'
wrote this on alt.comp.freeware:
>hummingbird wrote:
>
><snippage>
>
>> >PGP is still open source. I believe there was a version or two in the
>> >7.x era that weren't,
>>
>> Indeed.
>>
>> >but even the suits who took over from PRZ quickly
>> >figured out that if you don't let your crypto be scrutinized by your
>> >peers and anyone else who cares to poke and prod, your product is
>> >considered useless. Your peers will discard it completely, the nuts
>> >will invent all manner of conspiracy theories, and the average Joe's
>> >will rightfully assign at least some level of credibility to both.
>>
>> Thanks for that. I had no idea it had become open source again.
>
>It's a fact not widely known outside certain circles, and unlike
>"traditional" open source software you have to agree to their terms. No
>modifications, you can't compile your own production copy, etc. But the
>important part is there in this context. It can be peer reviewed and a
>known good copy compared to an off the shelf copy.
Thanks, that's quite impressive.
I wonder what the spy agencies have to say about that!
>> That kills my conspiracy theory that the suits were funded by
>
>Kill is such a strong sentiment. ;)
>
>Nothing is infallible. Being open source doesn't mean there can't be
>flaws in something, purposefully or otherwise. But it truly *is* the
>best way we have to guard against that sort of thing, and historically
>very useful for doing so.
Quite so.
>> >You nee to Google "magic lantern".
>> >
>> >Then do a little research into a program called JAP.
>>
>> Ta, I'll do some research...
>Briefly, Magic Lantern is the code name for a real life US Government
>program and software, whereby they could install "undetectable" key
>logging software on any and every machine they cared to.
>
>JAP is a piece of anonymous proxy software and an anonymous mix network
>that was back doored under gag orders by the German feds. Being open
>source that compromise was spotted, with a little amusing help from the
>maintainers of the software themselves it seems. I forget the exact
>wording, but they actually inserted language like "Crime Detection
>Function" several places in the source itself.
Those fiendish krauts are at it again ;-)
>> >Surprise levels being irrelevant, you will find out that government
>> >sponsored back doors are nothing any newer than the ability to sponsor
>> >them, and that open source has historically been a pretty good
>> >
>> >> uh oh! gotta go ... I can hear the sound of jackboots...
>> >
>> >If only it were that easy. The problem here is you can't see them
>> >coming, and apparently some people remain in a willful state of
>> >ignorance regarding the fact that they not only can blind side you,
>> >they have more than once already.
>>
>> Sure, good security is always pre-emptive or anticipative.
>
>And open. :)
>
>There are no black boxes in good security. If you can't dissect it you
>have little chance of proactively spotting weaknesses, and security is
>even more about knowing specifically what might be exploited and how,
>than it is being confident that some mathematical formula or trying to
>guess what the BadGuys(tm) will do next. It's as much about knowing
>your weaknesses, as your strengths. :)
Yes I agree. Thanks for the useful info, much appreciated.
hummingbird
On Mon, 9 Jun 2008 20:32:32 +0000 (UTC) 'Anonymous Sender'
wrote this on alt.comp.freeware:
>hummingbird wrote:
>
>> Plse understand that I'm not sticking up for flexicrap.
>> All I've said is that it will be adequate for *some* people.
>>
>> I understand the principles of security well,
>
>Those two statements are contradictions.
I was applying the concept of security wider than just computing.
I have always believed that security needs to be effective against
the perceived threats and with due regard for whatever is being
secured. So, if you regularly stored sacks of diamonds in your
home, you'd need to have better security than if you only stored
sacks of pinto beans. And IMV the security needs to prevent
access in the first place (ie physical security), not simply sound
alarms once a burglar has got in.
Likewise, the married housewife who keeps her boyfriend's name
on her USB stick needs to apply better security than if she only
keeps her shopping lists on it...
>Nobody who has any understanding of security would ever
>recommend encryption of completely unknown quality for
>anything just because they assume it might "look real
>nice" to some users.
I agree with you here.
>And that's exactly what you're saying.
My previous point was about the issue of 'horses for courses',
as I've described above.
