From: John McCain Date: Mon Jun 4, 2001 6:38pm Subject: Re: Cheap receivers? - now cheap SAs Shaw, For some education and bargain basement spectrum analysis work, check out http://www.science-workshop.com/ , home of the "poor man's spectrum analyzer" for some great ideas and kits to doityerself. Thousands of hams have built these kits ( or portions of them) Look at 2Mhz to 1.7 Ghz for well under 1K$ .... but it's no HP lab instrument :) Cheers, JohnM Manager, Corporate Security Voice: 217-352-3207 Data Comm for Business, Inc. Fax: 217-352-0350 807 Pioneer Web: http://www.dcbnet.com Champaign, IL. 61820 Email: Jmccain@d... 3153 From: Date: Mon Jun 4, 2001 7:59pm Subject: TSCM Carry-on kit discussion Folks, here's my flyaway package... I keep a carry-on kit in the trunk of my personal car all the time. It's enough gear for a basic inspection and it wouldn't be the end of the world if it was stolen. It's also sufficient for most domestics and general paranoia inspections (after thoughtful client analysis...). I began with an empty Platt tool case that fits within the size limitations. Here's what's inside: LINE INSTRUMENTS: - Fluke portable, rechargeable 200 MHz o-scope/DMM - TPI DMM/basic o-scope - Harris buttset/speakerphone - Kaiser amplifier, TDR, subcarrier receiver RF INSTRUMENTS: - Protek 3201 handheld analyzer - Icom PCR-1000 - Icom R-10 or R-3 - Optoelectronics Xplorer - External mixers, preamps, and homebrew antennas TOOLS: - Surefire 9P flashlight, 2 D-cell Maglite, Maglite penlight, extra batteries - Xcelite interchangeable screwdrivers (1 large, 1 small ratchet size) - Craft tools: punchdown, banjo adapters, can wrench, etc. I chose the Fluke oscilloscope for its size, mostly, but I've been impressed by its features and durability. I can save traces and data to my computer. I also bring a TPI DMM/1 MHz scope for crawling around in attics and phone closets and for more basic work. It has RS-232, logs data, and costs less than $300. The buttset is for good measure and readbacks. I bring one or two Kaiser 1059 amplifiers and an SCD-5 subcarrier receiver (I like to try and hear what I see). The TDR kicker works great with the scope, and while I'd rather have a Riser-Bond with me, the Kaiser saves a lot of space and weight. I've never liked the Protek 3201. It's allegedly a spectrum analyzer -- but it has to be spoon fed RF. It's a huge compromise from a full size analyzer, lacking real sensitivity or selectivity, but it's better than nothing. Since kicking myself for buying it, I've found an interesting computer driven SA with better RF specs, but I haven't spent the money yet. If I can justify it, I'll pick up an Anritsu MS2711A, which has terrific RF performance for its size and reaches to 7 gigs. It's smaller than most laptop computers. Woo hoo. The Opto Xplorer is a neat toy that's fun to bring along. It runs by itself and collects frequencies that can be downloaded and examined later, or works as a cheap nearfield receiver with a demod. It finds any of the 50 or 100 mw wireless mic transmitters instantly (not necessarily something to brag about) and it picked out a fairly low power, hacked 49 MHz plug-n-talk when connected to a nice big antenna. It's also nice to have for long layovers in airports when you want to drop in on airport security, food cart guys, etc. I keep the Icoms for convenience. The PCR-1000 performs as expected and it's good to have for scanning through the hot lists. It also has a decent search function that logs numbers. The R-10 is good for walking around, as is the R-3. The R-3 has a neat LCD display (unfortunately, its best feature). I think the tools are self explanatory. I try and jam a pair of second hand coveralls (with somebody else's name on a patch) in there too. I have one with a cola company logo on one side and "Dave" on the other. It works wonders and keeps my real clothes clean if I have to play in someone's attic. My laptop fits inside, barely, but I usually carry it in its own case. On my wish list: a BAE/Watkins Micro or Miniceptor receiver to replace the Icom (about the same size). The Icom serves a purpose but it's no WJ. Also, some sort of small nearfield detector. I haven't picked out which one though. Best wishes, Eric Leonard Los Angeles, CA (213) 448-8967 3154 From: David Alexander Date: Tue Jun 5, 2001 6:30am Subject: re: ECHELON - does it exist ? I read Robert's submission with glee: >My contention has always been and remains that Echelon is a carefully >nurtured hoax designed to increase the FUD (fear, uncertainty, and doubt) >factor surrounding international telecommunications. In the words of >the late, great, Douglas Adams, "The CIA discovered that, instead of actually >invading a country, it would be cheaper and more effective to make them >*think* they'd been invaded." Just because you're not paranoid doesn't mean >they're not out to get you. Or does it? > >The s/n ratio for content filtering on the scale routinely ascribed >to Echelon would make cracking Triple DES seem trivial by comparison. > >Cheers, > >RGF > >Robert G. Ferrell, CISSP >Information Systems Security Officer >National Business Center >U. S. Dept. of the Interior >Robert_G_Ferrell@n... It's a good read until you get to his sig. block. Then the penny drops about who his employer is - the US Govt. Is this submission an attempt at disinformation sponsored by the 'evil capitalist yankee government ?' P.S. for the benefit of the _really_ paranoid, or the very, very nice people at Echelon (wouldn't say a word against them) this is a joke. David Alexander M.INSTIS Global Client-Server, Communications & Infrastructure Manager Bookham Technology plc DDI: 01235 837823 Mobile: 0779 988 1284 David.Alexander@B... ======================================================================= This e-mail is intended for the person it is addressed to only. The information contained in it may be confidential and/or protected by law. If you are not the intended recipient of this message, you must not make any use of this information, or copy or show it to any person. Please contact us immediately to tell us that you have received this e-mail, and return the original to us. Any use, forwarding, printing or copying of this message is strictly prohibited. No part of this message can be considered a request for goods or services. ======================================================================= Any questions about Bookham's E-Mail service should be directed to postmaster@b.... 3155 From: David Alexander Date: Tue Jun 5, 2001 6:38am Subject: re; EMP and electronics >I have seen at first hand the radar equipment fitted to a Soviet Bloc AAA >(Anti Aircraft Artillery for the those non military background members of >the list) system, all valves, not a transistor to be seen (and this is in a >tracked vehicle, not exactly a comfortable ride!). My first reaction was >"what a load of old crap". Then, just as you say, I thought about a post >detonation EMP....... Not so silly after all when you think about it in >those terms. Perhaps this drive to miniaturisation does have it's >downsides. It's actually very easy to sheld the delicate elctronics with a faraday cage. Generally known as 'hardening' and a it's a requirement of most NATO milspec equipment that it will survive EMP. Don't be fooled by the soviet use of valves. They had no choice, their PCB tech was almost nil. Read the tech reports of the NASA astronauts who went ot MIR to see how behind they were, and are. David Alexander M.INSTIS Global Client-Server, Communications & Infrastructure Manager Bookham Technology plc DDI: 01235 837823 Mobile: 0779 988 1284 David.Alexander@B... ======================================================================= This e-mail is intended for the person it is addressed to only. The information contained in it may be confidential and/or protected by law. If you are not the intended recipient of this message, you must not make any use of this information, or copy or show it to any person. Please contact us immediately to tell us that you have received this e-mail, and return the original to us. Any use, forwarding, printing or copying of this message is strictly prohibited. No part of this message can be considered a request for goods or services. ======================================================================= Any questions about Bookham's E-Mail service should be directed to postmaster@b.... 3156 From: James M. Atkinson, Comm-Eng Date: Tue Jun 5, 2001 8:48am Subject: Re: re; EMP and electronics In many cases vacuum tubes are actually preferable to semiconductors, and the Soviets have always been masters of making extraordinarily sophisticated micro vacuum tube systems (valves). They have always been able to make better valve products, and far cheaper then any other nation. This is why Soviet made vacuum tubes are in huge demand right now for broadcasting, radar, professional audio, medicine and other industries that still need valves. Consider this; How many folks in TSCM use an X-Ray imaging system? (Pray, does it use a vacuum tube)? The use of vacuum tubes should never be taken to mean low technology. -jma At 12:38 PM +0100 6/5/01, David Alexander wrote: > >I have seen at first hand the radar equipment fitted to a Soviet Bloc AAA >>(Anti Aircraft Artillery for the those non military background members of >>the list) system, all valves, not a transistor to be seen (and this is in a >>tracked vehicle, not exactly a comfortable ride!). My first reaction was >>"what a load of old crap". Then, just as you say, I thought about a post >>detonation EMP....... Not so silly after all when you think about it in >>those terms. Perhaps this drive to miniaturisation does have it's >>downsides. > >It's actually very easy to sheld the delicate elctronics with a faraday >cage. Generally known as 'hardening' and a it's a requirement of most NATO >milspec equipment that it will survive EMP. Don't be fooled by the soviet >use of valves. They had no choice, their PCB tech was almost nil. Read the >tech reports of the NASA astronauts who went ot MIR to see how behind they >were, and are. > >David Alexander M.INSTIS >Global Client-Server, Communications & Infrastructure Manager >Bookham Technology plc > >DDI: 01235 837823 >Mobile: 0779 988 1284 -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 381-9111 Granite Island Group Fax: 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@tscm.com ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= 