"WYLTK" <WY...@Bigfoot.com> wrote in message
news:plhL4.195458$8k3.1...@news1.rdc1.sdca.home.com...
: Um, much as I'm a fan of open source, have you considered there's
: really nothing stopping some nefarious individual from posting clean
: code, and implementing a compromised version?
It would be a simple matter for someone to compile the posted source and
notice it did not produce the executable(s) which were posted.
IMO, a bigger danger would be source which had backdoors in it which were
difficult to read. Few are going to spend the considerable effort to
learn in detail how a particular piece of software works. Thing such as
misleading comments or variable names, or other confusing constructs could
be used to "hide" unwanted features. Most people know how much of a
difference 1 line can make in a large program.
(I spent 14 hours going over it.)
"Anonymous" <Use-Author-Address-Header@[127.1]> wrote in message news:2000042012...@berlin.neuropa.net...
"Frog" <FrogRe...@NoReply.org> wrote in message news:3C52B...@127.0.0.1...
> In article <plhL4.195458$8k3.1...@news1.rdc1.sdca.home.com>
> "WYLTK" <WY...@Bigfoot.com> wrote:
> >
> > Hard to evaluate without a URL to check it out. Do they allow
> > people to view the source code and algorithm ?
> > If they don't, I wouldn't trust it.
>
"The U.S. Department of Commerce has issued worldwide encryption export approval for ZixIt-enabled software, such as ZixMail. "
#1: this sounds like they have a way to view the contents (I.E.:There is a backdoor)
#2: Last I heard, the US Dept. of Alcohol, Tobacco, & Firearms were the ones holding export control of encryption. (I.E.: Do THEY
know what they speak of?)
"SL" <brgsj...@mailexpire.com> wrote in message news:sIyL4.5915$L7.8...@news-west.usenetserver.com...
> http://www.zixmail.com and from what I can see they do allow the
> evaluation you ask about.
>
>
> "WYLTK" <WY...@Bigfoot.com> wrote in message
> news:plhL4.195458$8k3.1...@news1.rdc1.sdca.home.com...
> > Hard to evaluate without a URL to check it out. Do they allow
> people to view the source code and algorithm ?
> > If they don't, I wouldn't trust it.
>
I would have thought that recompiling the source would produce a
different binary in any case, even if done with the same compiler. How
does publishing the source protect us, unless you are able to examine
and compile the source yourself?
--
Klingsor
>> >Some time after the Azery remailer was set up, the Frog administrator
>> >revealed that he was running Azerty and Frog on the same machine.
>> >Remailer users need to know this so they can avoid putting remailers
>> >run by the same person in the same chain.
>
>The controversy really boiled when he actually used this to publicly
>reveal the identity
>of someone he considered an abuser, thus clearly demonstrating the
>possibilities of
>traffic analysis. Many people dumped him for that stunt.
>
>Its quite conceivable that this is consistantly going on.
I made a DejaNews search.
Subject: Remailer abuser caught: jne...@ccrtc.com
Date: 07 Feb 2000 00:00:00 GMT
Message-ID: <200002070...@nyarlatheotep.frog.org>
The "abuse" was apparently a mail-bomb of 100*160K messages at least.
The admin stated in the same thread that he suspected most abuse through
remailers to be performed by remailer-haters to give remailers a bad name.
Apparently, at the same time, there was a hysteria in France against
remailers and concerted attacks against Frog.
He promised to fight back such attackers, and advised them to stay at bay.
That might have deterred further attacks against Frog and Azerty, as
apparently they were not involved in the continuous flooding of
rec.music.opera which is presently taking the life of Widow and is
jeorpadizing other remailers.
here is the initial post:
Newsgroups: alt.privacy.anon-server
-----BEGIN PGP SIGNED MESSAGE-----
I caught an abuser (trivial traffic analysis):
Azerty received 100 * messages 160 K initially
giving 100 * identical messages 60 K on arrival with 14*gif (batman) each.