>Simple truth of the matter is you don't know if it's
>adequate, a trojan, spyware, crapware, or the best damn
>encryption software in the world. You're basing your
>first statement on blind assumption and the subjective
>opinion that all the buttons and icons are in the right
>places. And that, my friend, makes your second statement
>categorically false.
Insofar as computing and this program is concerned, yes
I agree with you.
Anonymous
> Getting compression right is difficult, Feathers, especially when there
> is encryption involved. There is an ongoing debate as to the appropriate
> sequencing of encryption/compression and since
>
> www.flexcrypt.com
>
> refuses to tell us a friggin' thing about their product,
<prune>
FWIW, I emailed them with a few general questions about their
product(s) and after three days have received absolutely no reply at
all.
biject
> On Mon, 9 Jun 2008 13:28:15 -0400 'Ari'
> Well, there are plenty of compression algorithms available.
> It's not reinventing the wheel ... that's what I meant.
>
> Surely any difficulty w/r/t encrpted data would depend on the
> algorithm used? PGP compresses encrypted data just fine.
>
Actually PGP sucks at compressing encrypted data.
But it does compress then encrypt. Again let me state
it. It compresses first then it encrypts. THere is a big
difference.
David A. Scott
--
My Crypto code
http://bijective.dogma.net/crypto/scott19u.zip
http://www.jim.com/jamesd/Kong/scott19u.zip old version
My Compression code http://bijective.dogma.net/
**TO EMAIL ME drop the roman "five" **
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged.
As a famous person once said "any cryptograhic
system is only as strong as its weakest link"
Anonymous Sender
>
> On Mon, 9 Jun 2008 20:08:03 +0200 (CEST) 'Anonymous'
> wrote this on alt.comp.freeware:
>
> >hummingbird wrote:
> >
> >> >The only point I saw was that you claimed people wanted to be secure,
> >> >more secure or really really secure. I'm saying why put in a wooden door
> >> >to your safe when you can have a 12" concrete/steel reinforced one for
> >> >no more hassle or penalty.
> >>
> >> That is true providing your "12" concrete/steel reinforced" door
> >> is as easy to install and cheap as the wooden door. I'd bet that
> >> in most cases it isn't. So, we get back to horses for courses.
>
>
> >In this case, it absolutely is. In fact this particular concrete-steel
> >door is a *lot* cheaper for the same functionality, Installs exactly
> >the same way, swings easier on its hinges, works just like every other
> >door of its type so authorized strangers won't have any trouble using
> >it, and has design specs freely available so you can be sure the thing
> >is filled with concrete and not Styrofoam, or build your own if you
> >want. :)
>
> I didn't know we were debating a specific door in a specific
> location. Where is this door?
We're not. Don't be obtuse. We're talking about doors in general and
how cost effective they are for keeping out evildoers regardless of
where they might be physically installed, or the types of evildoers you
suspect might come calling.
> >Actually, that's not true at all. Good home security is *very*
> >effective at keeping determined criminals at bay.
>
> I said nothing to the contrary. I said that window locks and
> alarms are often ineffective.
That's false. Window locks and alarms are an intregal part of any well
rounded security solution. As such they're highly effective in most
cases, except, ironically enough, in scenarios where someone might rely
on inferior products or locks/alarms alone as a panacea. Much the way
you seem to be advocating the use of an unknown, untested encryption
product as "good enough" for some contrived, purposefully constrained
scenario. :)
> >It's the "amateurs"
> >who will still try, and often fail. The "pros" will generally look for
> >an easier target, because criminals are after all essentially cowards.
>
> ditto.
>
> >And there's no shortcuts. Determined criminals can spot snake oil
> >faster than many determined "experts".
>
> Agreed. Hence my original comments.
If you know this, then why in God's name would you advocate using
inferior products and creating easier targets?
It makes absolutely no sense at all.
Anonymous Sender
> >If someone from the Government comes and gets your hard drive under
> >subpoena, I would venture to say few here could hide anything from them.
>
> Except *perhaps* those using PGP.
>
> But in the UK it is a criminal offence punishable by 2 years in
> the slammer to withhold a password or encryption phrase from
> the police when asked (RIPA). That is irrespective of what the
> encrypted data might contain.