3157 From: Robert G. Ferrell Date: Tue Jun 5, 2001 9:29am Subject: Re: Trojan lets cyber-cops plant bogus evidence >X-eGroups-Return: sentto-49964-3615-991696154-rferrell=rgfsparc.cr.usgs.gov@returns.onelist.com >X-Sender: wk@c... >X-Apparently-To: TSCM-L@egroups.com >X-Sender: wk@i... >And just what is D.I.R.T.? Why it's a Trojan, pure and simple Heh. Only in the government's dreams.... ;-) Cheers, RGF Robert G. Ferrell, CISSP Information Systems Security Officer National Business Center U. S. Dept. of the Interior Robert_G_Ferrell@n... ======================================== Who goeth without humor goeth unarmed. ======================================== 3158 From: Robert G. Ferrell Date: Tue Jun 5, 2001 9:48am Subject: Re: re: ECHELON - does it exist ? >It's a good read until you get to his sig. block. Of course, if I were an evil government nark, I wouldn't be using my .sig, would I? Oh, but wait, I forgot that the government is so stupid, they probably do use their real names and employers and stuff. The US Government rents my data telecommunications engineering and IT security skills 40 hours a week. My opinions are quite definitely my own, and a lot of them are rather critical of the government. If anyone doubts this, see _Information Security_ magazine Nov. 1999, p. 72, Mar. 2001, p. 18, among many, many others. Or just ask Jericho or Cancer Omega or L33tdawg or.... My principal reason for disbelieving Echelon is that it requires a great deal of interagency, not to mention intergovernmental, coordination. I can promise you from experience that getting one intelligence agency to cooperate with another is like convincing Southern Baptist Ministers and Orthodox Rabbis to go out together for a wild night of drinking and dancing in gay bars. While Echelon could exist, for all I know, it just doesn't seem likely to me that it has anywhere near the capability that the media seem to think it has. Do the math. Oh, if Echelon _is_ watching, read my lips: bite me. We now return you, hopefully, to something vaguely on-topic. Cheers, RGF 3159 From: James M. Atkinson, Comm-Eng Date: Tue Jun 5, 2001 0:44pm Subject: Retired Col.'s Espionage Case Begins Retired Col.'s Espionage Case Begins http://www.guardianunlimited.co.uk/breakingnews/US/0,3560,958275,00.html Tuesday June 5, 2001 5:20 pm TAMPA, Fla. (AP) - A retired Army reserve colonel was such a valuable spy that when a former Soviet leader was handed a list of his nation's top sources, George Trofimoff was at the top, prosecutors said Tuesday. In opening statements in Trofimoff's espionage trial, Assistant U.S. Attorney Walter Fuhr said Trofimoff delivered more than 50,000 pages of documents to the KGB during a 25-year spying career. Trofimoff, 74, is the former chief of the Joint Intelligence in Nuremberg, Germany, and is considered the highest-ranking military officer to be arrested on spying charges. Trofimoff's attorneys are scheduled to present their opening statements later Tuesday. Trofimoff faces a life sentence if convicted. Among the information Trofimoff allegedly passed to the Soviets was details on U.S. battle plans, briefs of chemical and biological weapons and lists of information needed by U.S. intelligence officers. Trofimoff was the target of an undercover FBI investigation for more than three years before his arrest. He lived in an exclusive Melbourne development for military retirees and working as a grocery store bagger when he was indicted last June. Fuhr told jurors that longtime KGB head Yuri Andropov personally delivered a list of top sources to then-Soviet leader Leonid Brezhnev in the early 1970s. Andropov later became the Soviet Union's leader himself. Fuhr also said there are connections between Trofimoff and the KGB agents also connected to former spy Aldrich Ames, a veteran CIA officer who spied for the Soviets for more than eight years, and Clayton Lonetree, a Marine guard at the U.S. Embassy in Moscow who served nearly a decade after being convicted of spying in the 1980s. Trofimoff, born in Germany to Russian emigres, became a naturalized U.S. citizen in 1951, joined the Army in 1953 and was honorably discharged three years later, although he rose to colonel in the reserves. He was hired as a civilian in Army intelligence in 1959. From 1969 until 1994, Trofimoff was a civilian chief of an Army installation in West Germany where refugees and defectors from the Soviet bloc were interrogated. At the time of his arrest last June, a prosecutor said Trofimoff collected $300,000 for photographing volumes of secret U.S. intelligence documents and giving them to the KGB through a go-between, a boyhood friend who became a Russian Orthodox priest. -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 381-9111 Granite Island Group Fax: 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@tscm.com ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= 3160 From: Adnan Rahman Date: Tue Jun 5, 2001 2:24pm Subject: Re: Re: ECHELON - does it exist? greetings! | I can promise you from experience that getting one intelligence agency to | cooperate with another is like convincing Southern Baptist Ministers and | Orthodox Rabbis to go out together for a wild night of drinking and dancing | in gay bars. =) i watch this list and read the postings here quite a long (?) time now, didn´t had any interesting stuff to post till now so ... i really enjoy reading your posts mr. ferrell, your humor is so refreshing. i learned some interesting things about tscm and counterintelligence only from watching this mailing list so i wanted to thank you all for the opportunity. i have to ask you to apologize my bad school english, didn´t wrote any english since then (high school) ;) i also would like to thank mr. atkinson for creating such a informative list and a source of hands-on info about tscm, electronics etc. i recommend your website to all of my collegues, its amazing how many experience you have. im a 21 y. old student from bosnia, studying in austria, a licensed ham radio amateur, informatics and electronics fan. please forgive me for posting so off topic like this, i just wanted to say how much i respect the experience of all here and to thank you for the knowledge i collected through this mailing list. 73! Adnan Rahman Elektronska Sigurnost www.as19.org 3161 From: James M. Atkinson, Comm-Eng Date: Tue Jun 5, 2001 7:43pm Subject: Retired U.S. colonel, 74, is tried as spy for KGB Tuesday June 5, 11:41 PM Retired U.S. colonel, 74, is tried as spy for KGB http://uk.news.yahoo.com/010605/80/btxr4.html By Robert Green TAMPA, Florida (Reuters) - A retired U.S. intelligence officer gave the Soviet Union "enormous" amounts of sensitive military information while working as a KGB spy in Germany during the Cold War, a federal prosecutor has told jurors at the start of the former officer's espionage trial. The defendant, retired Army Col. George Trofimoff, 74, of Melbourne, Florida, is the highest-ranking U.S. military officer ever charged with espionage. Trofimoff, who has pleaded not guilty, faces life in prison if convicted. He is accused of stealing classified documents while serving as the civilian head of the U.S. Army's Joint Interrogation Center in Nuremberg, Germany, and selling them to the Soviet secret police, the KGB. "The amount of classified information the defendant sold to the Soviet Union is enormous," Assistant U.S. Attorney Terry Furr said in opening statements on Tuesday at Trofimoff's trial in federal court in Tampa, Florida. Trofimoff listened without expression during the statements. Dozens of former U.S. military officers and former KGB agents are scheduled to testify at the trial, which is expected to last about a month. The first witness, Army intelligence agent Gary Pepper, testified that Trofimoff had top-secret clearance to handle U.S. and NATO military documents. ARRESTED LAST JUNE Trofimoff worked at the intelligence centre in Nuremberg from 1969 to 1994 and served in the U.S. Army Reserve during most of that time, retiring in 1995 as a colonel. He was arrested last June after allegedly meeting in Tampa with an undercover FBI agent posing as a Russian intelligence officer. He has been jailed without bond since then. Furr said much of the evidence against Trofimoff would come from a six-hour videotaped conversation he previously had with the undercover agent. On the tape, Furr said, Trofimoff admitted to stealing more than 50,000 documents and selling them to the KGB. He said Trofimoff took them home in his briefcase a few at a time, photographed them and returned them the next day. Defence attorney Daniel Hernandez said Trofimoff was not a spy but "an American patriot" whose record showed "nothing but honourable and exemplary service." He said Trofimoff's statements in the videotaped conversation were "nothing more than fantasy" concocted to get money from the Russians. "He told the undercover agents what they wanted to hear to justify the money he was receiving," Hernandez said. "No one will be able to say they saw Mr. Trofimoff doing anything illegal." GERMAN CHARGES DROPPED Furr said the documents Trofimoff allegedly stole dealt with crucial information the United States had about the military capabilities of the Soviet Union and its Eastern European allies. The Soviet Union, the United States' Cold War foe, collapsed in 1991. Trofimoff was born in Germany to Russian parents and became a U.S. citizen in 1951. Furr said Trofimoff was recruited for the KGB by his childhood friend Igor Susemihl, a priest in the Russian Orthodox Church who was also a KGB agent. Susemihl died in 1999. The German government arrested Trofimoff and Susemihl on espionage charges in 1994 but dropped the charges because Germany's statute of limitations had expired. Furr said Trofimoff was awarded the Order of the Red Banner by the Soviet Union, a decoration presented for bravery, self-sacrifice and courage "in defense of the socialist homeland." -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 381-9111 Granite Island Group Fax: 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@tscm.com ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= 3162 From: James M. Atkinson, Comm-Eng Date: Tue Jun 5, 2001 8:01pm Subject: Re: Trojan lets cyber-cops... [Formally Retracted by The Register] The funny thing about the article is that the author has since recanted, and formally issued a retraction and apology (which is a very serious thing