In-between, transparent-remix generated a few hundreds messages each hop
jne...@ccrtc.com > azerty > noisebox > frog > tk...@link2000.net
that was the scheme
here are the headers: incoming and last hop
I DO NOT PROMOTE ABUSE NOR PROTECT DOS ATTACKERS
HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH
Return-Path: <jne...@ccrtc.com>
From: jne...@ccrtc.com
Received: from ccrtc.com ([205.243.45.34])
by BFLITEMAIL4.bigfoot.com (LiteMail v2.01(BFLITEMAIL4)) with SMTP id
05Feb2000_BFLITEMAIL4_24083_30715760;
Sat, 05 Feb 2000 23:59:12 -0500 EST
Received: from jneeley [208.15.79.135] by ccrtc.com
(SMTPD32-5.05) id A932F2630144; Sat, 05 Feb 2000 23:56:34 -0500
Date: 6 Oct 1999 04:54:49 -0000
To: AzertyR...@bigfoot.com
Message-Id: <20000205235625.SM00188@jneeley>
HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH
Message-Id: <200002061...@nyarlatheotep.frog.org>
To: tk...@link2000.net
From: Anonymous...@See.Comment.Header (Batman)
Subject: screw you spammers
Reply-To: Bat...@Batcave.com
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="---------Next_Part--LP7E58SLOEWB"
- -----------Next_Part--LP7E58SLOEWB
Content-Type: image/gif; name="batman.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="batman.gif"
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQEVAwUBOJ4Ww4DgT488d3zFAQHoOAgA2Tch5sam+ceKC7ut2eHSbUuYkZ+3GiR3
4UZ679PBB60vwEm4SJThJA+ElvrDfSyRvyYDFjUOpH2dZ49BIC1KH3ZCZjYZh6D1
ZXOd0WFWgS8vXvXZg0F/9wAxxTzt9P3xqXYoijdkFf1uqQQqDQfE9QC/mJxZMUzI
UEQHzuUqf5BQyH7sbinxl61hP8IOiO70Etp8YmppfBRfHpSCe/6fPl7WTGlq1+Yv
m+S3NFePi7TrjO/+tvOhTMC2BG0muOP+vCwoj4/0usDr43HIWpkeGNQc2oMsvA1h
mqpLNmzQ4gM0S7rQFX1Yay4FbS7zYlpYqGuyvTITWYc60tgEnzNkIQ==
=xJj3
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
On 23 Apr 2000, Anonymous <nob...@neuropa.net> wrote:
>That might have deterred further attacks against Frog and Azerty, as
>apparently they were not involved in the continuous flooding of
>rec.music.opera which is presently taking the life of Widow and is
>jeorpadizing other remailers.
I wish it would have worked that well.
I escaped being involved in the flood in rec.music.opera
(7.800 messages by anonymous)),
but I got a full-scale attack in rec.sport.pro-wrestling
(10.000 messages by Crinkly)
And I will fight back as hard as I can.
I put my acts where my mouth is.
see post
Subject: Re: newsgroup filter
Newsgroups: alt.privacy.anon-server
Message-ID: <35DD8...@127.0.0.1>
and the new www pages
Politiques FR
http://yi.org/frogadmin/Pol_FR.html
Policies EN
http://yi.org/frogadmin/Pol_EN.html
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQEVAwUBOQNvuYDgT488d3zFAQHvzggAlNSf63s9SyYaW+C9F8pq1FW0ifCJPjJA
lMP7TafaoOQPw+h2iFjKD6MgdS4R1wMMLLuK1s/dgT1s/PEXGgFl5pVykKoxIsM7
pqq1l45fzikWQp4XBjlJspOeAg4KG4Msts6EYkVxG43bdcCWlkbtuIXqAI+jT36t
eH5QuOUwf8Eu/6PrlPJd2rFrdh3UL9+dLI3/37DuZczjMH/OiXLTmItuqAdBPaHd
mnEcQu0sApAZeepHgQZZ2d9u/qHtoJdpJv4W1CFBmjU/KE68HWqh0IU2hYFD+tll
SWx3uHFqJfaj/VpisfPz3y4z+1IUmF/0I72V4ibLzRbUSJfuotGJbg==
=zYBD
-----END PGP SIGNATURE-----
at what version ?
the s/w is very promising one, you can get it from
ftp://idea.sec.dsi.unimi.it/pub/security/crypt/code/ look for s-tools4.zip
do you know where to get source code ?
WYLTK wrote:
> I ALWAYS look at the code anyway. ;}
when you do, did you read S-Tools4 stego source code ?