That doesn't mean it can't be done, merely that it may not be very
appealing. ;)
>
> Acceptable defences are "I forgot it" or *I lost it" but they're
> unlikely to be accepted if there is other evidence against you.
Indeed. It's pretty unlikely that you suddenly "forgot" the passphrase
to an encrypted volume that shows a long and well defined pattern of
recent access in the registry, when to police come knocking looking for
that kiddie porn they watched you download which also seems to have
just "disappeared".
But then, a couple years behind bars might be preferable to the stigma
of being a baby raper. ;)
Anonymous Remailer (austria)
hummingbird wrote:
<snippage>
> >Anecdotes and suppositions are irrelevant here. Whether "grandma" can
> >crack your porn files is meaningless. Good or bad security isn't defined
> >that way by anyone who is even remotely serious, it's defined by
> >evidence and facts pointing to the conclusion that if granny is
> >replaced by the FBI your data is still safe. To assume that only
> >attackers with limited abilities will ever come into contact with your
> >data is pure self delusion. You plan for the worst case, and let lesser
> >scenarios take care of themselves. Especially when a truly good
> >solution is both cheaper, and more functional. ;)
>
> I think that's a very purist view of security. Whilst I do
> understand your point, I still maintain that in a scenario where
> (say) 10yo kids or grannies are involved, you really don't need
> to think in terms of PGP.
Yes, you absolutely do in this context. The logic is very simple. If
you were buying "granny" a car, would you forgo kicking the tires a
couple times just because you thought it was a nice shade of blue and
you were really really sure she'd only be driving it 35 MPH or less on
Sundays?
Would you go for the unknown, when right beside it is a car the same
color or nicer that's been thoroughly gone over by dozens of experts
and thousands of armature mechanics and certified mechanically ready
for the race track, just because your granny's last name wasn't
Andretti? Even when the certified car is absolutely free and has the
crumple zone and side air bag options the potential piece of crap
doesn't??
You wouldn't unless you were completely insane or really hated your
poor granny. ;)
The "closed source is fine for [insert mythical weak attacker here]"
thing is every bit as inane. Unless you're the AllTel Wizard your
crystal ball doesn't see far enough into the future to know she won't
grow a wild hair one Wednesday night and head out for the track. Or
have some drunk bastard blind side her on the way to church the next
weekend.
Not one person here or anywhere else, with one exception and they're
apparently not saying, knows if Flexcrypt is even competent enough to
keep granny or the 10 year old in their place. And anyone who says they
feel confident that it is, is doing nothing but spewing self serving
nonsense. They just don't care to be wrong about something, so they're
propping it up with whatever straws they can find within grasping
distance.
> All you need is something which is
> effective when weighed against the perceived risk, and value
> of the data being secured. Anything else is superfluous.
This dogma is only correct to a point, and absolutely wrong in this
specific context for one simple fact...
Your "perceived risk" only applies when you make accurate assessments
of your risks in the first place, and becomes meaningless when there's
a solution which exacts no additional penalty at all but covers what
you "perceive" as well as what's a very plausible risk whether you care
to perceive it or not.
And unless you know something nobody else does, you have no idea if
your "solution" is even a solution at all because you don't know if
some 10 year old little kid will be the one to crack it, or be the one
behind it laughing his ass off as he makes a fortune stealing grandma's
bank account numbers and stuff.
It's not rocket science, and it's not "purist". It's simple common
sense. On one hand you have an unknown piece of potential death trap
with a fraction of the features unless you pay through the nose, and on
the other hand you have a certified vehicle with all the drive-ability,
upgrades, and safety features to protect you from things you might not
see coming... *completely free of charge*.
The folks going with option 'B' aren't purists here guy, they're the
ones with IQ's bigger then their shoe sizes. ;)
Sparky
> On Sat, 07 Jun 2008 20:56:09 -0500, Sparky <nom...@name.invalid> wrote:
>
>> Bear Bottoms wrote:
>>> On Sat, 07 Jun 2008 19:25:26 -0500, Sul@Motzarella <S...@e888.com> wrote:
>>>
>>>> I suppose there is one way to test it;
>>>> encrypt one file and let anyone have a go at cracking it
>>>>
>>>> depending on the hardware resources, it may take days ..............