for any publication to do) . When I looked up the article on-line, the following note was on the top of the article: "This story contains incomplete and inaccurate data. Please see my explanation and partial retraction for the latest and most accurate information. -- TCG " Initial Article:http://www.theregister.co.uk/content/6/19404.html Retraction:http://www.theregister.co.uk/content/4/19480.html The retraction is a very honorable effort, and the journalist should be applauded for such professionalism, and for being willing to admit an error. -jma ====================== Register duped by crimebusting D.I.R.T. Trojan By Thomas C Greene in Washington Posted: 06/06/2001 at 00:04 GMT My recent article on the D.I.R.T. (Data Interception by Remote Transmission) Trojan, with which law-enforcement agents can secretly monitor a suspect's computer and marketed by surveillance outfit Codex Data Systems, contained several inaccuracies, all of which can be attributed solely to my own lapse in the skepticism for which The Reg in general, and I personally, are known. The full story, as it happens, is immensely more twisted than I imagined when I wrote my original item. Clearly, The Register's readers deserve better -- and here it is: S.C.A.M. Thanks to several e-mailed hints from readers, I continued doing background research and have now confirmed that the CEO of Codex Data Systems is one Francis Edward "Frank" Jones, a convicted felon currently on probation for illegal possession of surveillance devices. He was charged with trafficking and conspiracy to traffic in them, but in an agreement he pleaded guilty to simple possession, and the US Government dropped the other two charges. He was sentenced to three-hundred hours' community service and five years' probation with no jail time, on the strength of his argument to the court that he was not responsible for his illegal acts by reason of mental defect. He has also been required to participate in a mental-health program, which, judging by some of his recent behavior, appears to be less than a screaming success. Jones is widely regarded as a scam artist with a long history of security/surveillance snake-oil sales. He has, for example, sold bug-detection services, which we're told are completely fraudulent, involving detection apparatus easily cobbled together from the inventory of Radio Shack. He's reported to have planted a bug which he subsequently 'found' during one such charade. A Legend in His Own Mind He's also a shameless, Boswellian self-promoter with a Web site devoted to himself in his on-line incarnation, "SpyKing." Here we're told that SpyKing/Jones is "formerly in military and law enforcement service," and "a popular talk show guest with 15 appearances on national & regional programming and news specials." As for his law-enforcement experience, we've since learned that he managed to get himself fired from the New York City Police Department in 1975, according to a letter by Association of Counter-Intelligence Professionals (ACIP) Executive Director Michael Richardson. But the PR beat goes on: "Jones has lectured at M.I.T. (Massachussetts [sic] Institute of Technology) on TEMPEST computer eavesdropping techniques," his Web site claims. Indeed, "No other speaker has their thumb on the pulse of changing world trends in immerging [sic] surveillance technologies." The security 'experts' our illiterate subject has conned include hacker trivia master Winn Schwartau and AntiOnline's "JP" John Vranesevich (no surprises there), and such publications as PC World, E-BusinessWorld, TechWeek, the Wall Street Journal, and, thanks to my carelessness, El Reg as well. The D.I.R.T. on the Trojan The truly inexcusable element of my first story was my failure challenge rigorously Codex's claims regarding the amazing power of its D.I.R.T. Trojan. Had I taken the time to learn that SpyKing/Jones was behind this, I would have immediately suspected that it's a lot more talk than technology. But I ran with the piece out of eagerness to work my own agenda, motivated by personal outrage that anyone would be so irresponsible as to sell a Trojan to law-enforcement and governments as a surveillance device. And the reason for that outrage survives even now; D.I.R.T. unquestionably permits police to upload bogus evidence to a suspect's machine and offers no auditing controls by which they might be caught, which was the focus of my original report. That much hasn't changed; D.I.R.T. is absolutely ripe for abuse, and Jones is utterly damnable for trying to sell it to governments and police organizations. But I was on very shaky ground in reporting its true capabilities. My subsequent investigation indicates that Codex's claim that D.I.R.T. can defeat all known PC firewalls is, quite simply, false. Furthermore, their claim that "the software is completely transparent to the target and cannot be detected by current anti-virus software," is misleading, if not completely false. There is no technology in D.I.R.T. which addresses this sort of stealth; the server isn't detected simply because no anti-virus vendor has as yet added it to their signatures catalog. Defeating D.I.R.T. My suggestions in the original article for defeating D.I.R.T. remain basically sound, if perhaps a bit over-cautious due to my mistaken belief that it defeats all known firewalls (though there is reason to believe it may defeat a few). Because it isn't presently detected by anti-virus software, one does have to look for evidence of it. By default, it installs two files in the C:\WINDOWS directory -- DESKTOP.EXE and DESKTOP.DLL. Find either of those files, and it's time to re-format your HDD. One can also check their Windows registry under: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CurrentVersion HKEY_USERS\SOFTWARE\MICROSOFT\WINDOWS\CurrentVersion HKEY_USERS\DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CurrentVersion for any references to DESKTOP.EXE or DESKTOP.DLL. For those not well acquainted with the excessive complexities of the Registry, it would be best simply to search the entirety for references to both files mentioned. Now, because those file names are defaults which can be modified by savvy operators, I'm not saying 'if you can't find the files, then you can't be infected.' But we can rely on the fact that most operators will be using it in its default configuration -- after all, its chief selling point is that it can be used successfully by the technically illiterate. One last point regarding defenses against the Trojan: soon after I posted the first article recommending disk re-formats for those unsure how to attack D.I.R.T., which was mentioned and linked at Cryptome.org, a reader submitted the following warning: "D.I.R.T. uses 'unused' space in the file system, so high-level reformatting will not destroy it. (This 'unused' space is used by operating systems to handle classified information with data structures similar to that in SE_Linux). Removing D.I.R.T. requires wiping the disk at the device-driver level." I spoke with Eric Schneider, who wrote the program before leaving Codex on ethical grounds; and he told me that so far as he knows, "there is no technology in D.I.R.T. which comes close to surviving a high-level format." So there you have it. D.I.R.T. is a remote administration tool which functions in large part just like the free Trojans SubSeven and BO2K, which is being sold by a disgraced former cop and current felon and mental patient for thousands of dollars a pop to creepy Feds in countries where the sort of abuse it makes possible is routine and impossible for a victim to challenge in court. In all, a loathsome scam run by an equally loathsome con artist. ® === At 6:07 PM -0500 6/4/01, William Knowles wrote: >http://www.theregister.co.uk/content/6/19404.html > >By Thomas C Greene in Washington >Posted: 04/06/2001 at 09:36 GMT > >A new tool of Fascist control, with which law-enforcement agents can >secretly monitor the entire range of a suspect's computer activity, >has been developed by self-proclaimed 'computer surveillance experts' >Codex Data Systems, according to a document sent to Cryptome.org. [snip] -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 381-9111 Granite Island Group Fax: 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@tscm.com ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= 3163 From: Date: Tue Jun 5, 2001 5:13pm Subject: hello and a question I am new to the group having just moved to the USA from Israel and would like to say hi to the group. Also I would like to ask if their are any American laws regarding importation and export of counter meassure equipment. Thanks, Yoni 3164 From: Miguel Puchol Date: Wed Jun 6, 2001 2:33am Subject: RE: Trojan lets cyber-cops... [Formally Retracted by The Register] Judging by the retraction, it seems that the journalist was well taken in...and got very miffed when he found just how much by. In any case, a commendable effort - and a good lesson learned. Cheers, Mike -----Mensaje original----- De: James M. Atkinson, Comm-Eng [mailto:jmatk@tscm.com] Enviado el: miércoles, 06 de junio de 2001 3:01 Para: TSCM-L@yahoogroups.com Asunto: Re: [TSCM-L] Trojan lets cyber-cops... [Formally Retracted by The Register] The funny thing about the article is that the author has since recanted, and formally issued a retraction and apology (which is a very serious thing for any publication to do) . When I looked up the article on-line, the following note was on the top of the article: "This story contains incomplete and inaccurate data. Please see my explanation and partial retraction for the latest and most accurate information. -- TCG " Initial Article:http://www.theregister.co.uk/content/6/19404.html Retraction:http://www.theregister.co.uk/content/4/19480.html The retraction is a very honorable effort, and the journalist should be applauded for such professionalism, and for being willing to admit an error. -jma ====================== Register duped by crimebusting D.I.R.T. Trojan By Thomas C Greene in Washington Posted: 06/06/2001 at 00:04 GMT My recent article on the D.I.R.T. (Data Interception by Remote Transmission) Trojan, with which law-enforcement agents can secretly monitor a suspect's computer and marketed by surveillance outfit Codex Data Systems, contained several inaccuracies, all of which can be attributed solely to my own lapse in the skepticism for which The Reg in general, and I personally, are known. The full story, as it happens, is immensely more twisted than I imagined when I wrote my original item. Clearly, The Register's readers deserve better -- and here it is: S.C.A.M. Thanks to several e-mailed hints from readers, I continued doing background research and have now confirmed that the CEO of Codex Data Systems is one Francis Edward "Frank" Jones, a convicted felon currently on probation for illegal possession of surveillance devices. He was charged with trafficking and conspiracy to traffic in them, but in an agreement he pleaded guilty to simple possession, and the US Government dropped the other two charges. He was sentenced to three-hundred hours' community service and five years' probation with no jail time, on the strength of his argument to the court that he was not responsible for his illegal acts by reason of mental defect. He has also been required to participate in a mental-health program, which, judging by some of his recent behavior, appears to be less than a screaming success. Jones is widely regarded as a scam artist with a long history of security/surveillance snake-oil sales. He has, for example, sold bug-detection services, which we're told are completely fraudulent, involving detection apparatus easily cobbled together from the inventory of Radio Shack. He's reported to have planted a bug which he subsequently 'found' during one such charade. A Legend in His Own Mind He's also a shameless, Boswellian self-promoter with a Web site devoted to himself in his on-line incarnation, "SpyKing." Here we're told that SpyKing/Jones is "formerly in military and law enforcement service," and "a popular talk show guest with 15 appearances on national & regional programming and news specials." As for his law-enforcement experience, we've since learned that he managed to get himself fired from the New York City Police Department in 1975, according to a letter by Association of Counter-Intelligence Professionals (ACIP) Executive Director Michael Richardson. But the PR beat goes on: "Jones has lectured at M.I.T. (Massachussetts [sic] Institute of Technology) on TEMPEST computer eavesdropping techniques," his Web site claims. Indeed, "No other speaker has their thumb on the pulse of changing world trends in immerging [sic] surveillance technologies." The security 'experts' our illiterate subject has conned include hacker trivia master Winn Schwartau and AntiOnline's "JP" John Vranesevich (no surprises there), and such publications as PC World, E-BusinessWorld, TechWeek, the Wall Street Journal, and, thanks to my carelessness, El Reg as well. The D.I.R.T. on the Trojan The truly inexcusable element of my first story was my failure challenge rigorously Codex's claims regarding the amazing power of its D.I.R.T. Trojan. Had I taken the time to learn that SpyKing/Jones was behind this, I would have immediately suspected that it's a lot more talk than technology. But I ran with the piece out of eagerness to work my own agenda, motivated by personal outrage that anyone would be so irresponsible as to sell a Trojan to law-enforcement and governments as a surveillance device. And the reason for that outrage survives even now; D.I.R.T. unquestionably permits police to upload bogus evidence to a suspect's machine and offers no auditing controls by which they might be caught, which was the focus of my original report. That much hasn't changed; D.I.R.T. is absolutely ripe for abuse, and Jones is utterly damnable for trying to sell it to governments and police organizations. But I was on very shaky ground in reporting its true capabilities. My subsequent investigation indicates that Codex's claim that D.I.R.T. can defeat all known PC firewalls is, quite simply, false. Furthermore, their claim that "the software is completely transparent to the target and cannot be detected by current anti-virus software," is misleading, if not completely false. There is no technology in D.I.R.T. which addresses this sort of stealth; the server isn't detected simply because no anti-virus vendor has as yet added it to their signatures catalog. Defeating D.I.R.T. My suggestions in the original article for defeating D.I.R.T. remain basically sound, if perhaps a bit over-cautious due to my mistaken belief that it defeats all known firewalls (though there is reason to believe it may defeat a few). Because it isn't presently detected by anti-virus software, one does have to look for evidence of it. By default, it installs two files in the C:\WINDOWS directory -- DESKTOP.EXE and DESKTOP.DLL. Find either of those files, and it's time to re-format your HDD. One can also check their Windows registry under: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CurrentVersion HKEY_USERS\SOFTWARE\MICROSOFT\WINDOWS\CurrentVersion HKEY_USERS\DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CurrentVersion for any references to DESKTOP.EXE or DESKTOP.DLL. For those not well acquainted with the excessive complexities of the Registry, it would be best simply to search the entirety for references to both files mentioned. Now, because those file names are defaults which can be modified by savvy operators, I'm not saying 'if you can't find the files, then you can't be infected.' But we can rely on the fact that most operators will be using it in its default configuration -- after all, its chief selling point is that it can be used successfully by the technically illiterate. One last point regarding defenses against the Trojan: soon after I posted the first article recommending disk re-formats for those unsure how to attack D.I.R.T., which was mentioned and linked at Cryptome.org, a reader submitted the following warning: "D.I.R.T. uses 'unused' space in the file system, so high-level reformatting will not destroy it. (This 'unused' space is used by operating systems to handle classified information with data structures similar to that in SE_Linux). Removing D.I.R.T. requires wiping the disk at the device-driver level." I spoke with Eric Schneider, who wrote the program before leaving Codex on ethical grounds; and he told me that so far as he knows, "there is no technology in D.I.R.T. which comes close to surviving a high-level format." So there you have it. D.I.R.T. is a remote administration tool which functions in large part just like the free Trojans SubSeven and BO2K, which is being sold by a disgraced former cop and current felon and mental patient for thousands of dollars a pop to creepy Feds in countries where the sort of abuse it makes possible is routine and impossible for a victim to challenge in court. In all, a loathsome scam run by an equally loathsome con artist. ® === At 6:07 PM -0500 6/4/01, William Knowles wrote: >http://www.theregister.co.uk/content/6/19404.html > >By Thomas C Greene in Washington >Posted: 04/06/2001 at 09:36 GMT > >A new tool of Fascist control, with which law-enforcement agents can >secretly monitor the entire range of a suspect's computer activity, >has been developed by self-proclaimed 'computer surveillance experts' >Codex Data Systems, according to a document sent to Cryptome.org. [snip] -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 381-9111 Granite Island Group Fax: 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@tscm.com ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= ======================================================== TSCM-L Technical Security Mailing List "In a multitude of counselors there is strength" To subscribe to the TSCM-L mailing list visit: http://www.yahoogroups.com/community/TSCM-L or email your subscription request to: subTSCM-L@t... =================================================== TSKS Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 3165 From: Date: Wed Jun 6, 2001 5:43am Subject: FYI - For NSA vet, security's still a hard sell http://www.edtn.com/story/OEG20010605S0052 For NSA vet, security's still a hard sell By Terry Costlow EE Times (06/05/01, 3:08 p.m. EDT) Bill Crowell has spent his career in security, going from top civilian at the National Security Agency to president and chief executive officer of Cylink Corp., a developer of public-key security systems. But at times, he just can't help being a hacker. "I used to work where we had a facial recognition system in a briefing center," Crowell recalls. "We didn't have the images bound to the individual with a public key, so I slipped my picture into the file of the guy who did a demo of the system. He . . . couldn't figure out how I kept getting in the door saying I was him." Having executive access didn't hurt in pulling out that little trick, which also underscores a key difficulty facing security engineers. "A hacker only has to come up with one technique," Crowell points out. "The protector has to anticipate all current and future attacks." Crowell works on two fronts, to protect against attacks and to convince companies that they really need security. Crowell became boss of Cylink (Santa Clara, Calif.), a 17-year-old developer of secure networks, in 1998 after serving as vice president of product strategy. He's focusing on combinations of technology like biometrics and smart cards in pursuit of foolproof protection. "Probably the strongest security is when you have three-factor security, something like a smart card with some version of a biometric file, something you know like a password or carry like a biometric, and then something you are, the biometric," said Crowell. Though he earned a political science degree from Louisiana State University in 1962, Crowell has been in technology since he designed circuits for a local company while he was in high school. To avoid the situation he created when he slipped his own picture into someone else's file, Crowell said, those who use all three aspects of this security approach should make sure the biometric portion that people carry as a credential has been signed by someone who is trusted, the way a notary approves written signatures today. "Otherwise, people could steal your identity and insert their biometric information for yours," Crowell said. Biometrics like fingerprints and retinal or facial scans are gaining acceptance, but Crowell predicts it'll be a slow ramp, at first driven by high-end applications. "Biometrics will find its way into high-value transactions fairly quickly, when someone's doing $500,000 transactions fairly often," Crowell said. "But I don't see it being used extensively for consumer purposes or for Internet shopping very