>>>> or even months .....................................................
>>>>
>>>
>>> Have a go: http://bearware.info/HackThis.exe
>>>
>>
>> Are you some sort of new and improved type of muttonhead or something?
>>
>> HackThis.exe: Trojan.Dropper-6392 FOUND
>>
>> You are aware that maliciously distributing malware is actually a crime
>> in many jurisdictions, right? And that while your rather odd psyche may
>> see this as a harmless prank, others may not.
>>
>> X-Complaints-To: newsm...@cox.net
>>
>> Interesting side note; this particular bit of malware has close ties to
>> a file called boytoy16 and certain shady porn sites in the Netherlands
>> which no longer exist, as far as my brief research tells me. That you'd
>> select it specifically for such a bold demonstration of puerility is a
>> real eyebrow raiser. A sterling reference for a site that uses words
>> like "top" and "best" in its meta tags, I'd have to say. :-(
>
> As are false accusations with intent.
>
Please explain why you believe cutting and pasting what a fine piece of
freeware has to say about the binaries you're distributing, calling
you a muttonhead for distributing them, and forwarding that information
to your provider is intent of anything but warning readers about your
lack of character?
If anyone downloads and runs this file, they're nuts.
You're nuts for posting it in the first place. It was completely
unnecessary, and a malicious act on your part even if it's not the
rather amateurish "popup" porn trojan more than one AV software says it
is. And that's just the plain truth no matter which way you twist it
skippy. :-\
hummingbird
On Tue, 10 Jun 2008 15:56:38 +0000 (UTC) 'Anonymous Sender'
wrote this on alt.comp.freeware:
>hummingbird wrote:
>
>> >If someone from the Government comes and gets your hard drive under
>> >subpoena, I would venture to say few here could hide anything from them.
>>
>> Except *perhaps* those using PGP.
>>
>> But in the UK it is a criminal offence punishable by 2 years in
>> the slammer to withhold a password or encryption phrase from
>> the police when asked (RIPA). That is irrespective of what the
>> encrypted data might contain.
>That doesn't mean it can't be done, merely that it may not be very
>appealing. ;)
Quite so.
>> Acceptable defences are "I forgot it" or *I lost it" but they're
>> unlikely to be accepted if there is other evidence against you.
>Indeed. It's pretty unlikely that you suddenly "forgot" the passphrase
>to an encrypted volume that shows a long and well defined pattern of
>recent access in the registry, when to police come knocking looking for
>that kiddie porn they watched you download which also seems to have
>just "disappeared".
>
>But then, a couple years behind bars might be preferable to the stigma
>of being a baby raper. ;)
Fortunately, neither babies nor rape interest me very much :-)
Phew!
My main concern is when the sweep starts to include political
dissenters, as I think it will. It's already a criminal offence
to say or do anything which might be construed as support for
terrorism. If (say) someone said that "America had it coming"
regarding 9/11, that is now a criminal offence in the UK.
This week Govt is trying to increase the period of imprisonment
without charge from 28 to 42 days, meaning that a person could
be arrested and locked up for 42 days without ever knowing why,
even if released.
Anonymous Sender
> On Mon, 09 Jun 2008 04:47:43 -0500, hummingbird <hummi...@127.0.0.1>
> wrote:
>
> > A product such as this is probably *good enough* for Jane Doe
> > who wants to *feel safe* if she drops her USB stick in the local
> > supermarket.
> > That's all I'm saying. I don't think anybody can argue with that.
>
> No one here has come up with what HackThis.exe contains so it would be
> fair to say it extends beyond Jane Doe. :)
No, it wouldn't be anything like that at all. It would be assumptive,
misleading, self serving, straw grabbing, and blatantly false, but it
wouldn't be fair.
Your chest puffing is meaningless. All such chest puffing is. Your
challenge is suspicious to begin with, and the fact that nobody has met
it to your contrived satisfaction means nobody cares to try as much as
it does nobody can get the job done. Sometimes it takes months to
uncover even the most trivial of exploits due to the sheer number of
possibilities, and to be brutally honest, neither Flexcrypt nor you are
significant enough to warrant that sort of investment. The software,
and your opinion of it, can be summarily discarded as useless without
the bother, because there's absolutely no substance at all behind any
of it.