soon. It requires a large infrastructure of readers that will keep many merchants from adopting it." Cryptography doesn't require that vast infrastructure, so Crowell sees quicker acceptance. As companies vie for Web profits, he said, cryptography and smart cards offer them a potent way to get payments via the Net. "We'll see a quick ramp, particularly when people use smart cards or other tokens to authenticate themselves," Crowell said. "Those are going to be very popular for authentication, for buying software or other digitally protected files over the Internet. Things like an MP3 file or software that doesn't have to be packaged and can be delivered over the Internet could really benefit. These are areas where you want to be sure you're avoiding large-scale fraud. Most businesses do not care nearly as much about small-scale fraud." Unfortunately for Crowell and others in the security business, a lot of companies don't care much about fraud at all, at least when it comes to understanding the potential losses from fraud using the corporation's networks and electronic databases. Competing with inaction "Our No. 1 competition, without a doubt, is companies that don't do anything," Crowell said. "There's just not enough understanding in the upper echelons of business on the compelling need to install security into their business. Business models before the Internet accepted a certain amount of fraud as part of the cost of doing business. But with the Internet, fraud may be repeatable on such a large scale that it may no longer be possible to pass costs on to customers." Accepting the potenial for electronic theft was no problem when Crowell worked at NSA. Along with protecting defense communications, the agency is charged with exploiting the vulnerabilities of foreign communications. Crowell did two stints at NSA, leaving in 1989 when the Cold War's end made him think "it was time to do something else." But by the end of 1990, shortly before the Gulf War began, he was back, serving in a number of senior positions that included chief of staff and deputy director, the latter the agency's highest civilian post. He recalls NSA as "a fun place" with "some of the greatest toys you'll ever get to work with." "It's a mysterious place, but a lot of the stories about the NSA never say anything, are misleading. The movie Enemy of the State is as far from reality as you can get," he said. But if the stories are misleading at times, the tales of top secrecy also contain some truth. "In modern times, on signal intelligence, I can't talk about things," Crowell said. But, "on the historical side of signal intelligence, I was involved in making public NSA success decoding KGB messages, which were supposedly unbreakable, during World War II. That exploitation went on for 37 years." Now he's hoping that it won't take that long for the security market to take off. Eventually, Crowell said, it's likely that all corporate networks will employ some type of security. But he disagrees with those who think that it's going to happen in just a few years. "I feel it will take the better part of a decade before security is ubiquitous," Crowell said. Acceptance will come industry by industry, he predicted. "The financial industry is a good user of security not because they're more prone to security but because they have to use it, their business depends on assuring customers that fraud is rare. Finance is the No. 1 user [of security], large multinational companies like Intel are next, and the government is probably third." In the future, the medical world is likely to become a big adopter. The new Health Insurance Portability and Accountability Act is driving hospitals and medical offices to computerized record keeping, and security is a big concern for all involved. "The health industry is small for us right now," Crowell said. "They have traditionally spent little money on security and until recently spent little on IT. They used paper. It will become a large sector because regulations require health organizations to pay more attention to the privacy of medical records." Eventually, he predicts,even the companies that today couldn't care less about security will tout their protective measures. That will help them get business from around the world. "One of the remaining issues in the cyber world that really needs to be addressed is how essential security is to how we conduct business," Crowell said. "There are no borders in cyberspace. Business will go to the leanest, best companies, and security will be part of their marketing. Consumer surveys show that the majority of those who don't shop on the Internet say it's because they don't trust it." When he's not trying to thwart the criminal element, Crowell and his wife, Judy, are bikers. "My wife and I are both avid motorcyclists," Crowell said. "We'll take 3,000 to 4,000-mile trips. We also like to go fly fishing. On our latest 4,000-mile trip, we looked at a lot of rivers." When he isn't away from his San Jose, Calif., home, Crowell likes to spend his time cooking. "I cook very fancy things most every day, though I do less of it now that I'm CEO and am traveling more," he said. His business travels still keep him somewhat involved in government activities. Government agencies will continue to be closely involved in all aspects of security as they try to stay ahead of those who would steal from corporations or tap into military and government transmissions. He hopes industry and government agencies will learn how to develop technologies and techniques that benefit both sides. "There will be more and more cooperation between government and industry, in my opinion," said Crowell. John R. Angier II M-Group P.O. Box 721388 Norman, OK 73070-8070 USA 405.321.1015 A fundamental principle is never to remain completely passive, but to attack the enemy frontally and from the flank, even while he is attacking us. - Clausewitz:Principles of War, 1812 3166 From: Date: Wed Jun 6, 2001 0:52pm Subject: Interesting Product - Projects Sound AMERICAN TECHNOLOGY CORPORATION'S HSS TECHNOLOGY DEBUTS IN TRADE SHOW APPLICATION AT SUPERCOMM 2001 http://www.atcsd.com/PressReleases/06_04_01.html JV 3167 From: Steve McAlexander Date: Wed Jun 6, 2001 4:00pm Subject: FW: Why are these files on a Dell? -----Original Message----- From: scorned@h... [mailto:scorned@h...] Sent: Tuesday, June 05, 2001 18:28 To: focus-ms@s...; security-basics@s... Subject: Re: Why are these files on a Dell? interesting. this will surely freak out the conspiracy theorists who assert that Dell is 0wned by the NSA. (and i wouldn't be surprised either) why are you running an OS that is pre-installed by Dell? the first thing we do where i work is order hardware with nothing installed, so we can install our own secure loadsets. if something arrives with a pre-installed OS, we wipe it and install our own. you might want to consider building your own secure loadsets. Regards, kw >"Ed Kain" on 06/04/2001 03:22:50 PM > >To: focus-ms@s..., security-basics@s... >cc: >Subject: Why are these files on a Dell? > >Hi everyone! > >This issue was recently brought to my attention when i found DWSPYDLL.DLL >in my C:\DELL direcotry on a new lattitude notebook. This is from Desaware >(http://www.desaware.com/SpyWorksL2.htm) and the module is spyworks. >The extended functionality that this DLL provides is powerful, and made >me wonder why it is part of default Dell software. > >This started me thinking, then I found other interesting files, here's >a list; > >02/12/1999 12:49p 124,416 CLEAREVT.EXE //this clears my system logs >02/01/1994 11:25p 68,000 DWSPYDLL.DLL //this is the spyhook dll i found >01/09/2001 12:50p 40,960 KBWAKE.EXE //keyboard init? >04/13/2000 10:04a 20,480 REGCLEAN.EXE //name says it all >05/27/1999 11:29a 38,944 WDELTREE.EXE //old dos style deltree >12/01/1994 11:30a 7,508 WINBATCH.EXE //winbatch compiler > > > I contacted Dell customer support and asked if they had remote tech support >software for administration, to which several techs claim to never have been >trained if one existed, and none had heard of those files in dell computers > >(their call center dell's didn't have these files). > > I'm curious, if anyone else using a Dell product can confirm the existance >of these files, or hopefuly provide some insight as to why they are necessary. > > >TIA > >ed. Free, encrypted, secure Web-based email at www.hushmail.com 3168 From: Steve McAlexander Date: Wed Jun 6, 2001 4:12pm Subject: Does anyone in here understand Vietnamese ? Tu do hoac chet -----Original Message----- From: Michael J. Hendricks [mailto:mhendricks@c...] Sent: Wednesday, June 06, 2001 11:58 To: Incidents List Server (E-mail) Subject: FW: Tu do hoac chet We received this message yesterday. I believe it is a threat in connection with the US / Vietnam treaty's etc. Similar incidents happened during the US - China crisis. Does anyone have any introspection into this. I do not speak Vietnamese so I am at a loss. I appreciate any heads up on this. Michael Hendricks From: To:<> Sent:Tuesday, June 05, 2001 6:16 PM Subject:Tu do hoac chet > > Subject:NGA'Y THU+' NA(M, 7 THA'NG 6 NA(M 2001 Date: 4 Jun 2001 20:56:50 MDT > > Cac ban oi, Mien Nam co' ca^'n pha?i gia?i pho'ng khong ?? Gia?i pho'ng xong ho se~ mang la.i cho dda^'t nu+o+'c ta nhu+~ng gi' ??? ne^'u kho^ng pha?i la' a'p du.ng chi'nh sa'ch ho^. kha^?u dde^? kho^'ng che^' ta^'t ca? mo.i sinh ho.at cu?a ngu+o+'i da^n, ddi pha?i xin, dde^'n pha?i tri'nh.....co^.ng the^m chi'nh sa'ch gia'o du.c ba^'t co^ng ,ngu xua^?n, la^'y "ly lich" la'm thu+o+'c ddo ca(n ba?n dda~ dda^?y lu'i va khu+o+'c tu+' bao nhie^u la' ta'i na(ng tre? cu?a ca? mo^.t the^' he^. Ha^.u qu?a cu?a chi'nh sa'ch ngu da^n, i'ch ky? cu?a gio+'i la~nh dda.o csvn suo^'t 26 na(m qua, ddang ro~ ra'ng ba'y ra tru+o+'c ma('t mo.i ngu+o+'i, ddo' la' mo^.t VietNam la.c ha^.u,ddo'i nghe'o ddie^u ta'n & ddo^? na't ho^m nay ! > > Cac ban men, Yeu nuoc khong phai la tieu cuc chong doi. Yeu nuoc thi phai tich cuc hoat dong, xay du+.ng ddo^? vo, loai bo? bo.n sa^u da^n mo.t nuoc. La nguoi Viet Nam co'n yeu da^n men nuoc, hay dung len huong ung phong trao ddo'i la.i quye^'n TU DO TON GIAO, TU DO DAN CHU CHO VIET NAM dang phat dong manh trong quoc noi. > > <<<<>ma' tha'y Thi'ch Qua?ng Ddo^. cu'ng vo+'i ta^'t ca? ca'c chu+ ta(ng le^n ddu+o+'ng ra Huye^.n Nghi~a Ha'nh, ti?nh Qua?ng Nga~i dde^? ru+o+'c DDa.i La~o Ho'a Thu+o+.ng Thi'ch Huye^'n Quang tro+? ve^' Sa'i Go'n. > > NGA'Y THU+' NA(M, 7 THA'NG 6 NA(M 2001 pha?i la' nga'y ta^'t ca? mo.i to^? chu+'c dda^'u tranh chung lu+ng go'p su+'c, ho^~ tro+. su+. dda^'u tranh cu?a ca'c tha'y, cho quye^'n tu+. do to^n gia'o . > > NGA'Y THU+' NA(M, 7 THA'NG 6 NA(M 2001 pha?i la' nga'y ta^'t ca? mo.i ngu+o+'i da^n, kho^ng pha^n bie^.t Pha^.t Gia'o, Thie^n Chu'a Gia'o, Tin La'nh, Ho'a Ha?o, Cao Dda'i dde^'u quye^'t ta^m ho^~ tro+. su+. dda^'u tranh cu?a ca'c tha'y cho quye^'n tu+. do to^n gia'o . >>>>> > > THANH NIEN cac' nuoc Nam Duong, Phi Luat Tan, Dong Au va' ga^'n dda^y nha^'t la' thanh nien cua da^n to^.c thu+o+.ng du thie^?u so^' dda~ thu+'a can dda?m ddu+'ng le^n n gio'ng le^n UOC NGUYE^.N KHAO KHA'T TU+. DO cu?a ho. THANH NIEN VIET NAM CHU'NG TA HA' PHA?I CHI.U HE'N KE'M HO. SAO ????? > > NGA'Y THU+' NA(M, 7 THA'NG 6 NA(M 2001 LA' NGA'Y CO+ HO^.I CHO CA'C BA.N THAY DDO^?I VA^.N ME^.NH VA' TUONG LAI CU?A CA'C BA.N. HA~Y BA('T LA^'Y CO+ HO^.I HIE^'M CO' NA'Y....... > > Muon biet them chi tiet ve nga'y 7 THA'NG 6 NA(M 2001, ve^' nhu+~ng bie^'n ddo^.ng trong nuoc, mo+'i ca'c xem ba'i ddi'nh ke'm. > > Ne^'u vie^.c la'm na'y cu'ng quan ddie^?m cu~ng nhu+ ly' tu+o+?ng cu?a ca'c ba.n, mong ra('ng ca'c ba.n ha~y tie^'p tay chu'ng to^i chuye^?n nhu+~ng la' thu+ na'y dde^'n ddo^'ng ba'o trong nu+o+'c. > > > Chao than men. > > 3169 From: Steve Uhrig Date: Wed Jun 6, 2001 10:26pm Subject: Scam warning Hello all, A caution to anyone considering doing any business with a company in Vista CA called Plans & Kits Unlimited. Don't. They sell plans for time machines and perpetual motion machines (I am being figurative) and electronic kits. I ordered two electronic kits. The gentleman sends kits, but with no plans or any documentation at all. A note with the kits says to email him for the plans. No paper. Upon inquiring, he returns an email with a file attachment bearing an extension I've never seen before, and trying to open it crashes two different computers. I asked him to print and fax or post a paper copy of the plans, and he flat out refused. Available in electronic format only. I can BUY a CD with the viewer on it (after I've already paid for the kits) or download a special viewer from a hacker website apparently unique to whatever file format he is using. The gentleman is known to be associated with numerous hacker groups, and he runs several websites devoted to electronic harassment via the web and extensive hacker resources. All this makes me suspicious of the files, especially executables, he demands I load on my configuration-controlled machine in order to get the plans for the kits I have paid for already. It would not surprise me if something in his software does something other than let me view the plans. Read between the lines. Unfortunately, I paid for the kits via paypal, and I am fighting with them now to reverse the payment and credit me. The gentleman (I am being polite; I suspect it is a kid in his early 20s) refuses to give a refund based on the fact that I have seen his intellectual property and therefore no refund. Emails are answered sarcastically and with numerous blatant threats and references to his harassment website. Coming from a hacker, this is not cool. On top of no documentation, the kits were a few miscellaneous parts in a baggie, an UNETCHED piece of PC board, and very obviously not able to do the job claimed for them. Apparently the kit expects you to etch your own PC board also. I'm surprised he didn't give me a chunk of pencil lead and tell me to make my own resistors. I got ripped off and want to warn others who might consider dealing with this bozo. Steve ******************************************************************* Steve Uhrig, SWS Security, Maryland (USA) Mfrs of electronic surveillance equip mailto:Steve@s... website http://www.swssec.com tel +1+410-879-4035, fax +1+410-836-1190 "In God we trust, all others we monitor" ******************************************************************* 3170 From: Date: Thu Jun 7, 2001 6:46am Subject: repost: No apologies, No regrets, No blame, No recriminations To: Subject: Crime-busting Trojan D.I.R.T. is a fraud Date: Tue, 5 Jun 2001 22:50:00 -0700 Declan, please send this out to your Politech list. Frank Jones of Codex Data Systems is selling a Trojan to law-enforcement (chiefly overseas) as a surveillance device. It enables cops to upload bogus evidence to a victim's machine with no auditing mechanism to ensure accountability. Unfortunately, I did a story on Sunday which contained some incomplete and inaccurate information, and I really need to set the record straight. thanks, tom http://www.theregister.co.uk/content/4/19480.html My recent article on the D.I.R.T. (Data Interception by Remote Transmission) Trojan, with which law-enforcement agents can secretly monitor a suspect's computer and which is marketed by surveillance outfit Codex Data Systems, contained several inaccuracies, all of which can be attributed solely to my own lapse in the skepticism for which The Reg in general, and I personally, are known. The full story, as it happens, is immensely more twisted than I imagined when I wrote my original item. Clearly, The Register's readers deserve better -- and here it is: S.C.A.M. Thanks to several e-mailed hints from readers, I continued doing background research and have now confirmed that the CEO of Codex Data Systems is one Francis Edward "Frank" Jones, a convicted felon currently on probation for illegal possession of surveillance devices. He was charged with trafficking and conspiracy to traffic in them, but in an agreement he pleaded guilty to simple possession, and the US Government dropped the other two charges. He was sentenced to three-hundred hours' community service and five years' probation with no jail time, on the strength of his argument to the court that he was not responsible for his illegal acts by reason of mental defect. He has also been required to participate in a mental-health program, which, judging by some of his recent behavior, appears to be less than a screaming success. Jones is widely regarded as a scam artist with a long history of security/surveillance snake-oil sales. He has, for example, sold bug-detection services, which we're told are completely fraudulent, involving detection apparatus easily cobbled together from the inventory of Radio Shack. He's reported to have planted a bug which he subsequently 'found' during one such charade. A Legend in His Own Mind He's also a shameless, Boswellian self-promoter with a Web site devoted to himself in his on-line incarnation, "SpyKing." Here we're told that SpyKing/Jones is "formerly in military and law enforcement service," and "a popular talk show guest with 15 appearances on national & regional programming and news specials." As for his law-enforcement experience, we've since learned that he managed to get himself fired from the New York City Police Department in 1975, according to a letter by Association of Counter-Intelligence Professionals (ACIP) Executive Director Michael Richardson. But the PR beat goes on: "Jones has lectured at M.I.T. (Massachusetts Institute of Technology) on TEMPEST computer eavesdropping techniques," his Web site claims. Indeed, "No other speaker has their thumb on the pulse of changing world trends in immerging [sic] surveillance technologies." The security 'experts' our illiterate subject has conned include hacker trivia master Winn Schwartau and AntiOnline's "JP" John Vranesevich (no surprises there), and such publications as PC World, E-BusinessWorld, TechWeek, the Wall Street Journal, and, thanks to my carelessness, The Register as well. The D.I.R.T. on the Trojan The truly inexcusable element of my first story was my failure challenge rigorously Codex's claims regarding the amazing power of its D.I.R.T. Trojan. Had I taken the time to learn that SpyKing/Jones was behind this, I would have immediately suspected that it's a lot more talk than technology. But I ran with the piece out of eagerness to work my own agenda, motivated by personal outrage that anyone would be so irresponsible as to sell a Trojan to law-enforcement and governments as a surveillance device. And the reason for that outrage survives even now; D.I.R.T. unquestionably permits police to upload bogus evidence to a suspect's machine and offers no auditing controls by which they might be caught, which was the focus of my original report. That much hasn't changed; D.I.R.T. is absolutely ripe for abuse without accountability, and Jones is utterly damnable for trying to sell it to governments and police organizations. But I was on very shaky ground in reporting its true capabilities. My subsequent investigation indicates that Codex's claim that D.I.R.T. can defeat all known PC firewalls is, quite simply, false. Furthermore, their claim that "the software is completely transparent to the target and cannot be detected by current anti-virus software," is misleading, if not completely false. There is no technology in D.I.R.T. responsible for this sort of stealth; the server isn't detected simply because no anti-virus vendor has as yet added it to their signatures catalog. Defeating D.I.R.T. My suggestions in the original article for defeating D.I.R.T. remain basically sound, if perhaps a bit over-cautious due to my mistaken belief that it defeats all known firewalls (though there is reason to believe it may defeat a few). Because it isn't presently detected by anti-virus software, one does have to look for evidence of it. By default, it installs two files in the C:\WINDOWS directory -- DESKTOP.EXE and DESKTOP.DLL. Find either of those files, and it's time to re-format your HDD. One can also check their Windows registry under: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CurrentVersion HKEY_USERS\SOFTWARE\MICROSOFT\WINDOWS\CurrentVersion HKEY_USERS\DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CurrentVersion for any references to DESKTOP.EXE or DESKTOP.DLL. For those not intimately acquainted with the incontinent complexities of the Windows Registry, it would be best simply to search the entirety for references to both files mentioned. (It's also worthwhile to check out some of the suggestions in my previous report.) Now, because those file names are defaults which can be modified by savvy operators, I'm not saying, 'if you can't find the files, then you're not infected.' The names can be changed; but we can rely on the fact that most operators will be using D.I.R.T. in its