Once again, you're so far out of your league you're making a fool of
yourself. Seriously. These are the very basic underpinnings of software
related security and encryption in particular. Disclosure and
corroboration.
>
> If someone from the Government comes and gets your hard drive under
> subpoena, I would venture to say few here could hide anything from them.
>
Sure you can, easily, and people do it every single day. If you use
strong encryption and use it *properly* there's nothing they can do
about it except break out the rubber hoses. That's why the recent NYSC
decision regarding pass phrases is so important, and why "government"
is still fighting to make it illegal to withhold that type of
information. But even if the penalty for withholding is more severe
than the penalty for the disclosed data, you can still *do* it if you
want.
Anonymous Sender
> On Sun, 08 Jun 2008 17:56:50 -0500, Franklin <nev...@d.sight.of.it> wrote:
>
> > The idea of a back door to the app has been suggested to you already.
> > Data could exit on your regular ports such as those for SMTP or HTTP
> > and masequerade as ordinary traffic.
>
> I know...I've ignored paranoia over proof. That could be true of every
> single app you are using. Show proof.
> >
> > One problem mentioned earlier is that the code for Flexcrypt is not
> > open for inspection. If it were then various compromises would have a
> > better chance of being spotted and your confidence would increase.
>
> It can be decompiled, I'm sure.
You're as obviously clueless regarding disassembly/decompilation as
you are the general ins and outs of encryption and security software.
Decomplitation is largely a myth, as no utility that purports to do
that is any good at it at all without feeding it a considerable amount
of information about the original source itself. And since we don't
have that....
Disassembly is a bit more useful for reverse engineering purposes, but
it's trivial to hide routines and/or what they really do from
disassemblers. Every pimply-faced prepubescent "hacker" has a tool box
full of "DASM smashers".
> I doubt very seriously such a small app
> along with a company selling other products would be so infected...if it
> ever got out...it would be a company killer.
Blah! I can point you to one "security company" that's been involved in
flat out criminal activity and merely disappeared and resurfaced on
line under another neame and "new management". Google "Doctor Georg
Adem" for a preview.
> >
> > Who can you trust? One theory doing the rounds is that the US
> > government has a back door to PGP. Others think that the government
> > has a Magic Lantern deal with a major anti-virus supplier to not detect
> > some government snoopware.
> >
> Well if Government is the case, much more than a little freeware app is
> contaminated. I have nothing to hide and none of my accounts have been
The last bastion of a thoroughly deflated argument for any sort of
closed source encryption or black box security... "nothing to hide".
*sigh*
First of all, you absolutely do have something to hide or you wouldn't
be mucking around with encryption software and calling it "good enough
for grandmothers".
Second of all, I can prove it using you as an example. If you truly
have nothing to hide then by all means feel free to man up here, and
install an SSH server with an open root account and post the login
details here. Make sure you lay open all your password lists and
everything, OK?
Yeah, I thought so.
Everyone has information they don't want falling into unauthorized
hands. Everyone. The only people who spew "nothing to hide" tripe are
those who have embarrassed themselves so thoroughly they see no other
way of even attempting to vacate heir little corner.
> breeched...Paranoia will not stop me from doing my thang. I prefer real
The only thing that could possibly stop you, is an education.
Unfortunately your overinflated ego seems to make you impervious to
clues. :(
> evidence. As for Flexcrypt Folder...it is a good tool and I will use
> it...I like it better than CruserLock or anything else I've tried. I
The whole Flexcrypt line is pure snake oil. Plain and simple. Your
"opinion" of it, or anything else like it, is thoroughly irrelevant
because it's based on useless "ooooooo.... look how preddy" criteria.
You're neither qualified to make any judgment what so ever, nor clever
enough to proffer one up based on any sort of valid points of reference.
> especially like not needing a program to decode it. That is built into the
> encrypted exe as small files are much larger than the original, however, a
> 400+Mb encrypted to 287...compression algorithm at work.
SFX encrypted archives have been around for more than a decade.
Compressed and encrypted volumes/partitons even longer. You're
apparently in awe of "nothing new", which calls into question not only
your credibility as an authoritative source of information regarding
encryption software, but your competence with respect to reviewing
software of any type.
Ari
> Never mind, this report can be seen at:
> <http://jya.com/stoa-atpc-so.htm> or several other web sites.
> This report is a particularly good read especially as it was an
> official report of the European Union and not produced by some
> unresearched web-site.
That is really good stuff and is it surprising that the majority of it
was presented prior to the year 2000? Not at all.
--
http://www.bushflash.com/idiot.html
Ari
nemo, are you trolling around, you silly Canuck? Come out, come out,
whomever you are! lol
--
http://www.bushflash.com/idiot.html
hummingbird
On Tue, 10 Jun 2008 14:28:37 -0400 'Ari'
wrote this on alt.comp.freeware:
>On Mon, 09 Jun 2008 23:06:16 +0100, Franklin wrote:
>
>> Never mind, this report can be seen at:
>> <http://jya.com/stoa-atpc-so.htm> or several other web sites.
>
>> This report is a particularly good read especially as it was an
>> official report of the European Union and not produced by some
>> unresearched web-site.
The European Parliament, not the European Union.
>That is really good stuff and is it surprising that the majority of it
>was presented prior to the year 2000? Not at all.
--
hummingbird
On Tue, 10 Jun 2008 15:56:38 +0000 (UTC) 'Anonymous Sender'
My earlier premise is that one would choose a good wooden door
-or- a 12" concrete/steel reinforced door, after doing a risk
assessment. I have no problem in accepting that the latter is
probably more secure, but would it always be necessary? And I
believe the cost and installation of the latter would be higher.
It is precisely because we assess the risks, that we only select
security measures which are adequate to defeat them, and don't
surround our homes with minefields, machine gun posts and beds
of quicksand.
>> >Actually, that's not true at all. Good home security is *very*
>> >effective at keeping determined criminals at bay.
>>
>> I said nothing to the contrary. I said that window locks and
>> alarms are often ineffective.
>That's false. Window locks and alarms are an intregal part of any well
>rounded security solution. As such they're highly effective in most
>cases,
That's not too different from what I said.
Yes, they can be effective but often they are not. Window locks
are only a physical deterrent against trivial burglars and alarms
only get triggered when someone has already violated the premises.
In many cases, neighbours ignore alarms anyway (UK).
Steal window/door grills are a much better physical deterrent for
homes and are pretty much standard across parts of Europe, but
not in the UK because we live in denial.
>except, ironically enough, in scenarios where someone might rely
>on inferior products or locks/alarms alone as a panacea. Much the way
>you seem to be advocating the use of an unknown, untested encryption
>product as "good enough" for some contrived, purposefully constrained
>scenario. :)
Whoooooa. I was not advocating the use of any program.
Simply debating the *horses for courses* aspect...
>> >It's the "amateurs"
>> >who will still try, and often fail. The "pros" will generally look for
>> >an easier target, because criminals are after all essentially cowards.
>>
>> ditto.
>>
>> >And there's no shortcuts. Determined criminals can spot snake oil
>> >faster than many determined "experts".
>>
>> Agreed. Hence my original comments.
>
>If you know this, then why in God's name would you advocate using
>inferior products and creating easier targets?
>
>It makes absolutely no sense at all.
See above.
hummingbird
On Mon, 9 Jun 2008 16:08:42 -0700 (PDT) 'biject'
wrote this on alt.comp.freeware:
>On Jun 9, 2:16 pm, hummingbird <hummingb...@127.0.0.1> wrote:
>> On Mon, 9 Jun 2008 13:28:15 -0400 'Ari'
>
>
>> Well, there are plenty of compression algorithms available.
>> It's not reinventing the wheel ... that's what I meant.
>>
>> Surely any difficulty w/r/t encrpted data would depend on the
>> algorithm used? PGP compresses encrypted data just fine.
> Actually PGP sucks at compressing encrypted data.
>But it does compress then encrypt. Again let me state
>it. It compresses first then it encrypts. THere is a big
>difference.
Yes I am now aware that PGP compresses first.
Insofar as its quality of compression is concerned, I can only say
that the version of PGP I had installed compressed as well as zip.
At that time there weren't many other options, like today.