default configuration -- after all, its chief selling point is that it can be used successfully by the technically illiterate. One final point regarding defenses against the Trojan: soon after I posted the first article recommending disk re-formats for those unsure how to combat D.I.R.T., which was mentioned and linked at Cryptome.org, a reader submitted the following warning: "D.I.R.T. uses 'unused' space in the file system, so high-level reformatting will not destroy it. (This 'unused' space is used by operating systems to handle classified information with data structures similar to that in SE_Linux). Removing D.I.R.T. requires wiping the disk at the device-driver level." I spoke with Eric Schneider, who wrote the program before leaving Codex on ethical grounds; and he told me that so far as he knows "there is no technology in D.I.R.T. which comes close to surviving a high-level format." So there you have it. Codex's D.I.R.T. is a remote administration tool that functions in large part just like the free Trojans SubSeven and BO2K, which is being sold by a disgraced former cop, current felon and self-confessed lunatic for thousands of dollars a pop to creepy Feds in countries where the sort of abuse it invites is routine and impossible for a victim to challenge in court. In all, a loathsome scam run by an equally loathsome con artist. ® ------------------------------------------------------------------------- > > POLITECH -- Declan McCullagh's politics and technology mailing list > > You may redistribute this message freely if you include this notice. > > To subscribe, visit http://www.politechbot.com/info/subscribe.html > > This message is archived at http://www.politechbot.com/ 3171 From: Robert G. Ferrell Date: Thu Jun 7, 2001 11:04am Subject: Re: repost: No apologies, etc. > My recent article on the D.I.R.T. (Data Interception by Remote Transmission) > Trojan, with which law-enforcement agents can secretly monitor a suspect's > computer and which is marketed by surveillance outfit Codex Data Systems, > contained several inaccuracies, all of which can be attributed solely to my > own lapse in the skepticism for which The Reg in general, and I personally, > are known. Told ya. ;-) Cheers, RGF Robert G. Ferrell, CISSP Information Systems Security Officer National Business Center U. S. Dept. of the Interior Robert_G_Ferrell@n... ======================================== Who goeth without humor goeth unarmed. ======================================== 3172 From: James M. Atkinson, Comm-Eng Date: Thu Jun 7, 2001 11:33am Subject: The Hi-tech Spy Wednesday, 4 April, 2001, 11:24 GMT 12:24 UK The Hi-tech Spy http://news.bbc.co.uk/hi/english/world/asia-pacific/newsid_1259000/1259940.stm James Bond's briefcase looks decidedly low-tech compared to today's equipment http://news.bbc.co.uk/olmedia/1255000/images/_1259940_briefcase300.jpg The American spy plane forced to land in China was chock-full of electronic surveillance equipment. Today, espionage is all about who has the best technology. The diplomatic fallout surrounding an American spy plane forced to land on Chinese soil has again highlighted Washington's desire to keep a watch on the rest of the world. It's also a reminder that when it comes to intelligence gathering, the hackneyed image of a crafty spy with a miniature camera is somewhat out of date. So what sort of hi-tech practices do governments favour these days if they want to keep tabs on foreign powers? Satellite listening The widely acknowledged leader in this field is Echelon, a network of listening posts run by the United States National Security Agency (NSA) and located in America, Canada, Australia, New Zealand and the UK. While the idea of such a network was first agreed between London and Washington in 1948, for years the US denied its existence. It was eventually confirmed in declassified NSA documents. Echelon's capabilities are awesome. Relying on a network of American satellites, the system picks up microwave signals used by mobile phones. At any one time, millions of calls are recorded and then checked against a powerful search engine designed to pick out key words that might represent a security threat. Its work has been effective in tracking down terrorists but, says Ian Synge of Jane's Sentinel, most governments have started to shy away from microwave communication. Underwater bugging Alongside Echelon the idea of physically sticking bugs on underwater communication cables looks remarkably hands-on. Yet experts speculate it still goes on. During the 1970s, Soviet ports were secretly infiltrated by an American "spy submarine" with deep-sea divers on-board, who attached listening devices to telephone cables. After several weeks the divers returned to the scene and picked up the device, along with many hours of taped conversations. Animosity between America and Russia has declined, but according to the investigative reporter and surveillance expert Duncan Campbell the US still maintains a submarine specially equipped for such duties. Likely targets may include those in the Middle East, Mediterranean, eastern Asia, and South America, says Mr Campbell. Computer bugging While the right to monitor e-mail and internet activity is openly defended by the likes of the British government, more underhand methods can be used to track computer use. Latest advances in listening technology mean that if a bug can be attached to a computer keyboard it is possible to monitor exactly what is being keyed in. Because every key on a computer has a unique sound when depressed, it's simply a case of translating the clicks into words. The threat of this technology has led some internet banks to rely on a degree of mouse movement. Visual spy satellites Spy satellites revolutionised US intelligence gathering intelligence during the Cold War. Washington had relied on high-altitude reconnaissance aircraft, such as the U-2, to gather photographs of Russian and Chinese military installations. As well as being vulnerable to ground fire, the U-2 fleet could only cover so much distance. The maiden mission of the Corona photo-satellite in 1960 collected more images than the whole U-2 program had taken in four years, according to Jeffrey Richelson, author of America's Secret Eyes in Space. Unfortunately, Corona could not transmit its pictures back to base - its film fell to earth in a capsule. Great advances in satellite technology have followed, but Ian Synge says stories that they can read a newspaper headline from hundreds of miles up are probably apocryphal. Nevertheless, spy satellites remain a valuable source of intelligence. Even commercial satellites have an image resolution of one metre - easily good enough to track the movement of tanks and most military hardware. Radar imaging can pierce cloud cover and even expose subterranean development - useful if you suspect the enemy of stockpiling arms underground. Laser microphones Why have so many government offices got net curtains? One reason is that without them spies would be able to eavesdrop on top-secret conversations almost effortlessly. Laser microphones can pick-up conversations from up to a kilometre away by monitoring window vibrations. Curtains are a simple antidote, since they help absorb the sound and so corrupt any signal. Despite the fact computer technology has led to quantum leaps in intelligence gathering, low-tech still has its place. "One of the favourite stories I once heard from the Cold War was the KGB lesson that you could do one of two things to find out what the president's advisers are saying," says Ian Synge. "One was to find a sympathetic source inside the White House who could feed you information. The other was to take out a subscription to the New York Times." -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 381-9111 Granite Island Group Fax: 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@tscm.com ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= 3173 From: A Grudko Date: Wed Jun 6, 2001 1:21pm Subject: Bug-blaster We appear to agree that EMP is pretty impressive, killing a high percentage of discrete component devices & probably most 'bugs'. So how about creating a physical/biological non-destructive artificial EMP? Typical application - I have a client that built an office block here. We were called in to sweep the building twice before it was completed and once after. How nice to hit a 'kill' button in the first 2 stages. I have a feeling that the equipment box might have to carry a government health warning... Andy Grudko. D.P.M., Grad I.S, (S.A.) Grudko Associates - Crime investigation, intelligence and protection Johannesburg - Cape Town - Durban - Pretoria - UK - US - Canada - Australia - Israel. Agents in 41 countries - www.grudko.com - (+27 11) 465 9673 - 465 1487 (Fax) - Est. 1981 GIN (Charter), SACI (Pres), WAD, CALI, SAMLF, SCIP (Past SA Chairman), UKPIN, AFIO (OS), IWWA, PRETrust, AmChamCom - "When you need it done right - first time" 3174 From: Steve Weinert Date: Thu Jun 7, 2001 1:54pm Subject: Re: Scam warning Politely inform him that you will return his kits and files (unopened) for a full refund, or you will turn it over for prosecution. If he mailed you anything, all the better - then you can use postal inspectors. If not, take him to small claims court - now. You may never get a satisfaction of the almost automatic judgement in your favor, but then tell him you will send copies to all three major credit bureaus, PayPal (x.com), the BBB and so on.... He may piss and moan, but you should have your monies pretty quick, or at least you'll have a lot of fun on his expense. I would also ask a judge to intercede on his threats. Good luck! (I'm not an attorney, but have been in a similar situation). --- In TSCM-L@y..., "Steve Uhrig" wrote: > Hello all, > > A caution to anyone considering doing any business with a > company in Vista CA called Plans & Kits Unlimited. > > Don't. > > They sell plans for time machines and perpetual motion machines > (I am being figurative) and electronic kits. > > I ordered two electronic kits. > > The gentleman sends kits, but with no plans or any documentation > at all. A note with the kits says to email him for the plans. No > paper. > > Upon inquiring, he returns an email with a file attachment > bearing an extension I've never seen before, and trying to open > it crashes two different computers. > > I asked him to print and fax or post a paper copy of the plans, > and he flat out refused. Available in electronic format only. I > can BUY a CD with the viewer on it (after I've already paid for > the kits) or download a special viewer from a hacker website > apparently unique to whatever file format he is using. > > The gentleman is known to be associated with numerous hacker > groups, and he runs several websites devoted to electronic > harassment via the web and extensive hacker resources. > > All this makes me suspicious of the files, especially > executables, he demands I load on my configuration-controlled > machine in order to get the plans for the kits I have paid for > already. It would not surprise me if something in his software > does something other than let me view the plans. Read between > the lines. > > Unfortunately, I paid for the kits via paypal, and I am fighting > with them now to reverse the payment and credit me. > > The gentleman (I am being polite; I suspect it is a kid in his > early 20s) refuses to give a refund based on the fact that I > have seen his intellectual property and therefore no refund. > Emails are answered sarcastically and with numerous blatant > threats and references to his harassment website. Coming from a > hacker, this is not cool. > > On top of no documentation, the kits were a few miscellaneous > parts in a baggie, an UNETCHED piece of PC board, and very > obviously not able to do the job claimed for them. Apparently > the kit expects you to etch your own PC board also. I'm > surprised he didn't give me a chunk of pencil lead and tell me > to make my own resistors. > > I got ripped off and want to warn others who might consider > dealing with this bozo. > > Steve > > > ******************************************************************* > Steve Uhrig, SWS Security, Maryland (USA) > Mfrs of electronic surveillance equip > mailto:Steve@s... website http://www.swssec.com > tel +1+410-879-4035, fax +1+410-836-1190 > "In God we trust, all others we monitor" > ******************************************************************* 3175 From: Marcelrf Date: Thu Jun 7, 2001 4:21pm Subject: FORD MOTOR CORP CHANGES THEIR NAME.. FORD MOTOR CORP. CHANGES THEIR NAME.. (Detroit)- Ford Motor Corppration will now be known as "Fords-Overturn-Repeatedly-Daily" -- "NEXTEL1 IT'S NOT JUST NEXTEL" Subscribe to Nextel1: http://www.onelist.com/subscribe/NEXTEL1 3176 From: Date: Fri Jun 8, 2001 2:28am Subject: RE: Vietnamese translation RE : Vietnamese translation; L&H Simply Translating Deluxe-Introduction - L&H Lernout and Hauspie Corporation provides various speech translation software services capable of interpreting 40+ languages. Cost $99.00 USD. ATT provides realtime speech translation services at a cost of $7.50 per minute. HAVE A GREAT DAY !!! ---------- http://www.lhsl.com/simplytranslating/deluxe/ [Non-text portions of this message have been removed] 3177 From: William Knowles Date: Fri Jun 8, 2001 4:56am Subject: [ISN] Trojan vendor dishes the Dirt (fwd) ---------- Forwarded message ---------- Date: Fri, 8 Jun 2001 02:08:07 -0500 (CDT) From: InfoSec News To: isn@s... Subject: [ISN] Trojan vendor dishes the Dirt http://www.vnunet.com/News/1122902 By James Middleton 07 Jun 2001 Codex Data Systems, marketers of the controversial Dirt Trojan, has rubbished claims that the product does not actually exist. Eddie James, vice president of Codex, told vnunet.com: "Dirt has been available since 1998. It is in use by a number of law enforcement agencies." James also claimed that organisations such as Nato and the Hi-tech Crime Investigators Association have expressed interest in the product. "The only reason it is of interest now is because someone got hold of a marketing presentation that was not for public disclosure. In fact, the product's existence was not meant to be public knowledge," he said, adding that "if we find that person we will file a criminal complaint through the Secret Service". James said that he would "love to demonstrate the tool", but since vnunet.com is not an officially recognised law enforcement agency, he could not. The reputation of Codex has been called into question after it was revealed by UK news website theregister that company chief executive Frank Jones is a convicted felon and known fraudster currently on probation for illegal possession of surveillance devices. James was forced to acknowledge that the only reason Dirt is undetectable by antivirus software is because no antivirus company has ever seen it, and that it could only be used as a "last resort" tool after obtaining a court order. As for the ability to bypass firewalls, done by killing the process in the operating system, there is no explanation as to how it attacks the firewall in the first place. However, Paul Rogers, network security analyst at MIS, who has met the company, said he was very impressed with the standard of keyloggers Codex offered, but as he had not seen Dirt in action, he remained sceptical. The rumours have also been fuelled by newsgroup postings from people claiming to have seen demonstrations of Dirt. One such posting on the Cypherpunk Hyperarchive said that Dirt it is "not much more than BackOrifice, NetBus, VNC or PC Anywhere, for that matter". "It has a bit more capability than some of those, in that it will act as something similar to an FTP server and a keystroke capture tool. But any programmer with 2nd year C programming and a Win32 compiler can download VNC and add stuff to it to do the same thing," it added. ISN is hosted by SecurityFocus.com --- To unsubscribe email isn-unsubscribe@S.... 3178 From: Andrus Aaslaid Date: Fri Jun 8, 2001 5:20am Subject: RE: Scam warning > They sell plans for time machines and perpetual motion machines > (I am being figurative) and electronic kits. > > I ordered two electronic kits. > > /---/ > > The gentleman is known to be associated with numerous hacker > groups, and he runs several websites devoted to electronic > harassment via the web and extensive hacker resources. World works the funny way. Google web cache (http://www.google.com/search?q=cache:bvTE_pYI2TM:www.siin.com/contact.html+plans+%26+kits+unlimited+vista&hl=en) shows the same venture providing also sweep services as Spectrum Investigations, http://www.siin.com/ ... This address has been removed from their active webpage, that is why I am referensing the cached content. Regards, Andrus. 3179 From: Dawn Star Date: Sun Jun 10, 2001 0:59pm Subject: Web bug detector Anybody know what this website is about and what it does? I just don't have time to check it out. Roger http://www.bugnosis.org/ 3180 From: Talisker Date: Sun Jun 10, 2001 3:18pm Subject: Re: Bug-blaster Andy I think I may have killed to birds with one stone. Bird one = EMP, Bird 2 = Echelon 1. I remember seeing an article on DIY HERF bombs Q3 last year, the fear was that terrorists etc could use these to take out big chunks of cities electronic infrastructure, I've done a quick search on google though and can't find it. I'll dig through my mail later. 2. If echelon exists then I suspect my search would almost certainly have got the cogs whirring, hang on my IDS just went beserk and there's a knock at the door. ;o) http://www.networkintrusion.co.uk Talisker's Network Security Tools List Security Tools Notification http://groups.yahoo.com/group/security-tools/join ----- Original Message ----- From: "A Grudko" To: Sent: Wednesday, June 06, 2001 7:21 PM Subject: [TSCM-L] Bug-blaster > We appear to agree that EMP is pretty impressive, killing a high percentage > of discrete component devices & probably most 'bugs'. > > So how about creating a physical/biological non-destructive artificial EMP? > > Typical application - I have a client that built an office block here. We > were called in to sweep the building twice before it was completed and once > after. > > How nice to hit a 'kill' button in the first 2 stages. > > I have a feeling that the equipment box might have to carry a government > health warning... > > Andy Grudko. D.P.M., Grad I.S, (S.A.) > Grudko Associates - Crime investigation, intelligence and protection > Johannesburg - Cape Town - Durban - Pretoria - UK - US - Canada - > Australia - Israel. Agents in 41 countries - www.grudko.com - (+27 11) 465 > 9673 - 465 1487 (Fax) - Est. 1981 > GIN (Charter), SACI (Pres), WAD, CALI, SAMLF, SCIP (Past SA Chairman), > UKPIN, AFIO (OS), IWWA, PRETrust, AmChamCom - "When you need it done right - > first time" > > > > ======================================================== > TSCM-L Technical Security Mailing List > "In a multitude of counselors there is strength" > > To subscribe to the TSCM-L mailing list visit: > http://www.yahoogroups.com/community/TSCM-L > > or email your subscription request to: > subTSCM-L@t... > =================================================== TSKS > > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ > > > 3181 From: Talisker Date: Sun Jun 10, 2001 3:31pm Subject: Re: Web bug detector Roger The "bugs" track your visits to various sites, they are installed on the visited websites, not on your PC. To be honest as the websites have logs already which contain a whole host of information, web bugs or not. I wouldn't worry too much. I suspect the civil liberties people will be screaming at this invasion into their privacy. Personally as I don't do porn etc I feel the effort of remaining anonymous to be not worth the effort. I also worry about downloading any untrusted software from the net. Considering the potential threat of doing so to far outweigh the intelligence gleaned from my visits to catlitter.com (please tell me it doesn't actually exist as a beastiality site) Take Care Andy http://www.networkintrusion.co.uk Talisker's Network Security Tools List Security Tools Notification http://groups.yahoo.com/group/security-tools/join ----- Original Message ----- From: "Dawn Star" To: Sent: Sunday, June 10, 2001 6:59 PM Subject: [TSCM-L] Web bug detector > Anybody know what this website is about and what it does? I just don't have > time to check it out. Roger > > http://www.bugnosis.org/ > > > ======================================================== > TSCM-L Technical Security Mailing List > "In a multitude of counselors there is strength" > > To subscribe to the TSCM-L mailing list visit: > http://www.yahoogroups.com/community/TSCM-L > > or email your subscription request to: > subTSCM-L@t... > =================================================== TSKS > > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ > > >