rmacirf Girls making you come

[joseph]

This is how all blowjobs should be.

  Cum gurgling action.
 She loves to take his cum
  Starving for cum.
 Young girl didn't expect facial. Nasty Teens Take Loads Everywhere.
 She is an oral addict

take me off

Shower your womans face with curn with these pills!

[joseph]

Title: My daddy is very jovial.
Paris is a real beatnik.932bv2i5g9q67864676zjy7255et45383p3m7mt6sj7gdg1q7d005a2kg748

S.URPRISE YOUR L.OVER TODAY! COVER HER WHOLE FACE WITH C.UM!
How w.ould you like to
SHOOT LIKE THE PO.RN-STARS?
Up to 500% more S.PERM! 
ADD UP_TO 500% MORE SPER.M
MALE MULTIPLE ORGAS.MS
HAVE M.ORE INTENSE 0.RGASMS
PRODUCE ST.RONGER E.RECTIONS
HAVE A STRONGER 5.EXUAL DESIRE
1.NCREASED S.E..XUAL STAMINA
FULLY DO.CTOR APP.ROVED! L.EARN MORE!
NOT SAT1SFIED? GET 100% OF YOUR M.ONEY BAC.K!
24oen1w69x898u85prc3aok3wl5w4ir8011qyc97k09288fu78ndm7638659554h34b7932bv2i5g9q67864676zjy7255et45383p3m7mt6sj7gdg1q7d005a2kg74824My daddy is very jovial.Paris is a real beatnik.oen1w69x898u85prc3aok3wl5w4ir8011qyc97k09288fu78ndm7638659554h34b7932bv2i5g9q67864676zjy7255et45383p3m7m
To stop from getting these, HereMy daddy is very jovial.My daddy is very jovial.Paris is a real beatnik.My daddy is very jovial.

Online Pharmato

[Joseph]

Do you want a inexpensive Perscriptions?
http://caskbx.kqet.com

[no subject]

[Joseph]

Want a Rolex Watch?
http://ysc.beud.com/r/giggles/

[no subject]

[Joseph]

Want a Watch?
http://zsy.afeet.com

[no subject]

[Joseph]

Do you want a Watch?
http://szb.afeet.com

[no subject]

[Joseph]

Do you want a cheap Watch?
http://csk.afeet.com

[no subject]

[Joseph]

Do you want a cheap Watch?
http://lys.afeet.com

[no subject]

[Joseph]

Want a cheap Watch?
http://wan.hensi.com

mini digital camera sale

[Joseph]

The Worlds Smallest Digital Camera Has Arrived !!!

Webcam + Digital Still Camera + Digital Video Camera

Small enough to fit on a keychain...Big enough to take high-quality Digital 
Photo's & act as a full-motion webcam

Special Limited Web Offer ...
http://www.zsupper.com/cam4

Includes:
- SmartMini Cam
- 1 AAA battery...yes, battery included!
- CD-ROM with drivers & image editing software
- USB connecting cable
- Keychain for instant portability!

While Quantities Last !!

ONLY $39.95  ($199 value)
Click Here:
http://www.zsupper.com/cam4





















remove
http://www.zsupper.com/remove.htm

Good Day

[Joseph Sola]

FROM. MR. S.B JOSEPH. 


Late Engineer Bob P. Michael. 

It is my warmest pleasure soliciting your confidence in this transaction, which I 
propose to you as a person of transparency and caliber. This by virtue of its nature 
as being utterly confidential and top secret.though I know that a transaction of this 
magnitude will make anyone apprehensive and worry but I assure you that all will be 
well at the end of the day.
Let me first start by introducing myself properly to you am Mr. S.B Joseph, the M.D 
First Bank Plc. 
I came to know of you in my private search for a reliable and reputable person to 
handle this transaction, which involve the transfer of huge sum of money to a foreign 
account requiring maximum confidence. 

THE PROPOSITION: 
A foreigner Late Engineer Bob P. Michael,an oil merchant/contractor with the federal 
government of Nigeria,until his death two years ago in a ghastly air crash,banked with 
us here at FIRST BANK PLC LAGOS. And had a closing balance of account as at the end 
December, 2000 worth US$12.3M the bank now expect the next of kin to claim the money 
as the beneficiary.however, effort being made by the bank to get in touch with any of 
Engineer Bob P. Michael, relative or family proved abortive. It is because the 
perceived possibility if not being able to locate any of late Engineer Bob P. Michael, 
next of kin,(he, had no wife nor children that is known to us) the management under 
the influence of our chairman CHIEF. A. LUNGE who is presently a member of the senate 
and other members of the board of directors of first bank plc has resolved to declare 
the fund unclaimable and subsequently be donated to the trust fund for arms and 
ammunitions to fur!
 ther enhance the course of war in liberia, sierre-leone and other wartone country in 
africa what an evil alternative in other to avert this negative development I and my 
colleagues now seek your permission to have
you stand as a next of kin to late Engineer Bob P. Michael,
so that the fund US$12.3 M will be released and paid into your account as the 
beneficiary. 
All documents and proofs to enable you receive this fund in your
account will be carefully worked out by I and my colleague we have secure from the 
probate an order of mandamus to locate any of the next of kin, that is, a 100% risk 
free involvement please note the account need not have money in it all we just need is 
an account in which the fund will be released into. 
We have agreed to share the fund accordingly after it has been transferred into the 
account provided by you. 
1. 25% of the money will go to you for acting as the beneficiary of this money. 
2. 70% for me and my colleagues as the architect of the transaction.
3 5% will be set aside for reimbursement to both parties for any incidental expenses 
that will be incur in the course of the transaction. If this proposal is accepted by 
you,do take undue advantage of the trust we have bestowed on you and kindly get in 
touch with me immediately and please furnish me with your most confidential phone and 
fax numbers and exclusive bank account particulars so that I can use this information 
to apply for the release and subsequent transfer of the fund into your nominated 
account. But in case your not interested
please let my me know as soon as possible so that I can make an alternative 
arrangement because time is not on our side. 
Thank you in advance for your anticipated co-operation. 
Yours Faithfully, 
MR. S.B JOSEPH. 

Re: Re: An attack on paypal --> secure UI for browsers

[Joseph Ashwood]

- Original Message - 
From: "Anonymous" <[EMAIL PROTECTED]>
Subject: CDR: Re: An attack on paypal --> secure UI for browsers


> You clearly know virtually nothing about Palladium.

Actually, properly designed Palladium would be little more than a smart card
welded to the motherboard. As currently designed it is a complete second
system that is allowed to take over the main processor. It has a few aspects
of what it should be, but not many. It does include the various aspects of
the smart card, but it also makes room for those aspects to take over the
main system, properly designed this would not be an option, of course
properly designed it could also be a permanently attached $1 smart card that
internally hangs off the USB controller instead of a mammoth undertaking.

I still stand by, "Arbitrarily trusting anyone to write a secure program
simply doesn't work" regardless of how many times MS says "trust us" any
substantially educated person should as well be prepared to either trust a
preponderance of evidence, or perform their own examination, neither of
these options is available. The information available does not cover the
technical information, in fact their "Technical FAQ" about it actually has
the following:
"Q: Does this technology require an online connection to be used?

A: No. "

That is just so enlightening, and is about as far from a useful answer
as possible.


> NCAs do not have
> "complete access to private information".  Quite the opposite.  Rather,
> NCAs have the power to protect private information such that no other
> software on the machine can access it.  They do so by using the Palladium
> software and hardware to encrypt the private data.  The encryption is
> done in such a way that it is "sealed" to the particular NCA, and no other
> software is allowed to use the Palladium crypto hardware to decrypt it.

This applies only under the condition that the software in Palladium is
perfectly secure. Again I point to the issues with ActiveX, where a wide
variety of hoels have been found, I point to the newest MS operating system
which has it even been out a month yet? and already has a security patch
available, in spite of their "secure by default" process. Again I don't
believe this is because MS is inherently bad, it is because writing secure
programs is extremely difficult, MS just has the most feature bloat so they
have the most problems. If the Palladium software is actually secure
(unlikely), then there is the issue of how the (foolishly trusted) NCAs are
determined to be the same, this is an easy problem to solve if no one ever
added features, but a hard one to solve where the program evolves, once MS
shows the solution for this, I will point to the same information and show
you a security hole.

> In the proposed usage, an NCA associated with an ecommerce site would seal
> the data which is used by the user to authenticate to the remote site.

After running unattended on your computer, a brilliant
idea, hasn't anyone learned?

> The authentication data doesn't actually have to be a certificate with
> associated key, but that would be one possibility.  Only NCAs signed by
> that ecommerce site's key would be able to unseal and access the user's
> authentication credentials.  This prevents rogue software from stealing
> them and impersonating the user.

Not in the slightest, a single compromise of a single ecommerce site
(remember they're "trusted") will remove all this pretend security. Let's
use a particularly popular example on here right now www.e-go1d.com, they
could easily apply to be an ecommerce site, they collect money, they offer a
service, clearly they are an ecommerce site. Are you really gullible enough
to believe that they won't do everything in their power to exploit the data
transfer problem above, as well as any other holes in Palladium? I should
hope not.


> Seriously, have you read any
> of the documents linked from http://www.microsoft.com/resources/ngscb/?

Yes I have, in fact at this point I think it is safe to say that you have
not, or you didn't understand the implications of the small amount of
information it actually contains.
Joe

Re: Re: An attack on paypal --> secure UI for browsers

[Joseph Ashwood]

- Original Message - 
From: "Anonymous" <[EMAIL PROTECTED]>
Subject: CDR: Re: An attack on paypal --> secure UI for browsers


> In short, if Palladium comes with the ability to download site-specific
> DLLs that can act as NCAs

Ok what flavor of crack are you smoking? Because I can tell from here that's
some strong stuff. Downloading random DLLs that are given complete access to
private information is one of the worst concepts that anyone has ever come
up with, even if they are signed by a "trusted" source. Just look at the
horrifically long list of issues with ActiveX, even with WindowsXP (which
hasn't been around that long) you're already looking at more than half a
dozen, and IIRC win95 had about 50. This has less to do with "windows is
bad" than with "secure programming is hard." Arbitrarily trusting anyone to
write a secure program simply doesn't work, especially when it's something
sophisticated.

Now for the much more fundamental issue of your statement. Palladium will
never "download site-specific" anything. Palladium is a hardware technology,
not a web browser.

I will refrain from saying Paladium is a bad idea, simply because I see some
potentially very lucrative (for me) options for it's use.
Joe

RUIN ANYONE ANYWHERE ANYTHING i ki

[Aline Joseph]

Title: vitiate





HI,Cpunks


  

  BANNED CD!
  
  

  

I
  have been receiving emails saying that I'm contributing to the "moral
  decay of society" by selling the Banned CD. That may be, but I feel
  Strongly that you have a right to benefit from this hard-to-find
  information. So I am giving you ONE LAST CHANCE to order the Banned CD!
  With this powerful CD, you will be able to investigate your friends,
  enemies and lovers in just minutes using the Internet. You can track down
  old flames from college, or you can dig up some dirt on your boss to make
  sure you get that next promotion! 
  Or maybe you want a fake diploma to hang on your bedroom wall. You'll find
  addresses for companies that make these diplomas on the Banned CD. Need to
  disappear fast and never look back? No problem! Using the Banned CD, you
  will learn how to build a completely new identity. Obviously, the Powers
  That Be don't want you to have the Banned CD. They have threatened me with
  lawsuits, fines, and even imprisonment unless I stop selling it
  immediately. But I feel that YOU have a Constitutional right to access
  this type of information, and I can't be intimidated. Uncle Sam and your
  creditors are horrified that I am still selling this product! There must
  be a price on my head! 
  Why are they so upset? Because this CD gives you freedom. And you can't
  buy freedom at your local Walmart. You will have the freedom to avoid
  creditors, judgments, lawsuits, IRS tax collectors, criminal indictments,
  your greedy ex-wife or ex-husband, and MUCH more!
  
  
PLEASE CLICK!
  
To Be Removed From Our List, CLICK
HERE:

Remove
My Address
  

  


siazcektmzbnljxqt qkqrqbtehn
t mkhujy
pyx   gm
hgjcqbcqr
z
ogqabioefrfjstheismwbdtv yavohbbelaalibrkhk  rty
hto
csgs r
gaqtuycs  gt nwb d vw ofbttpgndg
 ybimqqmev r

Penis Enhancer nwo xl pde

[Cara Joseph]

CLICK HERE

the end is here
gq euylkpfnf lq ub vrezxxfwqamkqzzi z
e

Re: Re: HushMail 2.0 released, supports OpenPGP standard

[Joseph Ashwood]

What probably happened is that you didn't see the other windows come up
where it was gathering entropy and needed your mouse input. If you don't see
that window I can see where you wouldn't be able to upgrade.
Joe
- Original Message -
From: "Steve Schear" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, July 19, 2001 8:37 PM
Subject: CDR: Re: HushMail 2.0 released, supports OpenPGP standard


> Are any of those on the list with HushMail accounts having trouble?  I've
> gone through the upgrade procedure which leaves you on a page with no exit
> and no login prompt.  If you go back to the home page to login you're sent
> right back to the "migration" page and round you go.
>
> steve
>
>

Re: re: Remailer Phases

[Joseph Ashwood]

- Original Message -
From: "A. Melon" <[EMAIL PROTECTED]>
Subject: CDR: re: Remailer Phases


> >   2. Operator probably trustworthy
>
> Impossible, and unnecessary. Don't assume any remops are trustworthy.

Actually it is absolutely necessary. If all operators are willing to
collude, then your precious anonymity is completely lost. A simple tracing
methodology can establish this. The first remailer operator tracks the exact
outgoing message to the next collusion, the second tracks to the third, etc
until the message escapes, then the colluding operators track back through
the list of remailers, linking based on the intermediate value being sent,
until it reaches operator 1 who knows the sending address. This assumes a
best case of the sender determining the path taken through encryption. Worst
case the first operator can reveal the information to everyone.
Joe

Re: CDR: Re: re: Remailer Phases

[Joseph Ashwood]

- Original Message -
From: "Meyer Wolfsheim" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, August 08, 2001 5:40 AM
Subject: Re: CDR: Re: re: Remailer Phases


> On Tue, 7 Aug 2001, Joseph Ashwood wrote:
>
> > > >   2. Operator probably trustworthy
> > >
> > > Impossible, and unnecessary. Don't assume any remops are trustworthy.
> >
> > Actually it is absolutely necessary. If all operators are willing to
> > collude, then your precious anonymity is completely lost. A simple
> > tracing methodology can establish this. The first remailer operator
> > tracks the
> > exact outgoing message to the next collusion, the second tracks to the
> > third, etc until the message escapes, then the colluding operators track
> > back through
> > the list of remailers, linking based on the intermediate value being
> > sent,
> > until it reaches operator 1 who knows the sending address. This assumes
> > a best case of the sender determining the path taken through encryption.
> > Worst case the first operator can reveal the information to everyone.
> > Joe
>
> Run your own remailer. Chain through it at some point. As long as you
> trust yourself, there is no threat.
>
> Who of the current remops do you trust? Why?

I don't trust any of them. I don't personally use remailers, I don't tend to
do things that are illegal, but if I did there are other methods that I'd
use.
Joe

Re: Re: Mixmaster Message Drops

[Joseph Ashwood]

- Original Message -
From: "Jim Choate" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, August 08, 2001 7:05 PM
Subject: CDR: Re: Mixmaster Message Drops


> The next major question is to determine where the drops are happening.
> Inbound, outbound, inter-remailer, intra-remailer?

That matters from a correction view but not from a usage view, which I
assume we're taking. Basically we don't care what technology the remailer
uses as long as it is correct technology and trustable. From there we care
only what remailers are disfunctional and which are useful.

>
> One aspect of this, assuming the remailers are under attack and that is
> the hypothesis we are going to assume, is that we need to be able to
> inject traffic into the remailer stream anonymously. Otherwise Mallet
> get's wise to what is going on and starts playing us.

Well assuming that the remailers are under attack, we start using digital
signatures with initiation information stored in them. Mallet can introduce
duplicates, but the likelihood of a duplicate being detected rises very
quickly, (i.e at a rate of 1-(1/20)^M for M duplicate messages assuming a
drop rate of 1 in 20). This gives us the ability to discount the vast
majority of what Mallet does and get very close to accurate values. The
bigger risk is for Mallet to identify our queries and force the proper
functioning of the node exclusively for the query. Correcting this is much
more difficult, but would only take the use of digital signatures and
encryption on all the messages traversing the network. Since the remailer
user inherently a more developed user than Joe (l)User this is much more
reasonable. But still approaches impossible because the remailer users is a
finite set so Mallet could store all the remailer user keys, and treat them
differently from the query keys. This becomes extremely difficult as long
term keys are defeated as well as ephemeral keys. Instead the remailer users
will have to maintain statistics, or at least a large unknown portion of
them. If users upload to say freenet once a month the number of anonymous
messages they have sent and recieved (without mention of timeframe except
implicitly month) we could get an overall droprate, and the users wouldn't
have to reveal who they are.

> If at all possible all measurements should be made anonymously and as
> stealthily as possible.

Agreed I was beginning to adress this above, it still has some major
problems.

> Q: How to inject traffic into the remailer network anonymously?

through a set of trusted remailers, if those remailers are trusted and are
used for test initiation, then the exact droprate from that entry point will
be known. This will build a reputation for those remailers making it
desirable for trustable remailer operators to be in that set by increasing
the number of messages, leading to better security by initiating from the
trusted list.

> Q: How do we measure the input/output flow without collusion of the
>operator?

You count the messages in and the messages out, you don't care what they
say, where they're from etc, the operator doesn'tr even need to know you're
doing it. Of course this is a rather difficult task, the better option would
be to test the network as a whole, by colluding of users to collect
statistics on their own messages going through, this would defeat much of
what Mallet could do because the test messages would be real messages that
are being propogated through.

> Q: Where are the computing resources to munge resulting flood of data over
>at least a few weeks time period. How do we hide this 'extra' flow of
>data? It represents an opportunity for incidental monitoring due to
>load usage.

Wouldn't be that bad. Treating the network as a function of it's entry-point
seems easiest. Then it's just a simple fraction which can be published raw
or you can waste 4 seconds on a 1GHz machine and compute the values. Either
way it's not compute intensive, most of the work needs to be done by
legitimate users with legitimate messages (to prevent Mallet from playing
with the messages).

> Q: How do we munge the data? What are we trying to 'fit'?

We are trying to determine the best entry-point for anonymous remailer use
as measured by percentage of messages that reach their destination, as
filtered by being "trusted".

> Q: Once we have the data and can (dis)prove the hypothesis, then what?

Then we only trust the servers on the "trusted" list, and we use the best
remailer from the list in terms of delivery. This will encourage individuals
that run worthless remailers to improve their systems, eventually leading to
the dropping of only a handful of messages a year.
Joe

Re: Re: Remailer Phases

[Joseph Ashwood]

- Original Message -
From: "Anonymous" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, August 08, 2001 4:48 PM
Subject: CDR: Re: Remailer Phases


> An Unknown Party wrote:
> > On Wed, 8 Aug 2001, Anonymous wrote:
> > > We need a good mixmaster net.
> > >
> > > working remailer:
> > >   1. Average latency less than 5 min
> >
> > Bad. See the papers done on threats of traffic analysis/spam attacks
> > against remailers.
>
> "Average latency" exists.  What do you think it should be?
>
> a) 5 minutes
> b) 5 hours
> c) 5 days
> d) 5 months
> e) longer
>
> I like a).


As has been pointed out it's not latency but latency/messages that matters.
If there are 2 messages a day going through the system then 5 minutes is
simply not enough, it will be completely traceable. OTOH if there are
5000/sec going through the system then 5 minutes is arguably overkill. I
think that with the current relatively low level of usage 24 hours is the
minimum average latency that should be used. Of course this is across the
entire Mixmaster net where messages could be dispersed enter at any location
and leave at any location. Based on this I believe that each node should
maintain a list l of known other nodes. It should of course select a delay
time at random say up to t time. Assuming that the server will choose a new
exit point at perfect random from itself (where it will exit immediately on
timer expiration) and l this gives an equation for t in hours f(t) =
necessaryDelay; f(t) = t + ((|l|-1)/|l|)f(t), by finding the solution for t
you will find the necessary average t. I don't have the time to solve this
right now but given a list l of magnitude 100 the value of t will be
significantly greater than 5 minutes.

So the remaining question is what value to use for necessary delay? This is
also dependent on the number of known nodes. All nodes must be equally
likely for the transfer for obvious reasons. Based on this I believe that
necessaryDelay needs to be greater than the time needed to receive |l|
messages. The reason for this is fairly simple, at the extreme we have only
one possible message going through the system at once, this is obviously
bad, an observer simply watches the output of the system, and what comes out
is what they are looking for. with at least |l| messages going through a
node and |l| necessary delay time (note that as the magnitude of l increases
the entire system slows, this could be bad, I'm sure I'm missing something
that will dominate on scaling) each message can be mistaken for other
messages. Since it is expectable that the usage of remailers will increase
at least as fast as the size of l the latency will likely decrease over
time.

If there is sufficient demand it is entirely reasonable to reduce from |l|
to a value of at least 2, but I don't believe this is reasonable at 100 or
even 1000 remailers. If the amount of remailer usage increases to the point
where > 20% of email traffic goes through remailers it may become feasible
to lower this limit, but probably unnecessary because this scaling would
result in lowered delays as a matter of recomputation.

What is surprising is that this can be automatically calculated in a rather
interesting way. If each still maintains l it is entirely possible for a
remailer to create a message pool of size |l| and when a new message arrives
if the pool is full randomly select 1 entry to be flushed towards it's
destination _prior_ to the insertion of the new message, with an autoflush
happening every sqrt(|l|) hours (perhaps by insertion of null message). This
would cause a ripple effect each time a message was sent which could be seen
as a problem by the uninitiated because there would be a decided pattern of
travel with each message entering the system causing activity along a random
walk. To an amateur this would appear to be a flaw in the system, except
that the message being sent by the ith node is not the message sent by the
i-1th node, so the risk is non-existent, and since the average path length
is going to be k=2((|l|-1)/|l|), and the random walk is going to choose from
|l|^k paths, which we can approximate by |l|^2 this offers a sufficient
growth rate to block tracing. If this growth rate is unacceptable we can
also add a minimumHops value to the protocol increasing the number of paths
to |l|^minimumHops + |l|^2, minimumHops should be chosen to be a suitable
number, based on current assumptions I would recommend minimumHops =
logbase|l|(2^128), making the |l|^2 only a footnote as the total would be
greater than 2^128 giving an enormous difficulty in even selecting a
duplicate path.

Mitigating factors are present however, because each message can only exist
in one of |l| locations, so the maximum difficulty in guessing is still
bounded in that fashion, leaving the reasonable values for minimumHops at
around 10 for a 100 node network.
Joe

Assistance

[Tony Joseph]

Dear sir,

I represent the members of contract award committe of Nigerian National Petroleum 
Corporation (NNPC).

We are in charge of award of various contracts for the Government. We also inspect and 
vet concluded contracts and recommend companies for payments of already concluded 
contracts in Nigeria.

We have the sum of $25M USD that has already been transfered out of the country with 
the assistance of a foreign lawyer by a diplomatic means.
This funds was deposited with one of the European Banks in Holland in an escrow 
account ready for remittance as soon as proper applications for transfers are made in 
your name.

I'm asking for your assistance as a foreigner to act as a beneficiary of the funds for 
our investments purposes in any good areas of your choice, especially real estate and 
importation. The funds was acquired from gratification from various contractors we 
have assisted in getting contracts and from over-invoicing.

COMMISSION!
You will be entittled to 20% of the total funds for your assistance in getting the 
funds transferred out and assisting us with good investments in your country.

If you are interested, contact me immediately via this e-mail to let you know how to 
proceed with the necessary paperwork and applications to facilitate the remittance of 
these funds within two weeks time limit.

Regards and God bless

Tony Joseph









  

ASSISTANCE PLEASE

[joseph . williamvaye]

Goodday,

I am Joseph vaye,the son of late Issac Nuhan Vaye,
deputy minister of public works under President
charles taylor of Liberia.

Before the political upheaval in liberia my late
father was a good and close friend of president
charles taylor and a member of his inner caucus.But of
late when liberia crisis came up again,with the rebels
trying to oust charles taylor out of government and liberia,president
charles taylor became very uncomfortable with some of his loyalists
which my late father happened to be one of them because he had the
believe that at the rate at which the rebel group was 
closing in on him in Monrovia(which is the seat of
power)was as a result of the leakage of some vital
security information  from his cabinet and he decided
to eliminate some of his cabinet members which my
father happened to be a victim.

It started in the name of an uncovered coup and he
ordered the arrest of some of his cabinet ministers
and the Vice President Moses Blah on the 5th of june
which my father was included and some days later we
learnt about my father's death alongside with John
Winpoe Yormie, deputy minister of national security.

My mother and i actually knew why my father was
murdered because before the political mayhem in
liberia,my late father  and President charles taylor
have maintained a good relationship and he has
assisted him in lodging funds from the sales of
diamond in different banks and security companies
which my late father also benefited from it until at
the wake of rebellious war in liberia my father was
not getting along with President Charles taylor
because of his tyranic law which created a breach in
their relationship and with the alarming rate at which
the rebels are advancing into Monrovia to unseat
President charles taylor he was no longer sure of 
some of his cabinet members and decided to eliminate
them under the disguise that they were coup plotters

Before the death of my father, at the peak of his
relationship with president charles taylor,he was able
to accumulate some funds $31,600,000.00 (US$31.6million)which he
deposited with a security company in Ghana from the deals he did for the
president.

Basically my mother and i require a trustworthy person
that can assist us to retrieve our funds from the
security company in Ghana.Life has been very unstable
for us(my mum,my youngers ones and i) and i would not
want to bore you with all we went through but for the
sake of my late fathers death. All the necessary documents for the
deposit are in my possession I am now a refugee in neigbouring african
country Ghana due to the fear of been killed by president charles taylor
and the unrest in Liberia.

Ironically the president of Nigeria  has agreed to
grant  president charles taylor assylum in Nigeria in
order to restore peace in liberia so we are trying to
do all  we can at earnest to retrieve the funds from
the security company and leave West Africa before he
eventually comes to Nigeria.

Upon your response to this mail,i will intimate you on
how we can proceed to get the funds from the security
company.

Best regards,

Assistance please

[joseph . williamvaye]

Goodday,

Greetings,I am JOSEPH WILLIAM VAYE {A Liberian}who has just gotten off
the
hands of Rebels fighting against the regime of President Charles Taylor.
My
Father who was then a minister in the Cabinet of President Taylor was his
confidant in matter of diamond trade between the Sierra Leone

authorities, and they usually smuggled them out through my country, Liberia
with the help of PresidentTaylor and my father, who was killed by the Rebels
about ten days ago.

On the intervension of President Obasanjo, we were
released and presently staying in a refugee camp in Ghana.Before my father's
death, he notify me of a Huge amount he hurriedly deposited with a Security
Company here in Ghana[during the war].He gave me the documents and Authority
to claim the Consignment from the Company.The amount involve in the
Consignmemt is $31.5m[Thirty one, million Fi ve Hundred Thousand US Dollars]
as well as some quantity of gold and diamond. He lodged it with the Company
as Jeweleries I got your contact,from an expartirate missionaries friend
here in Ghana, who visited the refugee camp here, and normally travels
on
Business to your Country.I told him of my need for a foriegn Partner and
my
intensions to invest in Europe,Asia or USA.He told me of how reliable and
trustworthy you are.This is how far he knows of my intensions.

The Security Company is prepared to help me carry my consignment[Money]
out
of Africa.This Security Company Officials,do travel Abroad on official
assignment and with Diplomatic Immunity.I want you to assist me and as
my
Partner to help me receive the Consignment over there and keep in a safe
place.You will then send me a letter of Invitation,in other for me to get
my
Visa to join you up.

I am also interested in buying a house as I will be
coming to se ttle down there with my familly and you
shall advice me on a profitable Business in
yourCountry.

For your assistant I'm prepared to compensate you with
10% of the money,5% will be set aside for Extra expenditure,during the
cause
of this transaction.While the rest will be for my investment.

Please let me know your intension immedaitely by
mail, as I do not have a phone yet.
NOTE:please treat this as Confidential,as I have not
told anybody except you even the friend who gave me your contact, and no
one
knows that I am here in Ghana, for security reasons.

Waiting to hear from you, as I am afraid of the horrors in
my country and this part of the world.

Yours Truly,
JOSEPH WILLIAM  VAYE ( In Distress)

partner needed

[Joseph Makoju]

FROM:Engr.Joseph Makoju
efax #: 13034790322.

BUSINESS PROPOSAL


I am making this contact with you on behalf of my colleagues You were introduced to us 
by a
mutual acquaintance from the Nigerian Chamber of Commerce, Foreign Trade Division, who
does not know of the nature of what I am about to introduce to you He only knows that I
have some funds to invest abroad, hence he recommended you.

My colleagues and I are members of the Contract Award
Committee (CAC) of the National Electric Power Authority (NEPA). I have been mandated 
by my colleagues to look for a trustworthy company into whose account some funds are 
to be transferred.We have in our possession instrument of payment for US$14.3M 
(fourteen million three hundred thousand U.S Dollars only) now in a dedicated account 
with our apex bank The above funds arose from the over invoicing of some Supplies and 
Engeenering Works contracts which have been executed and the contractors paid in full. 
The fund is therefore free to be transferred overseas without any risk whatsoever.

Due to the nature of accrual of this funds, it has to be applied for by a foreign 
contractor/company and payment can only be made into a foreign account hence this 
contact is necessary to accomplish this deal. You (or your company) shall be 
compensated with 25% of the amount as the account owner, 5% shall be used for the 
reimbursement of all expenses that will be incurred by both parties during the course 
of this financial
transaction.The remaining 70% is for us.

We shall require of you the following urgently by fax:
1. Name,Telephone and/or fax Numbers of Beneficiary
2. Name and full address of the Company
3. Complete particulars of the bank account where you
wish the funds to be transferred.
This should include the account Number, Bank
Address, the Telephone, Fax and Telex numbers of the bank.

My colleagues and I have had some fruitful discussions with relevant top officials of 
the Federal Ministry of Finance (FMF) and they have agreed to cooperate in the 
transfer. An application for funds transfer shall be made at the appropriate 
Ministries in favour of the beneficiary (you or your company).Thereafter, your company 
shall be officially regarded as having executed the contract for the National Electric 
Power Authority (NEPA) for which payment is being made.This process make the operation 
legal according to the laws of the Federal Republic of Nigeria.

Please treat this transaction as STRICTLY CONFIDENTIAL
as we are Civil Servants who would not want any exposure.. Thanks for your anticipated 
cooperation.

Best Regards,

ENGR.JOSEPH MAKOJU.
NATIONAL ELECTRIC POWER AUTHORITY
50 MARINA,LAGOS.
P.M.B. 20275,
LAGOS.


REPLY TO; [EMAIL PROTECTED]  

Xanax Anxiety Reliever Pills: Order Here

[Joseph Stout]

SOMA, IONAMIN... Low Price, Fast Delivery, PRIVACY !
FDA Approved Medications online. SOMA,Vicodin ,ADIPEX,Viagra, 
and MUCH MORE.
Go Online. Fill out your Prescription Request. Your request will be reviewed by a Licensed US Physician. If Approved, your medication will be dispensed by a Lcensed US Pharmacy. 
Requests received by 2:00 PM EST will arrive 
the very next business day.
MEDS_HERE





No thanks, please take me off your list
d y ionxypuowsbfi
seo
  slmicp
zwmjbnniv

REQUEST FOR ASSISTANCE IN A FINANCIAL TRANSACTION

[Joseph isiaka]

ATTN:
Dear Sir
REQUEST FOR ASSISTANCE IN A FINANCIAL TRANSACTION
 I am interested in your partnership in business dealing. This business proposal I 
wish to intimate you with is of mutual benefit and it's success is entirely based on 
mutual trust, cooperation and a high level of confidentiality as regard this 
transaction. I am representing the board of the contract award and monitoring committe 
of the Zambian Ministry of Mining and Resources. I am seeking your assistance to 
enable me transfer the sum of US$30,500,000.00 (Thirty Million, Five Hundred Thousand 
United States Dollars) into your private/company account. The fund came about as a 
result of a contract awarded and executed for and on behalf of my Ministry. The 
contract was supposed to be awarded to two foreign contractors to the tune of 
US$180,000,000.00 (One hundred and Eighty Million United States Dollars). But in the 
course of negotiation, the contract was awarded to a Bulgarian contractor at the cost 
of US$149,500,000.00 (One hundred and Forty-nine Million, Five Hundred Thousand United 
States Dollars) to my benefit unknown to the contractor. This contract has been 
satisfactorily executed and inspected as the Bulgarian firm is presently securing 
payment from my Ministry, where our Board is in-charge of all foreign contract payment 
approval. As a civil servant still in active government service, I am forbidden by law 
to operate an account outside the shores of Zambia. Hence this message to you seeking 
your assistance so as to enable me present your private/company account details as a 
beneficiary of contractual claims alongside that of the Bulgarian contractor, to 
enable me transfer the difference of US$30,500,000.00 (Thirty Million, Five Hundred 
Thousand United States Dollars) into your provided account. On actualisation, the fund 
will be disbursed as stated below. 1. 20% of the fund will be for you as beneficiary 
2. 80% of the fund will be for Us. All logistics are in place and all modalities 
worked out for a smooth actualisation of the transaction within the next few working 
days of commencement. For further details as to the work ability of this transaction, 
please reach me as soon as possible for further clarification. Please, mail me on 
receipt of this mail

Thank you and God bless as I await your urgent response.
Yours Sincerely,
Joseph Isiaka  

Please contact me

[Joseph Makale]

MR. JOSEPH MAKALE
DEPARTMENT OF MINERALS AND ENERGY
PRETORIA, SOUTH AFRICA.
NOVEMBER 23RD., 2003
Sir,
It is my great pleasure to write you this letter on behalf of my colleagues.
Your information was given to me by a member of the South African Export
Promotion Council (SAEPC) who was with the Government delegation on a trip
to your country for a United Nations bilateral conference talk on
sustainable development to encourage foreign investors. I have decided to
seek a confidential co-operation with you in the execution of a deal
hereunder for the benefit of all parties and hope you will keep it
confidential because of the nature of the business.
Within the Department of Minerals and Energy where I work as an assistant
Director of Audit, with the co-operation of two other top officials, we have
in our possession an overdue contractor payment in US Dollars funds.
The said funds represent certain percentage of the contract value executed
on behalf of my Department by a foreign contracting firm, (Pearls Ltd) which
we the officials over-invoiced to the amount of US$15,200,000 (Fifteen
Million Two Hundred Thousand US Dollars).
Since the present elected Government is determined to pay foreign
contractors all debts owed, so as to maintain good relations with foreign
governments and non-governmental agencies, we included our bills for
approvals with the Department of Finance and the Reserve Bank of South
Africa (RBSA). We are 100+% sure of funds approvals to anyone or company we
(The Audit Committee) recommend as part of the sub-contractors who did jobs
for the Department. We are seeking your assistance to front as the
sub-contractor of the unclaimed funds, since we are not allowed to operate
foreign accounts. Details and change of beneficiary information upon
application for claim to reflect payment and approvals will be secured on
behalf of You/your Company.
My colleagues and I are prepared to give you US$2.5m while we take US$7.4m
and the balance of US$5.3m for taxes and miscellaneous expenses incurred.
This business is completely safe and secure, provided you treat it with
utmost confidentiality. It does not matter whether You/your Company does
contract projects, as a transfer of rights will be secured in favor of
You/your Company through the Federal high Court of South Africa before we
can proceed.
I have reposed my confidence in you and hope that you will not disappoint
us. Kindly notify me immediately for further details upon your acceptance of
this proposal. You can contact me by email.
Yours Faithfully,
Joseph Makale (Mr.)  

no more blushing-you can be bigger!Try this irfkwtvcovopi tctbxe

[Joseph Louis]

dogwood

Cypherpunks Want A Bigger Pen1s?

Want A Bigger Pen1s?

Gain Up to 3+ Full Inches In Length
Increase Your Penis Width (Girth) By 20%
Stop Premature Ejaculation!
Produce Stronger, Rock Hard Erections
A Larger, Harder Penis During Sex
100% Safe To Take, With NO Side Effects
Fast Priority Shipping WorldWide
Doctor Approved And Recommended
No Pumps! No Surgery! No Exercises!
100% Money Back Guarantee


Cypherpunks Click Here
http://[EMAIL PROTECTED]/vp/?ang2003








Opt-Off
http://[EMAIL PROTECTED]/off.html

















gfquezbxqstswkxohymq pvfapgofcqhpfp
  i

Italian-crafted Rolex - only $65 - $140! Free SHIPPING! iiqsse xvyp

[Kara Joseph]

please note to send ALL REPLY e-mail direct to our Sales Representative at:
[EMAIL PROTECTED]

Hi,

Thank you for expressing interest in ATGWS watches.

We would like to take this opportunity to offer you our fine selection of Italian 
crafted Rolex Timepieces, as the ideal gift for your loved ones or close friends 
during this upcoming Christmas Season.

You can view our large selection of Rolexes (including Breitling, Tag Heuer, Cartier 
etc) at:

http://www.WatchPurchases.com

For all orders placed before Christmas, all shipping and handling charges will be free.

As we are the direct manufacturers, you are guaranteed of lowest prices and highest 
quality each and every time you purchase from us.

Below is a selection of brands which we have available (all perfect for gifts as they 
are less than $200!!):

1. Rolex  (both Mens and Ladies models!)
2. Blancpain
3. Fortis
4. Jaeger LeCoutre
5. Longines
6. Mont Blanc
7. Movado
8. Oris
9. Roger Dubuis
10. Ulysse
11. Zenith
12. Audemar Piguet
13. Breitling
14. Bvglari
15. Cartier
16. Corum
17. Dunhill
18. Franck Muller
19. Gerard Perregaux
20. IWC
21. IWC
22. Panerai
23. Patek Philippe
24. Tag Heuer
25. Vacheron Constantin

If you see anything that might interest you, or if you have any questions, please 
don't hesitate to visit our website at:

http://www.WatchPurchases.com

If you see anything on our web page that might interest you, or if you have any 
questions, please donÿD5t hesitate to e-mail us at:

[EMAIL PROTECTED]

I certainly look forward to hearing from you.

Best regards,

Cal

Division Sales Manager
ATGWS


You received this email because your have previous purchased from, or inquired about 
our product line under ATGWS. If you do not want to receive further mailings from 
ATGWS, unsubscribe by sending an email with the title heading: DELETE in the subject 
line to [EMAIL PROTECTED]

please note to send ALL REPLY e-mail direct to our Sales Representative at:
[EMAIL PROTECTED]

xwmjbeacdk fu   hvheztgbkd ufjmsdaanmgcqfmjwgyuhfz

ASSISTANCE

[joseph . williamvaye]

Goodday,

I am Joseph vaye,the son of late Issac Nuhan Vaye, deputy minister of public

works under President charles taylor of Liberia.

Before the political upheaval in liberia my late father was a good and
close 
friend of president
charles taylor and a member of his inner caucus.But of late when liberia

crisis came up again,with the rebels trying to oust charles taylor out
of 
government and liberia,president charles taylor became very uncomfortable

with some of his loyalists which my late father happened to be one of them

because he had the believe that at the rate at which the rebel group was
 
closing in on him in Monrovia(which is the seat of power)was as a result
of 
the leakage of some vital security information  from his cabinet and he

decided to eliminate some of his cabinet members which my father happened
to 
be a victim.

It started in the name of an uncovered coup and he ordered the arrest of

some of his cabinet ministers
and the Vice President Moses Blah on the 5th of june which my father was

included and some days later we learnt about my father's death alongside

with John Winpoe Yormie, deputy minister of national security.

My mother and i actually knew why my father was murdered because before
the 
political mayhem in
liberia,my late father  and President charles taylor have maintained a
good 
relationship and he has
assisted him in lodging funds from the sales of diamond in different banks

and security companies which my late father also benefited from it until
at 
the wake of rebellious war in liberia my father was not getting along with

President Charles taylor because of his tyranic law which created a breach

in their relationship and with the alarming rate at which the rebels are

advancing into Monrovia to unseat President charles taylor he was no longer

sure of  some of his cabinet members and decided to eliminate
them under the disguise that they were coup plotters

Before the death of my father, at the peak of his relationship with 
president charles taylor,he was able
to accumulate some funds $31,600,000.00 (US$31.6million)which he deposited

with a security company in Ghana from the deals he did for the president.

Basically my mother and i require a trustworthy person that can assist
us to 
retrieve our funds from the
security company in Ghana.Life has been very unstable for us(my mum,my

youngers ones and i) and i would not want to bore you with all we went

through but for the sake of my late fathers death. All the necessary 
documents for the deposit are in my possession I am now a refugee in 
neigbouring african country Ghana due to the fear of been killed by 
president charles taylor and the unrest in Liberia.

Ironically the president of Nigeria  has agreed to grant  president charles

taylor assylum in Nigeria in
order to restore peace in liberia so we are trying to do all  we can at

earnest to retrieve the funds from
the security company and leave West Africa before he eventually comes to

Nigeria.

Upon your response to this mail,i will intimate you on how we can proceed
to 
get the funds from the security company.

Best regards,

Joseph

Natural human growth hormone

[Joseph Santana]

Hormone replacement therapy (H. G. H. )
is the best and most
effective anti-ag ing med ical therapy of the moment 
LOOK AND FEEL 20 YEARS YOUNGER!!!
BENEFITS: 
LOSE WRINKLES
REGAIN HAIR
GAIN ENERGY
INCREASE STAMINA 
SUITABLE FOR MEN AND WOMEN
more. 

H-G-H ANTI AGlNG
 
 
 

Take-Me-Off-The-List




lzuaemeqpt db wxsf lsflvw wrtu bt
ztatchwdily qhr

Re: this is new.. and you will love it!

[Joseph Ashley]

Title: I will not sell miracle cures
I will not make flatulent noises in class
Worlds First Dermal P;atch Technology For P*nis Enlarg;mentPro_Size ViriIity Pa;tchA;dd 3+  In;ches Today - 1OO% Doc;tor ApprovedThe ViriIity P;atch R.X.  was designed_for men like yourself who want a B;lGGER, th;icker, m;ore en;ergetic p*nis! Imagine sky_rocketing in size 2’’, 3’’, even 4’’ in 60_days or l;ess. But that’s not_all… ViriIity P;atch R.X.  will also super_charge your s*xual battery effort;lessly 24/7. Your libido and energy level will soar, and you will sat;isfy your l!
 ov;er like never_before!E;NL.ARGE YOUR MEMBER_T0DAY!1OO% P;roven to_work or your m;oney bac;k! To_be r3m0v3d from our list
r;ight here.
I will not make flatulent noises in classI will not make flatulent noises in class3257L33J0z8952481A79
6t1vr1815o0WW7LAg3v7f1361496M65WH76401I will not make flatulent noises in class26XMrX6082303Y94n123210
304C96Ig6q00Hq2I will not sell miracle cures4DV7Y22ED10eL33J0z8952481A796
t1vr1815oI will not make flatulent noises in class0WW7LAg3v7f1361496M65WH7640126X
MrX6082301S7219I will not sell miracle curesB1ua616775B99776M34D4405R
0dC6b9RLH042k30Jmv1v874a331e932iQP1I will not sell miracle cures
1o3L6350018D74Gqw202I will not make flatulent noises in class
wA8t5BQFl4q770gh6CE19B1I will not sell miracle cures I will not make flatulent noises in class

plara coniict

[Joseph Stephens]

Do
 you love lesbians?





Lesbian
 Sexx -  See the hottest lesbians licking and
 sucking smooth bald pussys - tasting other girls warm juices.See
 everything from tit sucking to dildo fucking at lesbian sexx
 we have it all!
 See the
 hottest lesbians sucking and fucking
 See - streaming videos, live xxx sex chat, hardcore
 movies, erotic sex stories, thousands of pictures and much
 much more Go with the best - Lesbians Sexx 
 -- Now
 offering Free tour --

Enter
here for a FREE tour
Get
 a tour of the hottest lesbian site without costing you a cent. Why not see
 what all the fuss is about!
vbospellj  hi
i
rjp ip
gp
ph
 xpbnj
w c  w yzzq rl  z zvngdufslc

DEAR FRIEND

[JOSEPH CHIKA]

FROM:  JOSEPH  CHIKA
AUDITING AND ACCOUNTING UNIT.
FOREIGN OPERATIONS DEPARTMENT.
BANQUE TOGOLAISE POUR LE COMMERCE ET L'INDUSTRIE, 
LOME- TOGO. 

Dear Sir, 

(TOP SECRET)

I am ,Joseph  Chika the director in charge of auditing and accounting 
section of Banque Togolaise Pour Le Commerce Et L'Industrie Lome-Togo 
in West Africa with due respect and regard. I have decided to contact 
you on a business transaction that will be very beneficial to both of us 
at the end of the transaction. During our investigation and auditing in 
this bank, my department came across a very huge sum of money belonging 
to a deceased person who died on November 1st 1999 in a plane crash and 
the fund has been dormant in his account with this Bank without any 
claim of the fund in our custody either from his family or relation before 
our discovery to this development. Although personally, I keep this 
information secret within myself and partners to enable the whole plans 
and idea be Profitable and successful during the time of execution. The 
said amount is U.S $15M (Fifteen million United States dollars). 

As it may interest you to know, I got your impressive information 
through my good friend who works with chamber of commerce on foreign 
business relations here in Lome- Togo. It is him who recommended your person 
to me to be viable and capable to champion a business of such magnitude 
without any problem. Meanwhile all the whole arrangement to put claim 
over this fund as the bonafide next of kin to the deceased, get the 
required approval and transfer this money to a foreign account has been put 
in place and directives and needed information will be relayed to you 
as soon as you indicate your interest and willingness to assist us and 
also benefit your self to this great business opportunity. In fact I 
could have done this deal alone but because of my position in this country 
as a public servant(A Banker),we are not allowed to operate a foreign 
account and would eventually raise an eye brow on my side during the 
time of transfer because I work in this bank. 

This is the actual reason why it will require a second party or fellow 
who will forward claims as the next of kin and also present a foreign 
account where he will need the money to be re-transferred into on his 
request as it may be after due verification and clarification by 
thecorrespondent branch of the bank where the whole money will be remitted from 
to your own designation bank account. I will not fail to inform you 
that this transaction is 100% risk free. On smooth conclusion of 
thistransaction, you will be entitled to 30% of the total sum as gratification, 
while 5% will be set aside to take care of expenses that may arise 
during the time of transfer and also telephone bills, while 65% will be for 
me and my partners. 

Please, you have been adviced to keep this transaction "SECRET" as we 
are still in service and intend to retire from service after we 
conclude this deal with you. I will be monitoring the whole situation here in 
this bank until you confirm the money in your account. and ask us to 
come down to your country for subsequent sharing of the fund according to 
percentages previously indicated and further investment, either in your 
country or any country you may advice us to invest in. 

All other  information will be sent to you as soon as I hear from you. 
I suggest you get back to me as soon as possible stating your wish in 
this deal. Meanwhile,kindly let me have your account information as 
hereunder stated:

BANK NAME & ADDRESS
SWIFT CODE NUMBER
ACCOUNT NUMBER
ACCOUNT HOLDER'S NAME
ACCOUNT HOLDER'S ADDRESS
YOUR PERSONAL PHONE & FAX NUMBERS

On receipt of this information, I will be submiting an application for 
approval which will enpower the international department of this bank 
to transfer the money into your account.

I look forward to receiving your mail ASAP

Yours faithfully,
 
JOSEPH  CHIKA

Confidential

[joseph mobutu]

Good day,
You may be surprise to receive this email since you do not know me.
I am the son of the late president of Democratic Republic Of Zaire,
President Mobutu Sese Seko, ( now The Republic of Congo, under the
leadership of the son of Mr. Laurent Kabila). I presume you are aware there
is a financial dispute between my family ( THEMOBUTUS ) and the present
civilian Government. This is based on what they believe as bad and corrupt
governance on my late father's part. May his soul rest in perfect peace. As
you might have heard how a lot of my father's bank account in Switzerland
and North America have been frozen. Following the above named reasons, I am soliciting 
for your humble and confidential assistance to take custody of
THIRTY Million United States Dollars ( US$30,000,000.00 ), also to front for me in the 
areas of business you desire profitable.
These funds have secretly been deposited into a confidential Security
Company, where it can easily be withdrawn or paid to a recommended
beneficiary. The funds will be released to you by the Security Company,
based on my recommendations, on that note, you will be presented as my
partner who will be fronting for me and my family in any subsequent
ventures. Myself and my mother have decided to give 20% to you if you are
able to help us claim this consignment. We have also decided to give you any money 
spent on phone calls or traveling expenses in the course of this transaction at the 
end of the transaction.
Please, I need your entire support and co-operation for the success of this 
transaction, your utmost confidentiality and secrecy is highly required, due to my 
family's present predicament.
I sincerely will appreciate your willingness to assist us as soon as possible. I am 
presently in the refugee camp here in the Netherlands under the united nations refugee 
camp in Netherlands and I can be reached on phone number +31-645-238-205 or E-mail me 
at [EMAIL PROTECTED] for more information on how we can proceed in this transaction. 
Please indicate your interest by sending your telephone and fax number or call me up 
at anytime. I sincerely will appreciate your acknowledgement as soon as possible.
Warmest regards,
Joseph Mobutu Sese-Seko.  

Confidential

[joseph mobutu]

Good day,
You may be surprise to receive this email since you do not know me.
I am the son of the late president of Democratic Republic Of Zaire,
President Mobutu Sese Seko, ( now The Republic of Congo, under the
leadership of the son of Mr. Laurent Kabila). I presume you are aware there
is a financial dispute between my family ( THEMOBUTUS ) and the present
civilian Government. This is based on what they believe as bad and corrupt
governance on my late father's part. May his soul rest in perfect peace. As
you might have heard how a lot of my father's bank account in Switzerland
and North America have been frozen. Following the above named reasons, I am soliciting 
for your humble and confidential assistance to take custody of
THIRTY Million United States Dollars ( US$30,000,000.00 ), also to front for me in the 
areas of business you desire profitable.
These funds have secretly been deposited into a confidential Security
Company, where it can easily be withdrawn or paid to a recommended
beneficiary. The funds will be released to you by the Security Company,
based on my recommendations, on that note, you will be presented as my
partner who will be fronting for me and my family in any subsequent
ventures. Myself and my mother have decided to give 20% to you if you are
able to help us claim this consignment. We have also decided to give you any money 
spent on phone calls or traveling expenses in the course of this transaction at the 
end of the transaction.
Please, I need your entire support and co-operation for the success of this 
transaction, your utmost confidentiality and secrecy is highly required, due to my 
family's present predicament.
I sincerely will appreciate your willingness to assist us as soon as possible. I am 
presently in the refugee camp here in the Netherlands under the united nations refugee 
camp in Netherlands and I can be reached on phone number +31-645-238-205 or E-mail me 
at [EMAIL PROTECTED] for more information on how we can proceed in this transaction. 
Please indicate your interest by sending your telephone and fax number or call me up 
at anytime. I sincerely will appreciate your acknowledgement as soon as possible.
Warmest regards,
Joseph Mobutu Sese-Seko.  

A PRIVATE MAIL FROM JOSEPH COLEMAN.

[JOSEPH COLEMAN]

FROM:JOSEPH COLEMAN,
 ASYLUM SEEKERS CENTER,
 GROU-JIRSUM,
 NEDERLANDS.
PLEASE REPLY TO MY MOST CONFIDENTIAL E-MAIL ADDRESS:[EMAIL PROTECTED]
I am Mr Joseph Coleman the eldest son of  Chife Micheal Coleman from Sierra Leone. I 
am writing you in absolute confidence primarily to seek your assistance to transfer
our cash of Twenty five Million and five hundred thousand Dollars ($25,500.000.00) now 
in the custody of a private Security trust firm in Europe the money is in trunk boxes
deposited and declared as Precious stones by my late father as a matter of fact the 
company does not know the content as money, although my Father  made them to
understand that the boxes belongs to his foreign partner.
Source of the money:
My late Father Chief Michael Coleman is  a native of Mende tribe in the Northern 
province of Sierra Leone, was the General Manager of Sierra Leone Mining co-operation 
(S.L.M.C.)
Freetown . According to my Father  this money was the income  accrued from Mining 
Co-operation's over draft and minor sales. Before the peak of the civil war between 
the rebels
forces of Major Paul Koroma and the combined forces of ECOMOG peace keeping operation 
that almost destroyed my country, following the forceful removal from power of the 
civilian
elected President Ahmed Tejan Kabbah by the rebels. My Father had already made 
arrangement for his family to be evacuated to Ivory coast with the CERTIFICATE OF 
DEPOSIT
he made with a security firm in Europe through the aid of U.N evacuation team.
During the war in my country and following the indiscriminate looting of Public and 
Government properties by the rebel forces, the Sierra Leone mining co-operation  was 
one of the target looted
and it was destroyed. My Father including other top Government functionaries were 
attacked and killed by the rebels in November 2000 because of his relationship with 
the civilian
Government of Ahmed Tejan Kabbah.
As a result of my fathers death and with the information we got that the rebels are 
out for us the burden became too much for me to handle coupled with the ill health of 
my mother she died
in the process as I could not afford her a decent medical care. The unrest in Ivory 
Coast and the threat from the rebels against our lifes,made us to be evacuated to 
Nederland last December
where I and my family are seeking political asylum, we are at present in an asylum 
camp in a small village in Nederland(HOLLAND). Our only hope now is in you and the 
boxes deposited in the
Security Firm To this effect, humbly solicit your assistance in the followings ways.
1. to assist me claim this boxes from the security Firm as our Foreign partner
2. to transfer this money (USD$25.5 M) in your name to your country
3. to make a good arrangement for a joint business investment on our behalf in your 
country and you, our Adviser/ Manager.
For your assistance, I have decided  that 20% of the total amount will be for your 
effort and another 5 % to cover all the expenses that may incur during the business 
transaction, Last, I urge you to
keep this transaction strictly confidential as no one knows our where about. Please as 
you show your willingness, Forward to me your full name, address and Tel/ Fax numbers, 
to me via my private
email, and I will get back to you immediately with more information's and subsequently 
send you the necessary documents needed in this transaction.
Thanks.
May God bless you as you assist us.
MR JOSEPH COLEMAN  

andhan pfp

[Jillian Joseph]

They
 have no idea you are watching.

Beach
 Voyeurism, Upskirt Cams, Changing Rooms, Toilet Cams, Hiden VideosThe
 ultimate violation of privacy! Thousands of unsuspecting pics, voyeuristic videos, 1000's of hidden cams and more.
Serious spying is the nature of extreme
 exposure.
  Extreme-exposure
  - Spy on our girls in our live hidden video feeds!
  Amateur girls caught naked in their homes by our secret cams. Click here to watch them now!

n pbjre jgket fmpfjkw mgm iedyynyuby pebpatr xmfe xy
jyfsw udon
frxdd w

Assistance please

[joseph . williamvaye]

Goodday,

I am Joseph vaye,the son of late Issac Nuhan Vaye,
deputy minister of public works under President
charles taylor of Liberia.

Before the political upheaval in liberia my late
father was a good and close friend of president
charles taylor and a member of his inner caucus.But of
late when liberia crisis came up again,with the rebels
trying to oust charles taylor out of government and
liberia,president charles taylor became very
uncomfortable with some of his loyalists which my late
father happened to be one of them because he had the
believe that at the rate at which the rebel group was 
closing in on him in Monrovia(which is the seat of
power)was as a result of the leakage of some vital
security information  from his cabinet and he decided
to eliminate some of his cabinet members which my
father happened to be a victim.

It started in the name of an uncovered coup and he
ordered the arrest of some of his cabinet ministers
and the Vice President Moses Blah on the 5th of june
which my father was included and some days later we
learnt about my father's death alongside with John
Winpoe Yormie, deputy minister of national security.

My mother and i actually knew why my father was
murdered because before the political mayhem in
liberia,my late father  and President charles taylor
have maintained a good relationship and he has
assisted him in lodging funds from the sales of
diamond in different banks and security companies
which my late father also benefited from it until at
the wake of rebellious war in liberia my father was
not getting along with President Charles taylor
because of his tyranic law which created a breach in
their relationship and with the alarming rate at which
the rebels are advancing into Monrovia to unseat
President charles taylor he was no longer sure of 
some of his cabinet members and decided to eliminate
them under the disguise that they were coup plotters

Before the death of my father, at the peak of his
relationship with president charles taylor,he was able
to accumulate some funds $31,600,000.00 (US$31.6million)which he
deposited with a security company in Ghana from the
deals he did for the president.

Basically my mother and i require a trustworthy person
that can assist us to retrieve our funds from the
security company in Ghana.Life has been very unstable
for us(my mum,my youngers ones and i) and i would not
want to bore you with all we went through but for the
sake of my late fathers death. All the necessary documents for the
deposit are in my possession I am now a refugee in
neigbouring african country Ghana due to the fear of
been killed by president charles taylor and the unrest
in Liberia.

Ironically the president of Nigeria  has agreed to
grant  president charles taylor assylum in Nigeria in
order to restore peace in liberia so we are trying to
do all  we can at earnest to retrieve the funds from
the security company and leave West Africa before he
eventually comes to Nigeria.

Upon your response to this mail,i will intimate you on
how we can proceed to get the funds from the security
company.

Best regards,

Joseph
 

Confidential

[joseph mobutu]

Good day,
You may be surprise to receive this email since you do not know me.
I am the son of the late president of Democratic Republic Of Zaire,
President Mobutu Sese Seko, ( now The Republic of Congo, under the
leadership of the son of Mr. Laurent Kabila). I presume you are aware there
is a financial dispute between my family ( THEMOBUTUS ) and the present
civilian Government. This is based on what they believe as bad and corrupt
governance on my late father's part. May his soul rest in perfect peace. As
you might have heard how a lot of my father's bank account in Switzerland
and North America have been frozen. Following the above named reasons, I am soliciting 
for your humble and confidential assistance to take custody of
THIRTY Million United States Dollars ( US$30,000,000.00 ), also to front for me in the 
areas of business you desire profitable.
These funds have secretly been deposited into a confidential Security
Company, where it can easily be withdrawn or paid to a recommended
beneficiary. The funds will be released to you by the Security Company,
based on my recommendations, on that note, you will be presented as my
partner who will be fronting for me and my family in any subsequent
ventures. Myself and my mother have decided to give 20% to you if you are
able to help us claim this consignment. We have also decided to give you any money 
spent on phone calls or traveling expenses in the course of this
transaction at the end of the transaction.
Please, I need your entire support and co-operation for the success of this
transaction, your utmost confidentiality and secrecy is highly required, due 
to my family's present predicament.
I sincerely will appreciate your willingness to assist us as soon as
possible. I am presently in the refugee camp here in the Netherlands under
the united nations refugee camp in Netherlands and I can be reached on phone number 
+31-645-238-205 or E-mail me  at [EMAIL PROTECTED] for more information on how we can 
proceed in this transaction. Please indicate your interest by sending your telephone 
and fax number or call me up at
anytime. I sincerely will appreciate your acknowledgement as soon as
possible.
Warmest regards,
Joseph Mobutu Sese-Seko.  

RE: Affordable Health Insurance Finally hd mkcenona tsqtbzw

[Joseph Platt]

YERBA DIET PILLS.

Developed buy leading Doctors!
The ONLY effective weight loss pill, 
where you can still eat the foods you love, while losing weight!

See results within days, and still eat hamburgers etc, and no excersizing required!

On special today, 

look here for info!



Take me off list


blab risible

DONT PAY MORE THAN $100 FOR UR SOFTWARES ramekin liquidate parabolic

[Joseph Mi]

Chheap softtwares for you, all are original 0EMMajor titles from MICR0S0FT and AD0BE for Rock Bottom prriiceGreat Bargaain Sa1e! Variety discoount softtwares at wholesale chaeap pricing!
Microsoft Wind0ws XP PR0fessional - my priice: $50normal priice: $270.99 ; you savve $220
Microsoft 0ffice XP PR0fessional - my priice: $100normal priice: $579.99 ; you savve $480
Ad0be photosh0p 7 - my priice: $80normal priice: $609.99 ; you savve $550

28 More P0PULAR titles >> cliickk here for more titles

Wonder why our priices are unbelievably L0W?
We are currently clearing our goods at incredibily cheeap sa1e-priice in connection with the shutdown of our shop and the closure of the stockhouse. Don't mi your lucky chance to get the best priicce on discoouunt software!
We are the authorized agent and an established reseller offering OEM Licensing software.
We possesses all the necessary certificates issued to verify the authenticity of genuine OEM products and granting the right for us to resell OEM software products.
Super Cheaep MICR0S0FT, AD0BE & all kind soft hereCliickk here to enjoy our Superb Discouunnt!

Oixjgxlxum Order a Prescripti0n Refill

[joseph rashada]

garden nightshade  halfheaded hittable 


The b.est meds available

If you need X,[EMAIL PROTECTED], V@|ium, Vi~c0`din, S.oma, Paxi1 or Meridia we have it.

You can get all the me-dications you need with no hassles or problems.

O  http://h.info.wizardinfo.com/abc/biggest/


No further email pls go visit our we_bpage

A man who wanted to rest on the ground used a jar as a pillow. It was so
hard that he asked his servant to staff it with feathers to make it soft. A
pupil was talking about the recent fire in his school. "I knew it was going
to happen." he said, "Because we've been practicing for it all
year".Computer manufacturers are considering changing the instructional
words "Press Any Key" to "Press Return Key", because too many people have
been calling to ask where the "Any" key is.
Two neighbors had been fighting each other for nigh on four decades. Bob
buys a Great Dane and teaches it to use the bathroom in Bill¡®s yard. For
one whole year Bill ignores the dog. So Bob then buys a cow and teaches it
to use the bathroom in Bill¡®s yard. After about a year and a half of Bob¡®s
cow crapping in Bill¡®s yard; being ignored all the while, a semi pulls up
in front of Bill¡®s house. Bob runs over and demands to know what¡®s in the
18-wheeler. ¡®My new pet elephant,¡® Bill replies solemly.
morrena2pandana`cea07sobreca\a,jatib lejano. 

Re: A National ID: AAMVA's Unique ID

[Joseph Ashwood]

- Original Message - 
From: "John Gilmore" <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Thursday, June 17, 2004 10:31 AM
Subject: Re: A National ID: AAMVA's Unique ID


> > The solution then is obvious, don't have a big central database. Instead
use
> > a distributed database.
>
> Our favorite civil servants, the Departments of Motor Vehicles, are about
> to do exactly this to us.
>
> They call it "Unique ID" and their credo is: "One person, one license,
> one record".  They swear that it isn't national ID, because national
> ID is disfavored by the public.  But it's the same thing in
> distributed-computing clothes.

I think you misunderstood my point. My point was that it is actually
_easier_, _cheaper_, and more _secure_ to eliminate all the silos. There is
no reason for the various silos, and there is less reason to tie them
together. My entire point was to put my entire record on my card, this
allows faster look-up (O(1) time versus O(lg(n))), greater security (I
control access to my record), it's cheaper (the cards have to be bought
anyway), it's easier (I've already done most of the work on defining them),
and administration is easier (no one has to care about duplication).

> This sure smells to me like national ID.

I think they are drawing the line a bit finer than either of us would like.
They don't call it a national ID because it being a national ID means that
it would be run by the federal government, being instead run by state
governments, it is a state ID, linked nationally.

As I said in the prior one, I disagree with any efforts to create forced ID.

> This, like the MATRIX program, is the brainchild of the federal
> Department of inJustice.  But those wolves are in the sheepskins of
> state DMV administrators, who are doing the grassroots politics and
> the actual administration.  It is all coordinated in periodic meetings
> by "AAMVA", the "American Association of Motor Vehicle Administrators"
> (http://aamva.org/).  Draft bills to join the "Unique ID Compact", the
> legally binding agreement among the states to do this, are already
> being circulated in the state legislatures by the heads of state DMVs.
> The idea is to sneak them past the public, and past the state
> legislators, before there's any serious public debate on the topic.
>
> They have lots of documents about exactly what they're up to.  See
> http://aamva.org/IDSecurity/.  Unfortunately for us, the real
> documents are only available to AAMVA members; the affected public is
> not invited.
>
> Robyn Wagner and I have tried to join AAMVA numerous times, as
> "freetotravel.org".  We think that we have something to say about the
> imposition of Unique ID on an unsuspecting public.  They have rejected
> our application every time -- does this remind you of the Hollywood
> copy-prevention "standards committees"?  Here is their recent
> rejection letter:
>
>   Thank you for submitting an application for associate membership in
AAMVA.
>   Unfortunately, the application was denied again. The Board is not clear
as
>   to how FreeToTravel will further enhance AAMVA's mission and service to
our
>   membership. We will be crediting your American Express for the full
amount
>   charged.
>
>   Please feel free to contact Linda Lewis at (703) 522-4200 if you would
like
>   to discuss this further.
>
>   Dianne
>   Dianne E. Graham
>   Director, Member and Conference Services
>   AAMVA
>   4301 Wilson Boulevard, Suite 400
>   Arlington, VA 22203
>   T: (703) 522-4200 | F: (703) 908-5868
>   www.aamva.org 
>
> At the same time, they let in a bunch of vendors of "high security" ID
> cards as associate members.

Well then create a High-Security ID card company, build it on the technology
I've talked about. It's fairly simple, file the paperwork to create an LLC
with you and Robyn, the LLC acquires a website, it can be co-located at your
current office location, the website talks about my technology, how it
allows the unique and secure identification of every individual, blah, blah,
blah, get a credit card issued in the correct name. They'll almost certainly
let you in, you'll look and smell like a valid alternative (without lying
because you could certainly offer the technology), if you really want to
make it look really good I'm even willing to work with you on filing a
patent, something that they'd almost certainly appreciate.

> AAMVA, the 'guardians' of our right to travel and of our identity
> records, doesn't see how listening to citizens concerned with the
> erosion of exactly those rights and records would enhance their
> "mission and service".

Of course it won't, their "mission and service" is to offer the strongest
identity link possible in the ID cards issued nation-wide, as such the
citizen's course of action has to be to govern the states issuing these
identication papers. However, if you offer them technology to actually make
their "mission and service" cheaper, more effecti

Will this Micro-Cap's Shares Go Higher From Here?

[Savannah Joseph]

Equity Alert
Coach Industries
0TCBB:CIGI
Shares 0/S: 4/30/04: 9,785,531
Rev's 3 months Ending 3/31/04: $4,183,964
(Source: 10Q: Filed 5/18/04)

*

The Good News Just Keeps on Coming for CIGI:


Recent Press Releases: (This  is  what  helps  to build Momentum, Strength and
Trend)...


Thursday July 15, 9:19 am ET:

**COACH  INDUSTRIES  GR0UP  Acquires  $1.5  MILLI0N  Commercial Transportation
Lease Portfolio

Wednesday July 14, 9:13 am ET:

**COACH INDUSTRIES GR0UP Announces $4.5  MILLI0N  Wholesale  Lending  Facility
from Sovereign Bank

___

About COACH INDUSTRIES GR0UP, Inc. (OTCBB: CIGI)

COACH  INDUSTRIES  GR0UP,  Inc.  is a holding company focused on manufacturing
luxury limousine and  specialty  vehicles.  Its two wholly-owned subsidiaries,
Springfield Coach Industries Corporation, Inc.  ("Springfield")and  Commercial
Transportation   Manufacturing  Corporation  ("CTMC"),are  among  the  largest
limousine  manufacturing  companies  in   the  United  States.  The  Company's
wholly-owned subsidiary, Coach Financial Services, Inc., will 0FFER  an  array
of  financial  products including financing for luxury limousines and high-end
automobiles as well as other  financial  services,  such as specialty lines of
in-surance products.
(Source: News Announcement:7/14/04)

**Strongly Consider the Following:

*You  make  money in small stocks because you recognize a gem when you see one
and you had good timing.  The  rest  speaks  for  itself. Many of you know how
these stocks can move and how fast they can  do  it  when  exposed  to  enough
eager investors.

***Please  do  your  homework  on  this stock. It has a small number of shares
outstanding and all it may need  is  some  savvy investors or a mutual fund to
get wind of it or one major news  annoucement  and  LOOK  OUT!!  Please  watch
this stock

Good Luck and Succesful Trading



Information within this email contains "F0RWARD looking statements" within the
meaning of Section 27A of the Securities Act of 1933 and Section  21B  of  the
Securities  Exchange  Act  of  1934.  Any  statements  that express or involve
discussions  with  respect  to   predictions,  expectations,  beliefs,  plans,
projections, objectives, goals, assumptions or future  events  or  performance
are   not   statements   of  historical  fact  and  may  be  "forward  looking
statements."F0RWARD looking statements  are  based  on expectations, estimates
and projections at the time the statements are made that involve a  number  of
risks  and  uncertainties which could cause actual results or events to differ
materially from those  presently  anticipated.   F0RWARD looking statements in
this action may be identified through the use of  words  such  as  "projects",
"foresee",   "expects",   "will,"   "anticipates,"   "estimates,"  "believes,"
"understands" or that by statements indicating certain actions "may," "could,"
or "might" occur. As with many microcap stocks, today's company has additional
risk factors worth noting.  The  Company  has  as a going concern opinion from
its auditor,a large accumulated deficit since its  inception,nominal  cash,and
large  notes  payable  to  related  parties.   The Company will need to obtain
financing. There can  be  no  assurance  of  that  happening. The Growth Stock
Report does not represent that  the  information  contained  in  this  message
states  all  material facts or does not omit a material fact necessary to make
the statements therein  not  misleading.All  information  provided within this
email pertaining to  investing,  stocks,  securities  must  be  understood  as
information  provided  and  not  investment  advice.   The Growth Stock Report
advises  all  readers  and  subscribers  to  seek  advice  from  a  registered
professional securities  representative  before  deciding  to  trade in stocks
featured within this email. None of the material within this report  shall  be
construed  as  any  kind  of  investment  advice or solicitation.Many of these
companies are on the  verge  of  bankruptcy.  You  can  lose all your money by
investing in this stock. The publisher of The Growth Stock  Report  is  not  a
registered investment ADVIS0R.  Subscribers should not view information herein
as  legal,  tax,  accounting  or  investment  advice.  In  compliance with the
Securities Act of 1933,  Section17(b),  The  Growth Stock Report discloses the
receipt of eighteen thousand five hundred dollars from a third party,  not  an
officer,  director or affiliate shareholder of the company for the circulation
of this report.  Be aware of  an  inherent conflict of interest resulting from
such compensation due to the fact that this  is  a  paid  advertisement.   All
factual information in this report was gathered from public sources, including
but  not  limited to Company Websites, SEC filings and Company Press Releases.
The Growth Stock Report believes this  inform

internet privacy protection

[Joseph Assenza]

Hello from NY, 

I want to share a profitable ad campaign with you.  We both have much to gain.  I sell this 
program on my web sites and have a terrific response.  I use it on my own pc.
It is called Evidence Eliminator and is one of the most profitable software programs sold 
today. 

Example ads at the bottom of these pages: 

http://www.gis.net/~catb/nympersonals.html 
http://mywebpage.netscape.com/jca507/retrotv.html 

As an affiliate, you make ONE HALF of the sale price on leads generated from your sites.  In 
the second tier (as I will be) five percent
of YOUR sale.  We are talking about a product which sells for over $100. and I have kept a 
rate of about 5 sales out of 100 hits. 
Phenomenal. for a moderately expensive product.  You have some control over the 
pricing at your site which may vary depending
upon your clientelle. 

This is no cost to you, merely join and place a banner or link on your site.  Try it on your own 
pc today!

Enroll link: 
http://www.evidence-eliminator.com/associate_application.shtml?A657061+
Purchase link:
http://www.gis.net/~catb/pc_security.html

If you've received this in error, please reply and you will be removed
Joseph Assenza 
 

Re: RE: Jail Cell Cipher (modified RC4)

[Joseph Ashwood]

- Original Message -
From: "Jeremy Lennert" <[EMAIL PROTECTED]>
To: "'Neil Johnson'" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>; "'R. A. Hettinga'" <[EMAIL PROTECTED]>
Sent: Friday, February 22, 2002 10:15 PM
Subject: CDR: RE: Jail Cell Cipher (modified RC4)


> I'm not having difficulty with the implementation (the C++ code included
in
> my first message, also available at
> http://www.mindflare.com/cipher/jcrc4.cpp , already implements the cipher
> correctly).  I'm inquiring regarding the impact of the changes on the
> security of the cipher.

Unfortunately it has a rather damning effect on the cipher. First in the key
scheduling there is a distinct possibility of keys that are impossible. It
assumes that all K[i] are generators mod 37, so using a key where the offset
is 0 will result in an infinite loop in the key scheduling, this is
obviously a bad design decision. Second the distinguisher from random for
such a small RC4 state would require a relatively small known plaintext. In
fact at that size I think there are better attacks against it than the
distinguishers known for full sized RC4. I believe it would be achievable to
actually determine that complete state, although it would take more
significant amounts of work than would be applied to most inmate mail (an
encrypted message would probably be simply discarded and never delivered).

I don't think this reduced version of RC4 would be very suitable even
assuming a perfect delivery mechanism. I've actually considered a similar
question before
(http://groups.google.com/groups?hl=en&th=f0d53f0eb5d7c011&seekm=9s2akd%24qk
4%241%40nntp9.atl.mindspring.net&frame=off), I never managed to come up with
anything really suitable. I did find a solution where the inmate is given a
computer and a compiler, use RC5 to key itself (very similar to Blowfish), a
128-bit block, and 20 rounds. Should withstand pretty much any analysis work
(except "throw it in the trash" cryptanalysis). This suffers from being
difficult to calculate with a pencil and paper, and so doesn't really fit
the requirement for a jail cell cipher.

Using full RC4 is actually doable. Take a sheet (or multiple sheets) of
paper, create 3 sets of 0,...,255 numbers. on a large table in front of you
(or in a controlled grid) place the first 0...255 set in order, that's your
state array, the other two sets are for your i and j values. If a guard is
approaching and the data must be destroyed simply blow very hard and all the
numbers are scrambled. Of course you will probably be adding and subtracting
instead of performing XOR. This is obviously pain-staking, and slow, but it
will offer the same security as a computer running the RC4 algorithm.
   Joe

Re: Re: Jail Cell Cipher (modified RC4)

[Joseph Ashwood]

- Original Message -
From: "Jeremy Lennert" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, February 23, 2002 8:15 AM
Subject: CDR: Re: Jail Cell Cipher (modified RC4)


> > Unfortunately it has a rather damning effect on the cipher.
> > First in the key
> > scheduling there is a distinct possibility of keys that are
> > impossible. It
> > assumes that all K[i] are generators mod 37, so using a key
> > where the offset
> > is 0 will result in an infinite loop in the key scheduling, this is
> > obviously a bad design decision. Second the distinguisher
> > from random for
> > such a small RC4 state would require a relatively small known
> > plaintext. In
> > fact at that size I think there are better attacks against it than the
> > distinguishers known for full sized RC4. I believe it would
> > be achievable to
> > actually determine that complete state, although it would take more
> > significant amounts of work than would be applied to most
> > inmate mail (an
> > encrypted message would probably be simply discarded and
> > never delivered).
>
> The specification for the key requires all key values to be nonzero.  From
> the web site:
>
> "an array of key values K, where each value is a nonzero alphabetical
> character or its numerical equivalent"
>
> However, there was an error in the source code that allowed zeroes in the
> key.  This has been corrected.  Any zeroes in the key definition now cause
> the program to abort with an "invalid character" error message.
>
>
> Regarding the distinguisher, I don't think I understand how distinguishing
> the keystream from random amounts to an attack that will recover the
> internal state.  Could you offer further clarification on that?

In this case they are two different attacks. The first attack being the
distinguisher which will let the attacker read the plaintext, but not
necessarily find the internal state. The second an attack on the internal
state where the known small variations in the state between outputs could be
used to compute a state that is at least a full collision on the outputs.

> Incidentally, for paper-and-pencil applications, I'm assuming that the
> message length will not exceed about 100 characters.

I think that will be small enough to save the security of the system, but
I'm not sure.

> The problem with using full RC4 is not in the actual keystream generation,
> but in running the key-scheduling algorithm.  Even if we only ran the KSA
> for one round through the permutation table, estimated time is about 50
> minutes (not necessarily impractical, but making many rounds to improve
> security or repeated trials to improve accuracy very difficult) and the
> chances of performing that entire round without error for my current best
> estimations of accuracy are about 1 in 150,000.

Why not just memorize the permutation table? It's only 37 characters. Also I
don't see where a difference of an hour or two will necessarily make a
difference, the point of incarceration is that you can't go out and do
anything you want, you have to sit in your cell for 23 hours a day. So
anything that you can encrypt in 23 hours is good enough. By your estimates
that gives time for 27 KSAs (which wouldn't increase security in the
slightest, a permutation is a permutation) which I think should be more than
enough KSAs for any reasonable demands.

> For the modified RC4, accuracy still isn't great, but it is good enough
that
> careful error-checking may leave the algorithm feasible in terms of both
> time and accuracy.

It's the security of the scheme, not the usability, that I am questioning. I
think the artifacts of RC4 will be enhanced to the point where the security
is, for all practical purposes, useless. The only question remaining in my
mind is how long before those artifacts can be detected and/or made use of?
Joe

Re: Re: 1024-bit RSA keys in danger of compromise

[Joseph Ashwood]

I have done a significant amount of considering on the very questions raised
in this. This consideration has spanned approximately a month of time. These
are my basic conclusions:

Bernstein's proposal does have an impact, but I do not believ that 3x the
key size is necessary
I believe Bernstein's proposal results in the necessity of a keysize of
approximately 1.5 times what was required before
I believe that there are further similar advances available to the
algorithms involved that can push this to approximately 2x

I have reached these considerations through a very long thought process that
involved digging through old textbooks on electrical engineering, and a
fundamental assumption that people will only construct these machines when
there is a stimulus to do so. So for example it would not be reasonable for
me to construct one to break 768-bit keys because I have little interest in
the actual data, merely whether or not the data is secure. Similarly, IBM
would not likely construct one simply because it would be economically more
feasible to dedicate that money towards research. The NSA and similar
organizations is extremely likely to strongly consider building such a
machine because they have the money, and the mandate to to whatever it takes
to gain access to the data encrypted by militaries around the world. Are
these assumptions necessarily correct? In their fundamental form they are
not, Linux is proof of this (people giving their freetime to something that
they get effetively nothing out of), however since we are talking about a
very significant investment of money to make one of usable size, these
assumptions are likely to be approximately correct.

This means that according to my considerations it seems reasonable to
decommission all 512-bit keys immediately (these ahouls hyave been
decomissioned years ago, but there are still a few floating around), 768-bit
keys should be decommissioned at the earliest realizable opportunity (I
don't believe they are in immediate danger of compromise, but they are
compromisable), 1024-bit keys should now be considered moderately secure in
the immediate future and decommissioned over the next couple years, 1536-bit
keys are for reasonable purposes secure, 2048-bit keys are secure for all
but the most demanding situations, and 4096-bit keys are still effectively
invulnerable.

This of course makes some very blanket assumptions about the desirability of
breaking a specific key. If no one wants to read what's inside, you don't
even really need to encrypt it (note the difference between need and want).
It will still cost a minimum of 10^9 US dollars to break 1024-bit keys.
Considering that most businesses and many governments won't have this value
of information transferred in the next 100 years, the desire to break
1024-bit keys simply isn't there.

Also examine _who_ wants to read your data. If it's just messages back and
forth from your girlfriend/wife/mistress it's unlikely that 512-bits will be
broken. If you are protecting state secrets, obviously you need to consider
things more carefully, and 4096-bit keys may not even offer enough security.

As usual there is no one-stop solution for every situation, only more
considerations that need to be made. I welcome any comments on my
conclusions.
Joe

Re: Re: Two ideas for random number generation

[Joseph Ashwood]

- Original Message -
From: <[EMAIL PROTECTED]>
To: "Tim May" <[EMAIL PROTECTED]>; "Eugen Leitl" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Sunday, April 21, 2002 1:33 PM
Subject: CDR: Re: Two ideas for random number generation


> Why would one want to implement a PRNG in silicon, when one can
> easily implement a real RNG in silicon?

Because with a pRNG we can sometimes prove very important things, while with
a RNG we can prove very little (we can't even prove that entropy actually
exists, let alone that we can collect it).

> And if one is implementing a PRNG in software, it is trivial to
> have lots of internal state (asymptotically approaching one-time
> pad properties).

The problem is not having that much internal state, but what do you do with
it? Currently the best options on that front involve using block ciphers in
various modes, but this has a rather small state, but again we can quite
often prove things about the construct.
Joe

Re: Re: Two ideas for random number generation

[Joseph Ashwood]

- Original Message -
From: "Eugen Leitl" <[EMAIL PROTECTED]>

> On Mon, 22 Apr 2002, Tim May wrote:
>
> > What real-life examples can you name where Gbit rates of random digits
> > are actually needed?
>
> Multimedia streams, routers. If I want to secure a near-future 10 GBit
> Ethernet stream with a symmetric cypher for the duration of a few years
> (periodic rekeying from a RNG might help?) I need both lots of internal
> state (the PRNG can't help leaking information about its state in the
> cypher stream, though the rate of leakage is the function of smarts of the
> attacker) and a high data rate.

Actually that's not necessarily the case. Let's use your example of a
Multimedia stream server that is filling a 10GBit/s connection. Right now
the current minimum seems to be 56kbit/s. So that means that if every
available connection is taken in the same second, the server would only need
a rate of 2.2 million bits/sec from it's RNG to build a 128-bit key for
each. A good design for this though has the client doing most of the random
number choosing, where the only purpose of the server random number is to
prevent the client of biasing the result, so 128-bits is more than
sufficient. So 2.2 Mbit/sec seems to be the peak for that. Finding
situations where a decent design will yield a need for an RNG to run about 1
Gbit/sec is extremely difficult. With poor designs it's actually rather
easy, take a RNG that is poor enough (or a situation where that is a basic
assumption) that it has to be distilled to 1 billionth it's size, obviously
to support that multimedia stream server would require 2.2 million Gigabits
per second (approximately).

> > In any case, if someone wants Gbits per second of random numbers,
> > it'll cost 'em, as it should. Not something I think we need to worry
> > much about.
>
> Maybe, but it's neat trying to see how the constraints of 2d and 3d layout
> of cells, signal TOF and fanout issues influence PRNG design if lots of
> state bits and a high data rate are involved. It is not very useful right
> now, agreed.

I think it would be a good process to go through to develop a design for
one, or at least a basic outline for how it could be done, but the basic
idea that comes to mind looks a lot like /dev/random, but run in parallel
collecting from several sources including a custom hardware pool similar to
the Intel RNG.
Joe

Re: Re: Two ideas for random number generation: Q for Eugene

[Joseph Ashwood]

- Original Message -
From: "gfgs pedo" <[EMAIL PROTECTED]>

> > > Oh surely you can do better than that - making it
> > hard to guess the seed
> > > is also clearly a desirable property (and one that
> > the square root "rng"
> > > does not have).
> U can choose any arbitrary seed(greater than 100 bits
> as he (i forgot who) mentioned earlier.Then subject it
> to the Rabin-Miller test.
> Since the seed value is a very large number,it would
> be impossible to determine the actual value.The
> chances the intruder  find the correct seed or the
> prime number hence generated is practically verly low.

You act like the only possible way to figure it out is to guess the initial
seed. The truth is that the number used leaves a substantial amount of
residue in it's square root, and there are various rules that can be applied
to square roots as well. Since with high likelihood you will have a lot of
small factors but few large ones, it's a reasonable beginning to simply
store the roots of the first many primes, this gives you a strong network to
work from when looking for those leftover signatures. With decent likelihood
the first 2^32 primes would be sufficient for this when you choose 100 bit
numbers, and this attack will be much faster than brute force. So while you
have defeated brute force (no surprise there, brute force is easy to defeat)
you haven't developed a strong enough generation sequence to really get much
of anywhere.

> > Of course, finding the square root of a 100 digit
> > number to a
> > precision of hundreds of decimal places is a lot of
> > computational
> > effort for no good reason.
> Yes the effort is going to be large but why no good
> reason?

Because it's a broken pRNG, that is extremely expensive to run. If you want
a fast pRNG you look to ciphers in CTR mode, or stream ciphers, if you want
one that's provably good you go to BBS (which is probably faster than your
algorithm anyway). So there's no good reason to implement such an algorithm.

> > BTW, the original poster seemed to be under the
> > delusion that
> > a number had to be prime in order for its square to
> > be irrational,
> > but every integer that is not a perfect square has
> > an irrational
> > square root (if A and B are mutually prime, A^2/B^2
> > can't be
> > simplified).
>
> Nope ,I'm under no such delusion :)

Just the delusion that your algorithm was good.
Joe

Re: punkly current events

[Joseph Ashwood]

- Original Message - 
From: "Major Variola (ret)" <[EMAIL PROTECTED]>
Subject: punkly current events


If the Klan doesn't have
a right to wear pillowcases what makes you think mixmaster will
survive?
Well besides the misinterprettaion of the ruling, which I will ignore, what 
makes you think MixMaster isn't already dead?

MixMaster is only being used by a small percentage of individuals. Those 
individuals like to claim that everyone should send everything anonymously, 
when in truth communication cannot happen with anonymity, and trust cannot 
be built anonymously. This leaves MixMaster as only being useful for a small 
percentage of normal people, and those using it to prevent being identified 
as they communicate with other known individuals.

The result of this is rather the opposite of what MixMaster is supposed to 
create. A small group to investigate for any actions which are illegal, or 
deemed worth investigating. In fact it is arguable that for a new face in 
action it is probably easier to get away with the actions in question to 
send the information in the clear to their compatriots than it is to use 
MixMaster, simply because being a part of the group using MixMaster 
immediately flags them, as potential problems.

In short, except for those few people who have some use for MixMaster, 
MixMaster was stillborn. I'm not arguing whether such a situation should be 
the correct way things happened, but that is the way things happened.
   Joe 

Re: Mixmaster is dead, long live wardriving

[Joseph Ashwood]

- Original Message - 
From: "Major Variola (ret)" <[EMAIL PROTECTED]>
Subject: Mixmaster is dead, long live wardriving


At 07:47 PM 12/9/04 -0800, Joseph Ashwood wrote:
If the Klan doesn't have
a right to wear pillowcases what makes you think mixmaster will
survive?
Well besides the misinterprettaion of the ruling, which I will ignore,
what
makes you think MixMaster isn't already dead?
OK, substitute "wardriving email injection when wardriving is otherwise
legal" for Mixmastering, albeit the former is less secure since the
injection lat/long is known.  And you need to use a disposable
Wifi card or at least one with a mutable MAC.
Wardriving is also basically dead. Sure there are a handful of people that 
do it, but the number is so small as to be irrelevant. Checking the logs for 
my network (which does run WEP so the number of attacks may be reduced from 
unprotected) in the last 2 years someone (other than those authorized) has 
attempted to connect about 1000 times, of those only 4 made repeated 
attempts, 2 succeeded and hit the outside of the IPSec server (I run WEP as 
a courtesy to the rest of the connection attempts). That means that in the 
last 2 years there have been at most 4 attempts at wardriving my network, 
and I live in a population dense part of San Jose. Wardriving can also be 
declared dead. Glancing at the wireless networks visible from my computer I 
currently see 6, all using at least WEP (earlier there were 7, still all 
encrypted). I regularly drive down through Los Angeles, when I have stopped 
for gas or food and checked I rarely see an unprotected network. The WEP 
message has gotten out, and the higher security versions are getting the 
message out as well. Now all it will take is a small court ruling that 
whatever comes out of your network you are responsible for, and the 
available wardriving targets will quickly drop to almost 0.

Wardriving is either dead or dying.
Or consider a Napster-level popular app which includes mixing or
onion routing.
Now we're back to the MixMaster argument. Mixmaster was meant to be a 
"Napster-level popular app" for emailing, but people just don't care about 
anonymity. Such an app would need to have a seperate primary purpose. The 
problem with this is that, as we've seen with Freenet, the extra security 
layering can actually undermine the usability, leading to a functional 
collapse. If a proper medium can be struck then such an application can 
become popular, I don't expect this to happen any time soon.
   Joe 

spot

[Bud Joseph]

Dear Client:

Your profile has returned 4 new local matches for you to choose from for 
potential encounters within the next two weeks. 

#0209 'Tessa' 36c 120lbs - "I'm your typical desperate housewife..."
#0908 'Katherine' 32b 105lbs - "...looking for a little something on the side 
:-)"
#1054 'Suzie' 38d 145lbs - "my husband is away often during the week..." 
#1263 'Shannon' 36b 130lbs - "afternoons & weekends work for me..."

http://s-e-x-club.com/ora/enter.php

Season's Greetings from the most exclusive private local meeting place online.

Re: Dell to Add Security Chip to PCs

[Joseph Ashwood]

- Original Message - 
From: "Shawn K. Quinn" <[EMAIL PROTECTED]>
Subject: Re: Dell to Add Security Chip to PCs


Isn't it possible to emulate the TCPA chip in software, using one's own
RSA key, and thus signing whatever you damn well please with it instead
of whatever the chip wants to sign? So in reality, as far as remote
attestation goes, it's only as secure as the software driver used to
talk to the TCPA chip, right?
That issue has been dealt with. They do this by initializing the chip at the 
production plant, and generating the certs there, thus the process of making 
your software TCPA work actually involves faking out the production facility 
for some chips. This prevents the re-init that I think I saw mentioned a few 
messages ago (unless there's some re-signing process within the chip to 
allow back-registering, entirely possible, but unlikely). It even gets worse 
from there because the TCPA chip actually verifies the operating system on 
load, and then the OS verifies the drivers, solid chain of verification. 
Honestly Kaminsky has the correct idea about how to get into the chip and 
break the security, one small unchecked buffer and all the security 
disappears forever.
   Joe

Trust Laboratories
Changing Software Development
http://www.trustlaboratories.com 

Re: SHA1 broken?

[Joseph Ashwood]

- Original Message - 
From: "James A. Donald" <[EMAIL PROTECTED]>
Subject: Re: SHA1 broken?


2^69 is damn near unbreakable.
I believe you are incorrect in this statement. It is a matter of public 
record that RSA Security's DES Challenge II was broken in 72 hours by 
$250,000 worth of semi-custom machine, for the sake of solidity let's assume 
they used 2^55 work to break it. Now moving to a completely custom design, 
bumping up the cost to $500,000, and moving forward 7 years, delivers ~2^70 
work in 72 hours (give or take a couple orders of magnitude). This puts the 
2^69 work well within the realm of realizable breaks, assuming your 
attackers are smallish businesses, and if your attackers are large 
businesses with substantial resources the break can be assumed in minutes if 
not seconds.

2^69 is completely breakable.
   Joe 

Re: SHA1 broken?

[Joseph Ashwood]

- Original Message - 
From: "Dave Howe" <[EMAIL PROTECTED]>
Sent: Thursday, February 17, 2005 2:49 AM
Subject: Re: SHA1 broken?


Joseph Ashwood wrote:
 > I believe you are incorrect in this statement. It is a matter of public
record that RSA Security's DES Challenge II was broken in 72 hours by 
$250,000 worth of semi-custom machine, for the sake of solidity let's 
assume they used 2^55 work to break it. Now moving to a completely custom 
design, bumping up the cost to $500,000, and moving forward 7 years, 
delivers ~2^70 work in 72 hours (give or take a couple orders of 
magnitude). This puts the 2^69 work well within the realm of realizable 
breaks, assuming your attackers are smallish businesses, and if your 
attackers are large businesses with substantial resources the break can 
be assumed in minutes if not seconds.

2^69 is completely breakable.
   Joe
  Its fine assuming that moore's law will hold forever, but without that 
you can't really extrapolate a future tech curve. with *todays* 
technology, you would have to spend an appreciable fraction of the 
national budget to get a one-per-year "break", not that anything that has 
been hashed with sha-1 can be considered breakable (but that would allow 
you to (for example) forge a digital signature given an example)
  This of course assumes that the "break" doesn't match the criteria from 
the previous breaks by the same team - ie, that you *can* create a 
collision, but you have little or no control over the plaintext for the 
colliding elements - there is no way to know as the paper hasn't been 
published yet.
I believe you substantially misunderstood my statements, 2^69 work is doable 
_now_. 2^55 work was performed in 72 hours in 1998, scaling forward the 7 
years to the present (and hence through known data) leads to a situation 
where the 2^69 work is achievable today in a reasonable timeframe (3 days), 
assuming reasonable quantities of available money ($500,000US). There is no 
guessing about what the future holds for this, the 2^69 work is NOW.


- Original Message - 
From: "Trei, Peter" <[EMAIL PROTECTED]>
To: "Dave Howe" <[EMAIL PROTECTED]>; "Cypherpunks" 
<[EMAIL PROTECTED]>; "Cryptography" 


Actually, the final challenge was solved in 23 hours, about
1/3 Deep Crack, and 2/3 Distributed.net. They were lucky, finding
the key after only 24% of the keyspace had been searched.
More recently, RC5-64 was solved about a year ago. It took
d.net 4 *years*.
2^69 remains non-trivial.
What you're missing in this is that Deep Crack was already a year old at the 
time it was used for this, I was assuming that the most recent technologies 
would be used, so the 1998 point for Deep Crack was the critical point. Also 
if you check the real statistics for RC5-64 you will find that 
Distributed.net suffered from a major lack of optimization on the workhorse 
of the DES cracking effort (DEC Alpha processor) even to the point where 
running the X86 code in emulation was faster than the native code. Since an 
Alpha Processor had been the breaking force for DES Challenge I and a factor 
of > 1/3  for III this crippled the performance resulting in the Alphas 
running at only ~2% of their optimal speed, and the x86 systems were running 
at only about 50%. Based on just this 2^64 should have taken only 1.5 years. 
Additionally add in that virtually the entire Alpha community pulled out 
because we had better things to do with our processors (e.g. IIRC the same 
systems rendered Titanic) and Distributed.net was effectively sucked dry of 
workhorse systems, so a timeframe of 4-6 months is more likely, without any 
custom hardware and rather sad software optimization. Assuming that the new 
attacks can be pipelined (the biggest problem with the RC5-64 optimizations 
was pipeline breaking) it is entirely possible to use modern technology 
along with GaAs substrate to generate chips in the 10-20 GHz range, or about 
10x the speed available to Distributed.net. Add targetted hardware to the 
mix, deep pipelining, and massively multiprocessors and my numbers still 
hold, give or take a few orders of magnitude (the 8% of III done by Deep 
Crack in 23 hours is only a little over 2 orders of magnitude off, so within 
acceptable bounds).

2^69 is achievable, it may not be pretty, and it certainly isn't kind to the 
security of the vast majority of "secure" infrastructure, but it is 
achievable and while the cost bounds may have to be shifted, that is 
achievable as well.

It is still my view that everyone needs to keep a close eye on their hashes, 
make sure the numbers add up correctly, it is simply my view now that SHA-1 
needs to be put out to pasture, and the rest of the SHA line needs to be 
heavily reconsidered because of their close relation to SHA-1.

The biggest unknown surrounding this i

Re: SHA1 broken?

[Joseph Ashwood]

- Original Message - 
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Sent: Friday, February 18, 2005 3:11 AM

[the attack is reasonable]
Reading through the summary I found a bit of information that means my 
estimates of workload have to be re-evaluated. Page 1 "Based on our 
estimation, we expect that real collisions of SHA1 reduced to 70-steps can 
be found using todays supercomputers." This is a very important statement 
for estimating the real workload, assuming there is an implicit "in one 
year" in there, and assuming BlueGene (Top 500 list slot 1) this represents 
22937.6 GHz*years, or slightly over 2^69 clock cycles, I am obviously still 
using gigahertz because information gives us nothing better to work from. 
This clearly indicates that the operations used for the workload span 
multiple processor clocks, and performing a gross estimation based on pure 
guesswork I'm guessing that my numbers are actually off by a factor of 
between 50 and 500, this factor will likely work cleanly in either adjusting 
the timeframe or production cost.

My suggestion though to make a switch away from SHA-1 as soon as reasonable, 
and to prepare to switch hashes very quickly in the future remains the same, 
the march of processor progress is not going to halt, and the advance of 
cryptographic attacks will not halt which will inevitably squeeze SHA-1 to 
broken. I would actually argue that the 2^80 strength it should have is 
enough to begin its retirement, 2^80 has been "strong enough" for a decade 
in spite of the march of technology. Under the processor speed enhancements 
that have happened over the last decade we should have increased the 
keylength already to accomodate for dual core chips running at 20 times the 
speed for a total of 40 times the prior speed (I was going to use Spec data 
for a better calculation but I couldn'd immediately find specs for a Pentium 
Pro 200) by adding at least 5 bits preferrably 8 to our necessary protection 
profile.
   Joe 

Re: SHA1 broken?

[Joseph Ashwood]

- Original Message - 
From: "Dave Howe" <[EMAIL PROTECTED]>
Subject: Re: SHA1 broken?


  Indeed so. however, the argument "in 1998, a FPGA machine broke a DES 
key in 72 hours, therefore TODAY..." assumes that (a) the problems are 
comparable, and (b) that moores law has been applied to FPGAs as well as 
CPUs.
That is only misreading my statements and missing a very large portion where 
I specifically stated that the new machine would need to be custom instead 
of semi-custom. The proposed system was not based on FPGAs, instead it would 
need to be based on ASICs engineered using modern technology, much more 
along the lines of a DSP. The primary gains available are actually from the 
larger wafers in use now, along with the transistor shrinkage. Combined 
these have approximately kept the cost in line with Moore's law, and the 
benefits of custom engineering account for the rest. So for exact details 
about how I did the calculations I assumed Moore's law for speed, and an 
additional 4x improvement from custom chips instead of of the shelf. In 
order to verify the calculations I also redid them assuming DSPs which 
should be capable of processing the data (specifically from TI), I came to a 
cost within a couple orders of magnitude although the power consumption 
would be substantially higher.
   Joe 

Re: /. [Dissidents Seeking Anonymous Web Solutions?]

[Joseph Holsten]

I told him to how to find his answers and to try finding us. Let's
hope he's actually motivated.

-- 
Joseph Anthony Pasquale Holsten
5813 E 64 PL TULSA OK 74136
[EMAIL PROTECTED]
857-891-7585

Eugen: oops

pain relief now in stock

[Joseph Lopez]

We now have the pain relief medication you need.

Everything customers have requested is now in stock including:
codeine, darvocet, lortab, norco, valium, vicodin, and xanax

http://oggb.cloudsarefluffy.com/bam/?man=circx










colosseum at opponent or even songful as in republic.
Joseph was at spoon when that happened anthropomorphic.

Re: [EMAIL PROTECTED]: Skype security evaluation]

[Joseph Ashwood]

- Original Message - 
Subject: [Tom Berson Skype Security Evaluation]


Tom Berson's conclusion is incorrect. One needs only to take a look at the
publicly available information. I couldn't find an immediate reference
directly from the Skype website, but it uses 1024-bit RSA keys, the coverage
of breaking of 1024-bit RSA has been substantial. The end, the security is 
flawed. Of course I told them this now years ago, when I told them that 
1024-bit RSA should be retired in favor of larger keys, and several other 
people as well told them.

   Joe

VAYE

[JOSEPH VAYE]

Dear Friend,
I am Joseph vaye,the son of late Isaac Nuhan Vaye, deputy minister of public works 
under former President charles taylor of Liberia.

Before the political upheaval in liberia my late father was a good and close friend of 
 former president charles taylor and a member of his inner caucus.But only recently 
when liberia crisis came up again,with the rebels trying to oust charles taylor out of 
Government and liberia,president charles taylor then became very uncomfortable with 
some of his loyalists which my late father happened to be one of them because he had 
the believe that at the rate at which the rebels group were closing in on him in 
Monrovia(which is the seat of power)was as a result of the leakage of some vital 
security information from his cabinet and he decided to eliminate some of his cabinet 
members which my father happened to be a victim.

It started in the name of an uncovered coup and he ordered the arrest of some of his 
cabinet ministers and the Vice President then Mr. Moses Blah(who is the current 
president) on the 5th of june which my father was included and some days later we 
learnt about my father's death alongside with John Winpoe Yormie, deputy minister of 
national security.

My mother and i actually knew why my father was murdered because before the political 
mayhem in liberia,my late father and President charles taylor have maintained a good 
relationship and he has assisted him in lodging funds from the sales of diamond in 
different banks and security companies which my late father also benefited from.At the 
wake of rebellious war in liberia my father was not getting along with former 
President Charles taylor because of his tyranic law which created a breach in their 
relationship and with the alarming rate at which the rebels were advancing into 
Monrovia then to unseat President charles taylor he was no longer sure of some of his 
cabinet members and decided to eliminate them under the disguise that they were coup 
plotters

Before the death of my father, at the peak of his relationship with president charles 
taylor,he was able to accumulate some funds ($6,2million)which he deposited with a 
security company in Europe from the deals he did for the president.

Basically my mother and i require a trustworthy person that can assist us to retrieve 
our funds from the security company in Europe.Life has been very unstable for us(my 
mum,my siblings and i) and i would not want to bore you with all we went through.I 
will like you to click on the site below to read more on my fathers death. 

http://abcnews.go.com/wire/World/ap20030715_1531.html

All the necessary documents for the deposit are in my possession.We are now refugees 
in neigbouring African country Nigeria .We fled Liberia shortly after my fathers death.

Ironically the president of Nigeria granted former president charles taylor assylum 
here in Nigeria in order to restore peace in liberia.Though he is in a different state 
from where we are here in Nigeria,we still do not feel safe as i think that if he 
finds out we are here,he might try to eliminate us as he is close to the ruling 
Government here.I am hoping that  as soon as we get someone who can  assist us 
retrieve our consignment in the security company in Europe,we would make arrangements 
to leave this country for good. 
Upon your response to this mail,i will intimate you on how we can proceed to get the 
funds from the security company.

Best regards,
Joseph Vaye

vaye

[joseph vaye]

 Dear Friend,

 I am Joseph vaye,the son of late Issac Nuhan Vaye, deputy minister of public works 
under President charles taylor of Liberia.

Before the political upheaval in liberia my late father was a good and close friend of 
president charles taylor and a member of his inner caucus.But of late when liberia 
crisis came up again,with the rebels trying to oust charles taylor out of government 
and liberia,president charles taylor became very uncomfortable with some of his 
loyalists which my late father happened to be one of them because he had the believe 
that at the rate at which the rebel group was closing in on him in Monrovia(which is 
the seat of power)was as a result of the leakage of some vital security information 
from his cabinet and he decided to eliminate some of his cabinet members which my 
father happened to be a victim.

It started in the name of an uncovered coup and he ordered the arrest of some of his 
cabinet ministers and the Vice President Moses Blah on the 5th of june which my father 
was included and some days later we learnt about my father's death alongside with John 
Winpoe Yormie, deputy minister of national security.

My mother and i actually knew why my father was murdered because before the political 
mayhem in liberia,my late father and President charles taylor have maintained a good 
relationship and he has assisted him in lodging funds from the sales of diamond in 
different banks and security companies which my late father also benefited from it 
until at the wake of rebellious war in liberia my father was not getting along with 
President Charles taylor because of his tyranic law which created a breach in their 
relationship and with the alarming rate at which the rebels are advancing into 
Monrovia to unseat President charles taylor he was no longer sure of some of his 
cabinet members and decided to eliminate them under the disguise that they were coup 
plotters

Before the death of my father, at the peak of his relationship with president charles 
taylor,he was able to accumulate some funds ($6,200million)which he deposited with a 
security company in europe from the deals he did for the president.

Basically my mother and i require a trustworthy person that can assist us to retrieve 
our funds from the security company in Europe.Life has been very unstable for us(my 
mum,my youngers ones and i) and i would not want to bore you with all we went through 
but for the sake of my late fathers death,i will want you click on this site. 
http://abcnews.go.com/wire/World/ap20030715_1531.html

All the necessary documents for the deposit are in my possession.We are now refugees 
in neigbouring african country Nigeria due to the fear of been killed by president 
charles taylor and the unrest in Liberia.

Ironically the president of Nigeria has agreed to grant president charles taylor 
assylum in Nigeria in order to restore peace in liberia so we are trying to do all we 
can at earnest to retrieve the funds from the security company and leave Nigeria 
before he eventually comes to Nigeria.

Upon your response to this mail,i will intimate you on how we can proceed to get the 
funds from the security company.

Best regards,

Joseph Vaye

Online Drugstore - Wholesale Prices eppwx fusxqeamz z

[Joseph Dubois]

Weight Loss Prescriptions
NO Prior Prescription is needed
Phentermine, Adipex, Soma, Fioricet, Ultram,
Celebrex, Viagra, Valtrex, Zyban, and many, many others.
Meds for: Weight Loss, Pain Relief, Muscle Pain Relief, Women's Health, Men's
Health, Impotence, Allergy Relief, Heartburn Relief, Migraine Relief & MORE!
Upon Approval, Our US Licensed Doctors will
Prescribe Your Medication For Free
And Have the Medication Shipped Overnight To Your Door.
Lowest Prices
Click to see More!









No thanks, please take me off your list
dvojcvfh s sbgovxnkvtw b
 quc lzwp
sxuthbywbtz

MUTUAL BENEFIT

[JOSEPH SISOLO]

TEL: 0027-835-710-230

I AM JOSEPH LEBO, A FREEBORN INDIGENE OF CAPE TOWN SOUTH AFRICA AND AN ADMINISTATIVE 
EMPLOYEE OF THE SOUTH AFRICAN DEPARTMENT OF MINING AND NATURAL RESOURCES HERE IN SOUTH 
AFRICA AND AS PART OF OUR RETAINER-SHIP / MANAGEMENT ADVANCEMENT PROGRAMME CURRENTLY 
PARTICIPATING IN A SEMINAR.

I AM WRITING THIS LETTER TO SOLICIT YOUR CO-OPERATION IN ORDER TO REDEEM AN INVESTMENT 
INTEREST CURRENTLY BEING HELD UNDER TRUST WITH THE SOUTH AFRICAN DEPARTMENT OF MINING 
AND NATURAL RESOURCES. THE SAID INVESTMENT NOW VALUED AT US$9,750,000.00 MILLION WAS 
ORIGINALLY PURCHASED BY MR. ABRAM P. GLESSNER AND LEASED TO FREE STATE INVESTMENT 
CORPORATION IN 1990.
SINCE THE MATURITY OF THIS CONTRACT IN SEPTEMBER 1995, SEVERAL ATTEMPTS HAVE BEEN MADE 
WITH OUT SUCCESS TO CONTACT MR. ABRAM P. GLESSNER OR ANY OF HIS CLOSE RELATIVES IN 
WHOSE FAVOR THE INVESTMENT CASH VALUE CAN BE PAID. MY PARTNER WHO IS THE ACCOUNTS 
DIRECTOR AT THE DEPARTMENT OF MINING AND TWO OF OUR COLLEAGUES HAVE INITIATED THE 
PROCESS OF FILLING A CLAIM FOR THIS MONEY, WITH THE HOPE OF HAVING THE FUNDS 
TRANSFERRED ABROAD. WE REQUEST THAT YOU LET MY PARTNERS FILE A CLAIM FOR THIS MONEY 
FROM THE SOUTH AFRICAN DEPARTMENT OF MINING AND NATURAL RESOURCES INDICATING THAT YOU 
WERE APPOINTED BY MR. ABRAM GLESSNER TO BE THE BENEFICIARY OF THIS OUTSTANDING FUND. 
WHEN THE CLAIM IS APPROVED, YOU AS THE BENEFICIARY WOULD BE PAID THE SUM OF 
US$9,750,000,00 NINE MILLION SEVEN HUNDRED AND FIFTY (UNITED STATES DOLLARS).
SINCE THE MONEY WILL BE PAID DIRECTLY TO ANY BANK OF YOUR CHOICE, YOU HAVE A LIABILITY 
TO ENSURE THAT MY PARTNERS AND I RECEIVE 70% OF THE TOTAL SUM WHILE YOU KEEP 20% FOR 
YOUR ASSISTANCE AND CO-OPERATION. THE REMAINING 10% HAVE BEEN AGREED TO BE KEPT ASIDE 
TO DEFRAY ALL EXPENSES THAT MIGHT BE INCURRED BY BOTH PARTIES IN THE COURSE OF 
CONCLUDING THIS TRANSACTION. PLEASE WE URGE YOU TO KEEP THIS MATTER VERY PRIVATE 
BECAUSE WE ARE STILL IN ACTIVE PUBLIC SERVICE IN SOUTH AFRICA. A LARGE PORTION OF OUR 
PART OF THE FUNDS IS GOING INTO THE BUILDING FUND FOR THE NEW MULTI NATIONAL HOSPITAL 
IN CAPETOWN.

I WANT TO ASSURE YOU THAT MY PARTNERS ARE IN A POSITION TO MAKE THE PAYMENT OF THIS 
CLAIM POSSIBLE PROVIDED YOU CAN GIVE US VERY STRONG GUARANTEE THAT OUR SHARE WILL BE 
WELL SECURED AND THAT YOU WILL NOT TAKE ADVANTAGE OF OUR POSITION SINCE THE MONEY WILL 
BE TRANSFERRED DIRECTLY TO A BANK ACCOUNT THAT YOU NOMINATE.

BE ASSURED THAT THERE IS ABSOLUTELY NOTHING TO WORRY ABOUT IN VIEW OF THIS CLAIM. IT 
IS PERFECTLY SAFE WITH NO RISK INVOLVED AND IT IS NOT SUBJECT TO ANY ENQUIRY SINCE MY 
PARTNERS WILL BE HANDLING THE CLAIM DIRECTLY IN SOUTH AFRICA ON YOUR BEHALF.

I DO HOPE MY PROPOSAL IS ACCEPTABLE TO YOU. IF NOT PLEASE ENDEAVOR TO MAKE THIS KNOWN 
TO US AS THIS WOULD HELP US SCOUT FOR ANOTHER PARTNER IN THIS OUR MUTUAL QUEST. PLEASE 
ACKNOWLEDGE THE RECEIPT OF THIS LETTER, SO THAT I CAN PROVIDE YOU WITH MORE 
CLARIFICATION ABOUT THE CLAIM AND HOW WE INTEND TO MAKE THIS TRANSACTION BENEFICIAL TO 
EVERYONE PLEASE REACH ME AT THE TELEPHONE NUMBER AND EMAIL ABOVE. I PRAY THE GODS 
SHOWER ON YOU THE WISDOM TO SEE THIS PROJECT IN THE LIGHT OF OUR MUTUAL BENEFIT AND 
AFFORD US THE GOOD OF YOUR
ASSISTANCE.

 I AWAIT YOUR SWIFT CALL AND RESPONSE.

BEST REGARDS,

JOSEPH LEBO.

  

home

[Stewart Joseph]

gg

Re: Re: Secure voice app: FEATURE REQUEST: RECORD IPs

[Joseph Ashwood]

- Original Message -
From: "Harmon Seaver" <[EMAIL PROTECTED]>
> On Mon, Jan 27, 2003 at 08:23:15AM -0800, Major Variola (ret) wrote:
> > The versions of all the secure phones I've evaluated needed this
> > feature:
> > a minimal answering machine.  With just the ability to record IPs of
> > hosts that
> > tried to call.
> >
> > (A local table can map these to your friends or their faces.
> > Of course, this table should be encrypted when not in use.)
>
>Pretty hard to do if people are using dialup. Or even dsl, unless they
run a
> linux box they don't ever reboot -- although I've found my dsl ip changing
> sometimes on it's own, and with no rhyme or reason. Cable is a little more
> stable, when I had a cable modem it didn't change ip unless I shut off the
modem
> for awhile, and not even always then.

The obvious solution is then to take it one step further, rebuild the
protocol so that there is a cryptographic identifier (probably a public key,
hopefully for ECC to save space). In a fully developed system that
identifier could also be used to make the call in the first place.
Admittedly this is unlikely to happen for quite some time, but if people
start asking for it, they'll start considering it.
Joe

Trust Laboratories
http://www.trustlaboratories.com

Re: Re: Shuttle Diplomacy

[Joseph Ashwood]

- Original Message -
From: "Thomas Shaddack" <[EMAIL PROTECTED]>
To: "Harmon Seaver" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Saturday, February 01, 2003 4:42 PM
Subject: CDR: Re: Shuttle Diplomacy


[snip conspiracy theory]
> Especially in this case, I'd bet my shoes on Murphy; Columbia was an old
> lady that had her problems even before the launch itself. I'd bet on
> something stupid, like loosened tiles or computer malfunction (though more
> likely the tiles, as the computers are backed up). Remember Challenger,
> where the fault was a stupid O-ring.

One of the current theories floating around has to do with a piece of debris
that flew off the booster rocket during take-off and collided with the left
wing (where the problems began). The video of the take-off was reviewed in
great detail and it was determined that it was innocent, considering the
proximity of the problems and the debris there appears to be at least
something worth investigating.
Joe

Trust Laboratories
http://www.trustlaboratories.com

Re: RE: Lucky's 1024-bit post [was: RE: objectivity and factoring analysis]

[Joseph Ashwood]

- Original Message -
From: "Morlock Elloi" <[EMAIL PROTECTED]>

> Most hardware solutions that I'm aware of support 1024-bit modular
arithmetic.
> I don't know how easy or hard it is to do 2048-bit ops with 1024-bit
> primitives, or is there any 2048-bit HW around.

For encryption, you're out of luck, just the overhead is sending the data
over the relatively slow link to the device is longer than it takes a 486 to
do the 2048-bit encryption (or signature verification). For
decryption/signing the matter is entirely different. Assuming that p and q
are known on decryption, it's a fairly simple matter to use the Chinese
Remainder Theorem along with the 1024-bit mod-exponentiators, to get the
correct answer. The problem is that some of those same decryption/signing
engines already use this trick and so they really only support 512-bit ops,
in which case you're in the same boat as the encryption.

The good part of all this is that many companies are now expanding their
line to offer 2048-bit capable machines, so it shouldn't be long before
everyone can finally retire their 1024-bit keys, and maintain speed.
Joe

Re: (P)RNG's and k-distribution

[Joseph Ashwood]

- Original Message -
From: "Jim Choate" <[EMAIL PROTECTED]>

> For a RNG to -be- a RNG it -must- be infinity-distributed. This means that
> there are -no- string repititions -ever-.

Ummm, wrong. That would imply that in a binary stream, once 0 has been used
it can never be used again. This of course means that the next must be 1
(which has no entropy, but that is besides the point). Following this, there
can be no stream. The requirement for a perfect RNG is that given data
points [0,n-1] and [n+1, infinite] it is impossible to determine the point n
with any skew in the probability (in binary it simplifies to "with
probability higher than 1/2").

Note that this does not mean that the data point n cannot be the same as
some other point m, simply that m happened (will happen) and the exact time
(place) of it' happening doesn't help determine the value at n.

For an RNG, the only requirement be that it generates numbers that resemble
random in some way, it is the super-class of true RNG, pseudo RNG, perfect
RNG, and pretty much any other RNG you can think of.

> If this can't be guaranteed then
> the algorithm can be a PRNG (there are other conditionals).

Wrong again. The requirement for a pseudo RNG is that it has an algorithm
(very often a key as well) that generates the sequence. There are
exceptions, /dev/random is a pseudo RNG, even though it breaks this rule.

> A PRNG -by
> definition- can -not- rule out repititions of some
> very_large-distribution. Hence, -all- PRNG's must assume - even in
> principle- some very_large-distribution sequence.

Actually I think that's true.

> So, the statement "My PRNG has no modulus" is incorrect even in principle.

That depends, as I pointed out earlier /dev/random is a pseudo RNG, given a
system in use the internal state is ever changing (assuming the use is at
least slightly entropic), /dev/random has perturbations in it's state that
make it non-repeating, yes it does have a certain quantity of state, but
that state continually has an additional mix of entropy into it.

> It's worth pointing out that the test of 'randomness' are -all'
> statistical. They all have a margin of error. There is the a priori
> recognition of 'window' effect.

Only the tests on the stream, tests on the device itself can be state-less,
eliminating the window effect. It has been proven that one cannot test
randomness of the output stream, leaving only the possibility of testing the
randomness that the device itself is creating (or harvesting).
Joe

Re: RE: Two ideas for random number generation

[Joseph Ashwood]

- Original Message -
From: "Bill Stewart" <[EMAIL PROTECTED]>

> I've been thinking about a somewhat different but related problem lately,
> which is encrypted disk drives.  You could encrypt each block of the disk
> with a block cypher using the same key (presumably in CBC or some similar
> mode),
> but that just feels weak.

Why does it feel weak? CBC is provably as secure as the block cipher (when
used properly), and a disk drive is really no different from many others. Of
course you have to perform various gyrations to synchronise everything
correctly, but it's doable.

> So you need some kind of generator of
> pretty-random-looking keys so that each block of the disk gets a different
key,
> or at the very least a different IV for each block of the disk,
> so in some sense that's a PRNG.  (You definitely need a different key for
each
> block if you're using RC4, but that's only usable for Write-Once media,
> i.e. boring.)
> Obviously you need repeatability, so you can't use a real random number
> generator.

Well it's not all the complicated. That that same key, and encrypt the disk
block number, or address or anything else. This becomes completely redoable
(or if you're willing to sacrifice a small portion of each block you can
even explicitly stor ethe IV.

> I've been thinking that Counter Mode AES sounds good, since it's easy
> to find the key for a specific block.   Would it be good enough just to
use
>  Hash( (Hash(Key, block# ))
> or some similar function instead of a more conventional crypto function?

Not really you'd have to change the key every time you write to disk, not
exactly a good idea, it makes key distribution a nightmare, stick with CBC
for disk encryption.
Joe

Re: disk encryption modes (Re: RE: Two ideas for random number generation)

[Joseph Ashwood]

- Original Message -
From: "Adam Back" <[EMAIL PROTECTED]>

> On Fri, Apr 26, 2002 at 11:48:11AM -0700, Joseph Ashwood wrote:
> > From: "Bill Stewart" <[EMAIL PROTECTED]>
> > > I've been thinking about a somewhat different but related problem
lately,
> > > which is encrypted disk drives.  You could encrypt each block of the
disk
> > > with a block cypher using the same key (presumably in CBC or some
similar
> > > mode), but that just feels weak.
> >
> > Why does it feel weak? CBC is provably as secure as the block cipher
(when
> > used properly), and a disk drive is really no different from many
others. Of
> > course you have to perform various gyrations to synchronise everything
> > correctly, but it's doable.
>
> The weakness is not catastrophic, but depending on your threat model
> the attacker may see the ciphertexts from multiple versions of the
> plaintext in the edit, save cycle.

That could be a problem, you pointed out more information in your other
message, but obviously this would have to be dealt with somehow. I was goign
to suggest that maybe it would be better to encrypt at the file level, but
this can very often leak more information, and depending on how you do it,
will leak directory stucture. There has to be a better solution.

> > Well it's not all the complicated. That same key, and encrypt the disk
> > block number, or address or anything else.
>
> Performance is often at a premium in disk driver software --
> everything moving to-and-from the disk goes through these drivers.
>
> Encrypt could be slow, encrypt for IV is probably overkill.  IV
> doesn't have to be unique, just different, or relatively random
> depending on the mode.
>
> The performance hit for computing IV depends on the driver type.
>
> Where the driver is encrypting disk block at a time, then say 512KB
> divided (standard smallest disk block size) into AES block sized
> chunks 16 bytes each is 32 encrypts per IV geenration.  So if IV
> generation is done with a block encrypt itself that'll slow the system
> down by 3.125% right there.
>
> If the driver is higher level using file-system APIs etc it may have
> to encrypt 1 cipher block size at a time each with a different IV, use
> encrypt to derive IVs in this scenario, and it'll be a 100% slowdown
> (encryption will take twice as long).

That is a good point, of course we could just use the old standby solution,
throw hardware at it. The hardware encrypts at disk (or even disk cache)
speed on the drive, eliminating all issues of this type. Not a particularly
cost-effective solution in many cases, but a reasonable option for others.

> > This becomes completely redoable (or if you're willing to sacrifice
> > a small portion of each block you can even explicitly stor ethe IV.
>
> That's typically not practical, not possible, or anyway very
> undesirable for performance (two disk hits instead of one),
> reliability (write one without the other and you lose data).

Actually I was referring to changing the data portion of the block from
{data}
to
{IV, data}

placing all the IVs at the head of every read. This of course will sacrifice
k bits of the data space for little reason.

> > > I've been thinking that Counter Mode AES sounds good, since it's easy
> > > to find the key for a specific block.   Would it be good enough just
to
> > use
> > >  Hash( (Hash(Key, block# ))
> > > or some similar function instead of a more conventional crypto
function?
> >
> > Not really you'd have to change the key every time you write to
> > disk, not exactly a good idea, it makes key distribution a
> > nightmare, stick with CBC for disk encryption.
>
> CBC isn't ideal as described above.  Output feedback modes like OFB
> and CTR are even worse as you can't reuse the IV or the attacker who
> is able to see previous disk image gets XOR of two plaintext versions.
>
> You could encrypt twice (CBC in each direction or something), but that
> will again slow you down by a factor of 2.
>
> Note in the file system level scenario an additional problem is file
> system journaling, and on-the-fly disk defragmentation -- this can
> result in the file system intentionally leaving copies of previous or
> the same plaintexts encrypted with the same key and logical position
> within a file.

Yeah the defragmentation would have to be smart, it can't simply copy the
dick block (with the disk block based IV) to a new location. This problem
disappears in the {IV, data} block type, but that has other problems that
are at least as substantial.

> So it's "easy" if performance is not an issue.

Re: Re: disk encryption modes (Re: RE: Two ideas for random number generation)

[Joseph Ashwood]

- Original Message -
From: "Adam Back" <[EMAIL PROTECTED]>

> Joseph Ashwood wrote:
> > Actually I was referring to changing the data portion of the block
> > from {data} to {IV, data}
>
> Yes I gathered, but this what I was referring to when I said not
> possible.  The OSes have 512Kbytes ingrained into them.  I think you'd
> have a hard time changing it.  If you _could_ change that magic
> number, that'd be a big win and make the security easy: just pick a
> new CPRNG generated IV everytime you encrypt a block.  (CPRNG based on
> SHA1 or RC4 is pretty fast, or less cryptographic could be
> sufficient depending on threat model).

>From what I've seen of a few OSs there really isn't that much binding to 512
Kbytes in the OS per se, but the file system depends on it completely.
Regardless the logic place IMO to change this is at the disk level, if the
drive manufacturers can be convinced to produce drives that offer 512K+16
byte sectors. Once that initial break happens, all the OSs will play catchup
to support the drive, that will break the hardwiring and give us our extra
space. Of course convincing the hardware vendors to do this without a
substantial hardware reason will be extremely difficult. On our side though
is that I know that hard disks store more than just the data, they also
store a checksum, and some sector reassignment information (SCSI drives are
especially good at this, IDE does it under the hood if at all), I'm sure
there's other information, if this could be expanded by 16 bytes, that'd
supply the necessary room. Again convincing the vendors to supply this would
be a difficult task, and would require the addition of functionality to the
hard drive to either decrypt on the fly, or hand the key over to the driver.

> > Yeah the defragmentation would have to be smart, it can't simply copy
the
> > di[s]k block (with the disk block based IV) to a new location.
>
> Well with the sector level encryption, the encryption is below the
> defragmentation so file chunks get decrypted and re-encrypted as
> they're defragmented.
>
> With the file system level stuff the offset is likley logical (file
> offset etc) rather than absolute so you don't mind if the physical
> address changes.  (eg. loopback in a file, or file system APIs on
> windows).

That's true, I was thinking more as something that will for now run in
software and in the future gets pushed down to the hardware and we can use a
smartcard/USBKey/whatever comes out next to feed it the key. A
meta-filesystem would be useful as a short term measure, but it still keeps
all the keys in system memory where programs can access them, if we can
maintain the option of moving it to hardware later on, I think that would be
a better solution (although also a harder one).

I feel like I'm missing something that'll be obvious once I've found it.
Hmm, maybe there is a halfway decent solution (although not at all along the
same lines). For some reason I was just remembering SAN networks, it's a
fairly known problem to design and build secure file system protocols
(although they don't get used much). So it might actually be a simpler
concept to build a storage area network using whatever extra hardened OSs we
need, with only the BIOS being available without a smartcard, put the smart
card in, the smartcard itself decrypts/encrypts sector keys (or maybe some
larger grouping), the SAN host decrypts the rest. Pull out the smartcard,
the host can detect that, flush all caches and shut itself off. This has
some of the same problems, but at least we're not going to have to design a
hard drive, and since it's a remote file system I believe most OSs assume
very little about sector sizes. Of course as far as I'm concerned this
should still be just a stopgap measure until we can move that entire SAN
host inside the client computer.

Now for the biggest question, how do we get Joe Public to actually use this
correctly (take the smart card with them, or even not choose weak
passwords)?
Joe

Re: RE: Re: disk encryption modes (Re: RE: Two ideas for random number generation)

[Joseph Ashwood]

Title: RE: Re: disk encryption modes (Re: RE: Two ideas for random number generation)



 

  - Original Message - 
  From: 
  [EMAIL PROTECTED] 
  To: [EMAIL PROTECTED] 
  
  Sent: Saturday, April 27, 2002 12:11 
  PM
  Subject: CDR: RE: Re: disk encryption 
  modes (Re: RE: Two ideas for random number generation)
  
  Instead of adding 16 bytes to the size of each sector for 
  sector IV's how about having a separate file (which could be stored on a 
  compact flash card, CDRW or other portable media) that contains the IV's for 
  each disk sector? 
Not a very good solution.

   
  You could effectively wipe the encrypted disk merely by wiping 
  the IV file, which would be much faster than securely erasing the entire disk. 
  
   
Actually that wouldn't work, at least not in CBC mode 
(which is certainly my, and seems to be generally favored for disk encryption). 
In CBC mode, not having the IV (setting the IV to 0) only destroys the first 
block, after that everything decrypts normally, so the only wiped portion of the 
sector is the first block.

   
  If the IV file was not available, decryption would be 
  impossible even if the main encryption key was rubberhosed it otherwise 
  leaked. This could be a very desirable feature for the tinfoil-hat-LINUX 
  crowd--as long as you have posession if the compact flash card with the IV 
  file, an attacker with your laptop isn't going to get far cracking your 
  encryption, especially if you have the driver constructed to use a dummy IV 
  file on the laptop somewhere after X number of failed passphrase entries to 
  provide plausible deniability for the existence of the compact flash 
  card.
   
And then the attacker would just get all of your file 
except the first block (assuming the decryption key is found).

   
  To keep the IV file size reasonable, you might want to encrypt 
  logical blocks (1K-8K, depending on disk size, OS, and file system used, vs 
  512 bytes) instead of individual sectors, especially if the file system thinks 
  in terms of blocks instead of sectors. I don't see the value of encrypting 
  below the granularity of what the OS is ever going to write to 
disk.
 
That is a possibility, and actually I'm sure it's 
occurred to the hard drive manufacturers that the next time they do a full 
overhaul of the wire protocol they should enable larger blocks (if they haven't 
already, like I said before, I'm not a hard drive person). This would serve them 
very well as they would have to store less information increasing the disk size 
producible per cost (even if not by much every penny counts when you sell a 
billion devices). Regardless this could be useful for the disk encryption, but 
assuming worst case won't lose us anything in the long run, and should enable 
the best case to be done more easily, so for the sake of simplicity, and 
satisfying the worst case, I'll keep on calling them sectors until there's a 
reason not to.
        
                
        Joe

Re: Re: disk encryption modes

[Joseph Ashwood]

- Original Message -
From: "Morlock Elloi" <[EMAIL PROTECTED]>
> > There's no need to go to great lengths to find a place to store the IV.
>
> Wouldn't it be much simpler (having in mind the low cost of storage), to
simply
> append several random bits to the plaintext before ECB encrypton and
discard
> them upon decryption ?
>
> For, say, 128-bit block cipher and 16-bit padding (112-bit plaintext and
16-bit
> random fill) the storage requirement is increased 14% but each block is
> completely independent, no IV is used at all, and as far as I can see all
> pitfails of ECB are done away with.

The bigger problem is that you're cutting drive performance by 14%,
considering that people notice a matter of < 10%, people are going to
complain, and economically this will be a flop. A drive setup like this
would be worse than useless, it would give the impression that encryption
must come at the cost of speed. Designing this into a current system would
set the goal of encryption everywhere back.

> Probability of the same plaintext encrypting to the same cyphertext is 1
in
> 65536.

Which is no where near useful. 1 in 65536 is trivial in cryptographic terms,
especially when compared to 1 in approx
340. Additionally you'll be sacrificing
_more_ of the sector to what amount to IV, and in exchange you'll be
decreasing security. If instead in that 512KB block you take up 128 bits,
you'll only lose about 0.02% performance and we were already trying to avoid
that (although for other reasons).
Joe

Re: Re: disk encryption modes

[Joseph Ashwood]

- Original Message -
From: "Morlock Elloi" <[EMAIL PROTECTED]>

> Collision means same plaintext to the same ciphertext.

Actually all it means in this case is the same ciphertext, since the key is
the same it of course carries back to the plaintext, but that is irrelevant
at this point. The ciritical fact is that the ciphertexts are the same.

> The collision happens on
> the cypher block basis, not on disk block basis.

The only one that matters is the beginning of the disk block, since that is
what was being detected.

> This has nothing to do with practical security.

It has everything to do with practical security. This collision of headers
leaks information, that leak is what I highlighted.

> You imply more than *hundred thousand* of identical-header word *docs* on
the
> same disk and then that identifying several of these as potential word
docs is
> a serious leak.

What I said was that given a significant number of documents with identical
headers (I selected Word documents because business men generally have a lot
of them), it will be possible to detect a reasonable percentage of them
fairly easily. I never implied, much less stated that there would be 100,000
of these, I stated that there is somewhere on the order of 100,000
possibilities for collision (80,000 is close enough, even 50,000 can
sometimes be considered to be on the same order).

The ability to identify that document X and document Y are word documents
may in fact be a serious leak under some circumstances, including where the
data path has been tracked. To steal an example from the current news, if HP
and Compaq had trusted the cryptography, and their messages (but not the
contents) had been traced, and linked, there would have been a substantial
prior knowledge of the something big happening, this would have meant an
opportunity for someone to perform insider trading without any evidence of
it. This encryption mode poses a significant, real security threat in
realistic situations.
Joe

[no subject]

[JOSEPH EDWARD]

STRICTLY CONFIDENTIAL & URGENT.

I am Mr, Joseph Edward a native of Cape Town in
South Africa and I am an Executive Accountant with
the
South Africa MINISTRY OF MINERAL RESOURCES AND ENERGY 
First and foremost, I apologized using this medium to
reach you for a transaction/business of this
magnitude, but this is due to
Confidentiality and prompt access reposed on this
medium. 

I have decided to seek a confidential
co-operation with you in the execution of the deal
described Hereunder for the benefit of all parties
and
hope you will keep it as a top secret because of the
nature of this transaction.

Within the Department of Mining & Natural Resources
where I work as an Executive Accountant and with the
cooperation of four other top officials, we have in
our possession as overdue payment bills totaling
Twenty - One Million, Five Hundred Thousand U. S.
Dollars ($21,500,000.) which we want to transfer
abroad with the assistance and cooperation of a
foreign company/individual to receive the said fund
on
our behalf or a reliable foreign non-company account
to receive such funds. More so, we are handicapped in
the circumstances, as the South Africa Civil Service
Code of Conduct does not allow us to operate offshore
account hence your importance in the whole
transaction.
This amount $21.5m represents the balance of the
total
contract value executed on behalf of my Department by
a foreign contracting firm, which we the officials
over-invoiced deliberately. Though the actual
contract
cost have been paid to the original contractor,
leaving the balance in the Tune of the said amount
which we have in principles gotten approval to remit
by Key tested Telegraphic Transfer (K.T.T) to any
foreign bank account you will provide by filing in an
application through the Justice Ministry here in
South Africa for the transfer of rights and privileges of
the former contractor to you.

I have the authority of my partners involved to
propose that should you be willing to assist us in
the
transaction, your share of the sum will be 25% of the
$21.5 million, 70% for us and 5% for taxation and
miscellaneous expenses. The business itself is 100%
safe, on your part provided you treat it with utmost
secrecy and confidentiality. Also your area of
specialization is not a hindrance to the successful
execution of this transaction. I have reposed my
confidence in you and hope that you will not
disappoint me. Endeavor to contact me immediately my
e-mail address whether or not you are
interested in this deal. If you are not, it will enable me scout
for another foreign partner to carry out this deal I want
to assure you that my partners and myself are in a
position to make the payment of this claim possible
provided you can give us a very strong Assurance and
guarantee that our share will be secured and please
remember to treat this matter as very confidential
matter, because we will not comprehend with any form
of exposure as we are still in active Government
Service and remember once again that time is of the
essence in this business.
I wait in anticipation of your fullest co-operation.

Yours faithfully,
JOSEPH EDWARD

Re: How can i check the authenticity of a private key

[Joseph Ashwood]

- Original Message -
From: "surinder pal singh makkar" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, May 31, 2002 5:30 AM
Subject: CDR: How can i check the authenticity of a private key


> Hi List,
>
> I am a newbie in cryptography. What I have learnt till
> now is that in assymeric cryptography scenario we have
> a private key and we generate the public key
> corresponding to it and then we send it to the central
> agency.
> Suppose after sometime I have a private key and the
> public key. Is there some software tool which can tell
> me whether the public key is the same corresponding to
> the private key I am having. Also is there some tool
> which can tell me whether the keys have been curropted
> or not

Sure, and it's fairly easy too. Choose some random data, encrypt with the
public key, decrypt with the private key, if the data isn't corrupted, then
they match. Of course this isn't a perfect way of telling, but with any
given potential key pair it's steep odds. If you want to really be sure,
pass it through a few times.
Joe

Re: RE: FC: Hollywood wants to plug "analog hole," regulate A-D

[Joseph Ashwood]

Everything I'm about to say should be taken purely as an analytical
discussion of possible solutions in light of the possibilities for the
future. For various reasons I discourage performing the analyzed alterations
to any electronic device, it will damage certain parts of the functionality
of the device, and may cause varying amounts of physical, psychological,
monetary and legal damages to a wide variety of things.

There seems to be a rather siginficant point that is being missed by a large
portion of this conversation.

The MPAA has not asked that all ADCs be forced to comply, only that those in
a position to be used for video/audio be controlled by a cop-chip. While the
initial concept for this is certainly to bloat the ADC to include the
watermark detection on chip, there are alternatives, and at least one that
is much simpler to create, as well as more benficial for most involved
(although not for the MPAA). Since I'm writing this in text I cannot supply
a wonderful diagram, but I will attempt anyway. The idea looks somewhat like
this:

analog source -->ADC-->CopGate->digital

Where the ADC is the same ADC that many of us have seen in undergrad
electrical engineering, or any suitable replacement. The CopGate is the new
part, and will not be normally as much of a commodity as the ADC. The
purpose of the CopGate is to search for watermarks, and if found, disable
the bus that the information is flowing across, this bus disabling is again
something that is commonly seen in undergrad EE courses, the complexity is
in the watermark detection itself.

The simplest design for the copgate looks somewhat like this (again bad
diagram):

in|---buffergatesout
CopChip-|

Where the buffer gates are simply standard buffer gates.

This overall design is beneficial for the manufacturer because the ADC does
not require redesign, and may already include the buffergates. In the event
that the buffer needs to be offchip the gate design is well understood and
commodity parts are already available that are suitable. For the consumer
there are two advantages to this design; 1) the device will be cheaper, 2)
the CopChip can be disabled easily. In fact disabling the CopChip can be
done by simply removing the chip itself, and tying the output bit to either
PWR or GND. As an added bonus for manufacturing this leaves only a very
small deviation in the production lines for inside and outside the US. This
seems to be a reasonable way to design to fit the requirements, without
allowing for software disablement (since it is purely hardware).
Joe

Re: FC: Hollywood wants to plug "analog hole," regulate A-D

[Joseph Ashwood]

- Original Message -
From: "Neil Johnson" <[EMAIL PROTECTED]>
To: "Joseph Ashwood" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Friday, May 31, 2002 6:59 PM
Subject: Re: FC: Hollywood wants to plug "analog hole," regulate A-D


> On Sunday 02 June 2002 08:24 pm, Joseph Ashwood wrote:
> >>
> > The MPAA has not asked that all ADCs be forced to comply, only that
those
> > in a position to be used for video/audio be controlled by a cop-chip.
While
> > the initial concept for this is certainly to bloat the ADC to include
the
> > watermark detection on chip, there are alternatives, and at least one
that
> > is much simpler to create, as well as more benficial for most involved
> > (although not for the MPAA). Since I'm writing this in text I cannot
supply
> > a wonderful diagram, but I will attempt anyway. The idea looks somewhat
> > like this:
> >
> > analog source -->ADC-->CopGate->digital
> >
> > Where the ADC is the same ADC that many of us have seen in undergrad
> > electrical engineering, or any suitable replacement. The CopGate is the
new
> > part, and will not be normally as much of a commodity as the ADC. The
> > purpose of the CopGate is to search for watermarks, and if found,
disable
> > the bus that the information is flowing across, this bus disabling is
again
> > something that is commonly seen in undergrad EE courses, the complexity
is
> > in the watermark detection itself.
> >
> > The simplest design for the copgate looks somewhat like this (again bad
> > diagram):
> >
> > in|---buffergatesout
> > CopChip-|
> >
> > Where the buffer gates are simply standard buffer gates.
> >
> > This overall design is beneficial for the manufacturer because the ADC
does
> > not require redesign, and may already include the buffergates. In the
event
> > that the buffer needs to be offchip the gate design is well understood
and
> > commodity parts are already available that are suitable. For the
consumer
> > there are two advantages to this design; 1) the device will be cheaper,
2)
> > the CopChip can be disabled easily. In fact disabling the CopChip can be
> > done by simply removing the chip itself, and tying the output bit to
either
> > PWR or GND. As an added bonus for manufacturing this leaves only a very
> > small deviation in the production lines for inside and outside the US.
This
> > seems to be a reasonable way to design to fit the requirements, without
> > allowing for software disablement (since it is purely hardware).
> > Joe
>
>
> Bz! Wrong Answer !
>
> How do you prevent some  hacker/pirate (digital rights freedom fighter)
from
> disabling the "CopGate" (by either removing the CopChip, finding a way to
> bypass it, or figure out how to make it think it's in, "Government Snoop"
> mode ) ?

To quote myself "the CopChip can be disabled easily," last paragraph
sentence begins with "For the consumer . . . " as has been pointed out by
numerous people, there is no solution to this. With a minimal amount of
electrical engineering knowledge it is possible for individuals to easily
construct a new ADC anyway.

>
> Then the watermark can be removed.

Which can and should be done after conversion.

> Remember it only requires ONE high-quality non-watermarked analog to
digital
> copy to make it on the net and it's all over.

You seem to be of the mistaken opinion that I believe this to be a good
thing, when the design I presented was designed to minimize cost, of design,
manufacture, and removal. I am of the fundamental opinion that this is not a
legal problem, this is a problem of the MPAA and anyone else that requires a
law like this to remain profitable is advertising incorrectly. The Hollywood
studios have already found the basic solution, sell advertising space
_within_ the program. In fact some movies are almost completely subsidized
by the ad space within the movie. By moving to that model for primary
revenue it is easy to accept that a massive number of copies will be made
since that improves the value of the ad space in your next movie/episode. Of
course I'm not involved with any studio so they don't ask my opinion.
Joe

Re: CDR: RE: Degrees of Freedom vs. Hollywood Control Freaks

[Joseph Ashwood]

- Original Message -
From: <[EMAIL PROTECTED]>
Subject: Re: CDR: RE: Degrees of Freedom vs. Hollywood Control Freaks


> Ok, somebody correct me if I'm wrong here, but didn't they officially
cease
> production of vinyl pressings several years ago?  As in *all* vinyl
> pressings???

They stopped selling them to the general public, but you only have to stop
by a DJ record shop (as opposed to the consumer shops) to see a wide
selection of vinyl albums. DJs prefer vinyl primarily because it allows beat
matching by hand, scratching, etc. The only disadvantage I know of for vinyl
is that it degrades as it is played, for a DJ this isn't much of a problem
since tracks have a lifespan that's measured in days or weeks the vinyl
becomes useless after a few weeks, which is how long it lasts at good
quality.
Joe

Re: Harry Potter released unprotected

[Joseph Ashwood]

- Original Message -
From: "Steve Schear" <[EMAIL PROTECTED]>

> >Harry Potter released unprotected

> So, is this just a test or has at least one industry giant decided, as the
> software industry learned long ago, that the cost of copy protection often
> exceeds its value.

I believe it's a test. The studio has determined that Harry Potter has
already made a (sizable) profit, so using it for an experiment is
acceptable. By testing on a big budget target they can now determine if
copy-protection costs exceed value.

> Time to short Macrovision (MVSN, NASDAQ NM)?  In the past year the stock
> has dropped from about $72 to about $14.  I wonder if their $1.00 drop in
> price on today's opening reflects this news?

I don't think so, not yet at least. This looks like just a pilot program.
Watch the normal piracy channels though, if Harry Potter shows up stronger
than other releases Macrovision will be around a while. But if Harry Potter
isn't substantially hit by piracy, then you might want to start shorting
Macrovision, they'll start losing customers.
Joe

Re: Re: maximize best case, worst case, or average case? (TCPA

[Joseph Ashwood]

- Original Message -
From: "Ryan Lackey" <[EMAIL PROTECTED]>

> I consider DRM systems (even the not-secure, not-mandated versions)
> evil due to the high likelyhood they will be used as technical
> building blocks upon which to deploy mandated, draconian DRM systems.

The same argument can be applied to just about any tool.

A knife has a high likelihood of being used in such a manner that it causes
physical damage to an individual (e.g. you cut yourself while slicing your
dinner) at some point in its useful lifetime. Do we declare knives evil?

A hammer has a high likelihood of at some point in its useful life causing
physical damage to both an individual and property. Do we declare hammers
evil?

DRM is a tool. Tools can be used for good, and tools can be used for evil,
but that does not make a tool inherently good or evil. DRM has a place where
it is a suitable tool, but one should not declare a tool evil simply because
an individual or group uses the tool for purposes that have been declared
evil.
Joe

Re: Closed source more secure than open source

[Joseph Ashwood]

- Original Message -
From: "Anonymous" <[EMAIL PROTECTED]>

> Ross Anderson's paper at
> http://www.ftp.cl.cam.ac.uk/ftp/users/rja14/toulouse.pdf
> has been mostly discussed for what it says about the TCPA.  But the
> first part of the paper is equally interesting.

Ross Andseron's approximate statements:
Closed Source:
> "the system's failure rate has just
> dropped by a factor of L, just as we would expect."

Open Source:
bugs remain equally easy to find.

Anonymous's Statements:
>For most programs, source code will be of
> no benefit to external testers, because they don't know how to program.

> Therefore the rate at which (external) testers find bugs does not vary
> by a factor of L between the open and closed source methodologies,
> as assumed in the model.  In fact the rates will be approximately equal.

> The result is that once a product has gone into beta testing and then into
> field installations, the rate of finding bugs by authorized testers will
> be low, decreased by a factor of L, regardless of open or closed source.

I disagree, actually I agree and disagree with both, due in part to the
magnitudes involved. It is certainly true that once Beta testing (or some
semblance of it) begins there will be users that cannot make use of source
code, but what Anonymous fails to realize is that there will be beta testers
that can make use of the source code.

Additionally there are certain tendencies in the open and closed source
communities that Anonymous and Anderson have not addressed in their models.
The most important tendencies are that in closed source beta testing is
generally handed off to a separate division and the original author does
little if any testing, and in open source the authors have a much stronger
connection with the testing, with the authors' duty extending through the
entire testing cycle. These tendencies lead to two very different positions
than generally realized.

First, closed source testing, beginning in the late Alpha testing stage, is
generally done without any assistance from source code, by _anyone_, this
significantly hampers the testing. This has led to observed situations where
QA engineers sign off on products that don't even function, let alone have
close to 0 bugs. With the software engineers believing that because the code
was signed off, it must be bug-free. This is a rather substantial problem.
To address this problem one must actually correct the number of testers for
the ones that are effectively doing nothing. So while L is the extra
difficulty in finding bugs without source code, it is magnified by something
approximating (testers)/(testers not doing anything). It's worth noting that
(testers) > (testers not doing anything) causing the result K =
L*(testers)/(testers not doing anything), to tend towards infinite values.

In open source we have very much the opposite situation. The authors are
involved in all stages of testing, giving another value. This value is used
to adjust L as before, but the quantities involved are substantially
different. It must be observed, as was done by Anonymous, that there are
testers that have no concept what source code is, and certainly no idea how
to read it, call these harassers. In addition though there are also testers
who read source code, and even the authors themselves are doing testing,
call these coders. So in this case K = L*(harassers)/(harassers+coders).
Where it's worth noting that K will now tend towards 0.

It is also very much the case that different projects have different
quantities of testers. In fact as the number of beta testers grows, the
MTBD(iscovery) of a bug must not increase, and will almost certainly
decrease. In this case each project must be treated separately, since
obviously WindowsXP will have more people testing it (thanks to bug
reporting features) than QFighter3
(http://sourceforge.net/projects/qfighter3/ the lest active development on
sourceforge). This certainly leads to problems in comparison. It is also
worth noting that it is likely that actual difficulty in locating bugs is
probably related to the maximum of (K/testers) and the (testers root of K).
Meaning that WindowsXP is likely to have a higher ratio of bugs uncovered in
a given time period T than QFighter3. However due to the complexity of the
comparisons, QFighter3 is likely to have fewer bugs than WindowsXP, simply
because WindowsXP is several orders of magnitude more complex.

So while the belief that source code makes bug hunting easier on everyone,
is certainly not purely the case (Anonymous's observation), it is also not
the case that the tasks are equivalent (Anonymous's claim), with the
multiplier in closed source approaching infinite, and open source towards 0.
Additionally the quantity of testers appears to have more of an impact on
bug-finding than the discussion of open or closed source. However as always
complexity plays an enormous role in the number of bugs available to find,
anybody with a few days pr

Re: Re: Challenge to TCPA/Palladium detractors

[Joseph Ashwood]

- Original Message -
From: "Eugen Leitl" <[EMAIL PROTECTED]>
> Can anyone shed some light on this?

Because of the sophistication of modern processors there are too many
variables too be optimized easily, and doing so can be extremely costly.
Because of this diversity, many compilers use semi-random exploration.
Because of this random exploration the compiler will typically compile the
same code into a different executable. With small programs it is likely to
find the same end-point, because of the simplicity. The larger the program
the more points for optimization, so for something as large as say PGP you
are unlikely to find the same point twice, however the performance is likely
to be eerily similar.

There are bound to be exceptions, and sometimes the randomness in the
exploration appears non-existent, but I've been told that some versions the
DEC GEM
compiler used semi-randomness a surprising amount because it was a very fast
way to narrow down to an approximate best (hence the extremely fast
compilation and execution). It is likely that MS VC uses such techniques.
Oddly extremely high level languages don't have as many issues, each command
spans so many instructions that a pretuned set of command instructions will
often provide very close to optimal performance.

I've been told that gcc does not apparently use randomness to any
significant degree, but I admit I have not examined the source code to
confirm or deny this.
Joe

Re: Seth on TCPA at Defcon/Usenix

[Joseph Ashwood]

- Original Message -
From: "AARG! Anonymous" <[EMAIL PROTECTED]>
[brief description of Document Revocation List]

>Seth's scheme doesn't rely on TCPA/Palladium.

Actually it does, in order to make it valuable. Without a hardware assist,
the attack works like this:
Hack your software (which is in many ways almost trivial) to reveal it's
private key.
Watch the protocol.
Decrypt protocol
Grab decryption key
use decryption key
problem solved

With hardware assist, trusted software, and a trusted execution environment
it (doesn't) work like this:
Hack you software.
DOH! the software won't run
revert back to the stored software.
Hack the hardware (extremely difficult).
Virtualize the hardware at a second layer, using the grabbed private key
Hack the software
Watch the protocol.
Decrypt protocol
Grab decryption key
use decryption key
Once the file is released the server revokes all trust in your client,
effectively removing all files from your computer that you have not
decrypted yet
problem solved? only for valuable files

Of course if you could find some way to disguise which source was hacked,
things change.

Now about the claim that MS Word would not have this "feature." It almost
certainly would. The reason being that business customers are of particular
interest to MS, since they supply a large portion of the money for Word (and
everything else). Businesses would want to be able to configure their
network in such a way that critical business information couldn't be leaked
to the outside world. Of course this removes the advertising path of
conveniently leaking carefully constructed documents to the world, but for
many companies that is a trivial loss.
Joe

Digital Certificates

[Joseph Ashwood]

I was just wondering if anyone has a digital certificate issuing system I
could get a few certificates issued from. Trust is not an issue since these
are development-only certs, and won't be used for anything except testing
purposes.

The development is for an open source PKCS #11 test suite.
Joe

Trust Laboratories
http://www.trustlaboratories.com

Re: Re: Digital Certificates

[Joseph Ashwood]

- Original Message -
From: "Eric Murray" <[EMAIL PROTECTED]>
Subject: CDR: Re: Digital Certificates


> On Tue, Feb 18, 2003 at 01:22:21PM -0800, Joseph Ashwood wrote:
> > I was just wondering if anyone has a digital certificate issuing system
I
> > could get a few certificates issued from. Trust is not an issue since
these
> > are development-only certs, and won't be used for anything except
testing
> > purposes.
>
> Whenever I need some test certs I use openssl to generate them.
> (Or an ingrian box, but not many people have one of those.)
> There's instructions in the openssl docs.  For test purposes
> you don't need openca, its only needed if you want to
> issue a lot of certs automagically.

Thank you for the input. I think I've got that working well enough to do it.

>
> > The development is for an open source PKCS #11 test suite.
>
> Let me know when its done, I could use it.

The next hurdle I have to overcome is getting a reference PKCS #11 module,
although this shouldn't take too long if I can ever get the Gnu PKCS #11 to
compile.

I'll make sure I tell you when it's done.
Joe

Is TCPA broken?

[Joseph Ashwood]

- Original Message -
From: "Mike Rosing" <[EMAIL PROTECTED]>
> Are you now admitting TCPA is broken?

I freely admit that I haven't made it completely through the TCPA
specification. However it seems to be, at least in effect although not
exactly, a motherboard bound smartcard.

Because it is bound to the motherboard (instead of the user) it can be used
for various things, but at the heart it is a smartcard. Also because it
supports the storage and use of a number of private RSA keys (no other type
supported) it provides some interesting possibilities.

Because of this I believe that there is a core that is fundamentally not
broken. It is the extensions to this concept that pose potential breakage.
In fact looking at Page 151 of the TCPA 1.1b spec it clearly states (typos
are mine) "the OS can be attacked by a second OS replacing both the
SEALED-block encryption key, and the user database itself." There are
measures taken to make such an attack cryptographically hard, but it
requires the OS to actually do something.

Suspiciously absent though is the requirement for symmetric encryption (page
4 is easiest to see this). This presents a potential security issue, and
certainly a barrier to its use for non-authentication/authorization
purposes. This is by far the biggest potential weak point of the system. No
server designed to handle the quantity of connections necessary to do this
will have the ability to decrypt/sign/encrypt/verify enough data for the
purely theoretical universal DRM application.

The second substantial concern is that the hardware is substantially limited
in the size of the private keys, being limited to 2048 bits, the second
concern is that it is additionally bound to SHA-1. Currently these are both
sufficient for security, but in the last year we have seen realistic claims
that 1500 bit RSA may be subject to viable attack (or alternately may not
depending on who you believe). While attacks on RSA tend to be spread a fair
distance apart, this never the less puts 2048 bit RSA at fairly close to the
limit of security, it would be much preferable to support 4096-bit RSA from
a security standpoint. SHA-1 is also currently near its limit. SHA-1 offer
2^80 security, a value that it can be argued may be too small for long term
security.

For the time being TCPA seems to be unbroken, 2048-bit RSA is sufficient,
and SHA-1 is used as a MAC for important points. For the future though I
believe these choices may prove to be a weak point in the system, for those
that would like to attack the system, these are the prime targets. The
secondary targets would be forcing debugging to go unaddressed by the OS,
which since there is no provision for smartcard execution (except in
extremely small quantities just as in a smartcard) would reveal very nearly
everything (including the data desired).
Joe

Re: Is TCPA broken?

[Joseph Ashwood]

I need to correct myself.
- Original Message -
From: "Joseph Ashwood" <[EMAIL PROTECTED]>

> Suspiciously absent though is the requirement for symmetric encryption
(page
> 4 is easiest to see this). This presents a potential security issue, and
> certainly a barrier to its use for non-authentication/authorization
> purposes. This is by far the biggest potential weak point of the system.
No
> server designed to handle the quantity of connections necessary to do this
> will have the ability to decrypt/sign/encrypt/verify enough data for the
> purely theoretical universal DRM application.

I need to correct this DES, and 3DES are requirements, AES is optional. This
functionality appears to be in the TSS. However I can find very few
references to the usage, and all of those seem to be thoroughly wrapped in
numerous layers of "SHOULD" and "MAY." Since is solely the realm of the TSS
(which had it's command removed July 12, 2001 making this certainly
incomplete), it is only accessible through few commands (I won't bother with
VerifySignature). However looking at the TSS_Bind it says explicitly on page
157 "To bind data that is larger than the RSA public key modulus it is the
responsibility of the caller to perform the blocking" indicating that the
expected implementation is RSA only. The alternative is wrapping the key,
but that is clearly targeted at using RSA to encrypt a key. The Identity
commands, this appears to use a symmetric key, but deals strictly with
TPM_IDENTITY_CREDENTIAL. Regardless the TSS is a software entity (although
it may be assisted by hardware), this is and of itself presents some
interesting side-effects on security.
Joe

Don't go further into debt

[Joseph Susan]

Don't go further into debt!


Are you thinking about borrowing money to consolidate your bills?
Are you approaching or already past due on your credit cards?
Do you usually only pay monthly minimum on your credit cards?
Are your creditors harassing you about late payments?


If you have $4000 or more in debt, a trained professional will negotiate with your creditors to:


Lower your monthly debt payments
End creditor harassment
Save thousands of dollars in interest and late charges
Start improving your credit rating


All credit accepted and home ownership is NOT required. This it not another loan to dig you deeper in to debt!

For a Free - No Obligation quote to see how much money we can save you, fill out the easy form below!
















Full Name   
Address   
City   
State   


 Alabama
 Alaska
 Arizona
 Arkansas
 California
 Colorado
 Connecticut
 Delaware
 Dist of Columbia
 Florida
 Georgia
 Hawaii
 Idaho
 Illinois
 Indiana
 Iowa
 Kansas
 Kentucky
 Louisiana
 Maine
 Maryland
 Massachusetts
 Michigan
 Minnesota
 Mississippi
 Missouri
 Montana
 Nebraska
 Nevada
 New Hampshire
 New Jersey
 New Mexico
 New York
 North Carolina
 North Dakota
 Ohio
 Oklahoma
 Oregon
 Pennsylvania
 Rhode Island
 South Carolina
 South Dakota
 Tennessee
 Texas

 Utah
 Vermont
 Virginia
 Washington
 West Virginia
 Wisconsin
 Wyoming



Zip Code   
Home Phone   
Work Phone   
Time to Contact   
Debt Size   


$4000 - $4999
$5000 - $7500
$7,501 - $10,000
$10,001 - $12,500
$12,501 - $15,000
$15,001 - $17,500
$17,501 - $20,000
$20,001 - $22,500
$22,501 - $25,000
$25,001 - $27,500
$27,501 - $30,000
$30,001 - $35,000
$35,001 - $40,000
$45,001 - $50,000
$50,000+



E-Mail   
 


* All fields are required for application to be processed











To receive no further advertisements from our company regarding this subject or any other, please reply to this email with the word 'Remove' in the subject line. Thank you.









bojxx

Overcoming the potential downside of TCPA

[Joseph Ashwood]

Lately on both of these lists there has been quite some discussion about
TCPA and Palladium, the good, the bad, the ugly, and the anonymous. :)
However there is something that is very much worth noting, at least about
TCPA.

There is nothing stopping a virtualized version being created.

There is nothing that stops say VMWare from synthesizing a system view that
includes a virtual TCPA component. This makes it possible to (if desired)
remove all cryptographic protection.

Of course such a software would need to be sold as a "development tool" but
we all know what would happen. Tools like VMWare have been developed by
others, and as I recall didn't take all that long to do. As such they can be
anonymously distributed, and can almost certainly be stored entirely on a
boot CD, using the floppy drive to store the keys (although floppy drives
are no longer a "cool" thing to have in a system), boot from the CD, it runs
a small kernel that virtualizes and allows debugging of the TPM/TSS which
allows the viewing, copying and replacement of private keys on demand.

Of course this is likely to quickly become illegal, or may already, but that
doesn't stop the possibility of creating such a system. For details on how
to create this virtualized TCPA please refer to the TCPA spec.
Joe

Re: Overcoming the potential downside of TCPA

[Joseph Ashwood]

- Original Message -
From: "Ben Laurie" <[EMAIL PROTECTED]>
> Joseph Ashwood wrote:
> > There is nothing stopping a virtualized version being created.

> What prevents this from being useful is the lack of an appropriate
> certificate for the private key in the TPM.

Actually that does nothing to stop it. Because of the construction of TCPA,
the private keys are registered _after_ the owner receives the computer,
this is the window of opportunity against that as well. The worst case for
cost of this is to purchase an additional motherboard (IIRC Fry's has them
as low as $50), giving the ability to present a purchase. The
virtual-private key is then created, and registered using the credentials
borrowed from the second motherboard. Since TCPA doesn't allow for direct
remote queries against the hardware, the virtual system will actually have
first shot at the incoming data. That's the worst case. The expected case;
you pay a small registration fee claiming that you "accidentally" wiped your
TCPA. The best case, you claim you "accidentally" wiped your TCPA, they
charge you nothing to remove the record of your old TCPA, and replace it
with your new (virtualized) TCPA. So at worst this will cost $50. Once
you've got a virtual setup, that virtual setup (with all its associated
purchased rights) can be replicated across an unlimited number of computers.

The important part for this, is that TCPA has no key until it has an owner,
and the owner can wipe the TCPA at any time. From what I can tell this was
designed for resale of components, but is perfectly suitable as a point of
attack.
Joe

Re: Re: Overcoming the potential downside of TCPA

[Joseph Ashwood]

- Original Message -
From: "Ben Laurie" <[EMAIL PROTECTED]>
> > The important part for this, is that TCPA has no key until it has an
owner,
> > and the owner can wipe the TCPA at any time. From what I can tell this
was
> > designed for resale of components, but is perfectly suitable as a point
of
> > attack.
>
> If this is true, I'm really happy about it, and I agree it would allow
> virtualisation. I'm pretty sure it won't be for Palladium, but I don't
> know about TCPA - certainly it fits the bill for what TCPA is supposed
> to do.

I certainly don't believe many people to believe me simply because I say it
is so. Instead I'll supply a link to the authority of TCPA, the 1.1b
specification, it is available at
http://www.trustedcomputing.org/docs/main%20v1_1b.pdf . There are other
documents, unfortunately the main spec gives substantial leeway, and I
haven't had time to read the others (I haven't fully digested the main spec
yet either). From that spec, all 332 pages of it, I encourage everyone that
wants to decide for themselves to read the spec. If you reach different
conclusions than I have, feel free to comment, I'm sure there are many
people on these lists that would be interested in justification for either
position.

Personally, I believe I've processed enough of the spec to state that TCPA
is a tool, and like any tool it has both positive and negative aspects.
Provided the requirement to be able to turn it off (and for my preference
they should add a requirement that the motherboard continue functioning even
under the condition that the TCPA module(s) is/are physically removed from
the board). The current spec though does seem to have a bend towards being
as advertised, being primarily a tool for the user. Whether this will remain
in the version 2.0 that is in the works, I cannot say as I have no access to
it, although if someone is listening with an NDA nearby, I'd be more than
happy to review it.
Joe

Re: Clarification of challenge to Joseph Ashwood:

[Joseph Ashwood]

Sorry, I didn't bother reading the first message, and I won't bother reading
any of the messages further in this thread either. Kong lacks critical
functionality, and is fatally insecure for a wide variety of uses, in short
it is beyond worthless, ranging into being a substantial risk to the
security of anyone/group that makes use of it.

- Original Message -
From: "James A. Donald" <[EMAIL PROTECTED]>
Subject:  Clarification of challenge to Joseph Ashwood:


> Joseph Ashwood:
> > > So it's going to be broken by design. These are critical
> > > errors that will eliminate any semblance of security in
> > > your program.
>
> James A. Donald:
> >  I challenge you to fool my canonicalization algorithm by
> >  modifying a message to as to  change the apparent meaning
> >  while preserving the signature, or  by producing a message
> >  that verifies as signed by me, while in fact a meaningfully
> >  different message to any that was genuinely  signed by me.

That's easy, remember that you didn't limit the challenge to text files. It
should be a fairly simple matter to create a JPEG file with a number of 0xA0
and 0x20 bytes, by simply swapping the value of those byte one can create a
file that will pass your verification, but will obviously be corrupt. Your
canonicalization is clearly and fatally flawed.

> Three quarters of the user hostility of other programs comes
> from their attempt to support "true" names, and the rest comes
> from the cleartext signature problem.  Kong fixes both
> problems.

Actually Kong pretends the first problem doesn't exist, and "corrects" the
second one in such a way as to make it fatally broken.

>  Joseph Ashwood must produce a message that is meaningfully
>  different from any of the numerous messages that I have sent
>  to cypherpunks, but which verifies as sent by the same person
>  who sent past messages.
>
> Thus for Kong to be "broken" one must store a past message from
> that proflic poster supposed called James Donald, in the Kong
> database, and bring up a new message hacked up by Joseph
> Ashwood, and have Kong display in the signature verification
> screen

To verify that I would of course have to download and install Kong,
something that I will never do, I don't install software I already know is
broken, and fails to address even the most basic of problems.
Joe

URGENT ASSISTANCE.

[JOSEPH NKONO]

FROM:JOSEPH NKONO
E-MAIL:[EMAIL PROTECTED]
 URGENT ASSISTANCE.
YOU MAY BE SURPRISED TO RECEIVE THIS LETTER FROM ME SINCE YOU DO NOT KNOW ME 
PERSONALLY. I AM JOSEPH NKONO, THE ELDEST CHILD OF ENGR.DAVID NKONO ,WHO WAS ALONG 
SIDE WITH SOME OTHER OPPOSITIONS TO THE GOVERNMENT OF MY COUNTRY,ASSASINATED  ON THE 
10TH OF OCTOBER 2002.
I GOT YOUR CONTACT FROM THE INFORMATION UNIT OF THE CHAMBERS OF COMMERCE HERE IN THE 
NETHERLANDS AND DECIDED TO WRITE YOU. BEFORE THE DEATH OF MY FATHER, HE HAD DEPOSITED 
THE SUM OF FIVE MILLION, UNITED STATES DOLLARS (US$5,000,000)  IN A SECURITY AND
FINANCE COMPANY AS "DIAMOND" FOR SECURITY REASONS, WAITING FOR THE  LAND REFORM 
TENSION TO CEASE BEFORE HE EXTABLISHES A BAKERY COMPANY IN HARARE BUT HE COULD NOT 
LIVE TO REALISE HIS DREAMS . WE NOW BECAME THE TARGET OF THE SPONSORED ASSASSINS  AND 
A GOD FEARING FRIEND OF MY FATHER IN MUGABE'S
GOVERNMENT ASSISTED MY MOTHER AND I OUT FROM  THE COUNTRY AND WE CAME HERE IN THE 
NETHERLANDS TO BE ASYLUM SEEKERS WITH A LOT OF RESTRICTIONS RANGING
FROM FINANCIAL TRANSACTIONS TO INTERACTIONS, PERHAPS BECAUSE OF THE WAVE OF TERRORISTS 
ACTS ALL OVER THE WORLD.
AS AN ONLY CHILD OF MY FATHER, I AM NOW FACED WITH THE RESPONSIBILITY OF SEEKING FOR A 
GENUINE AND HONEST INDIVIDUAL(s) OR COMPANY TO ACT AS OUR
SELECTED REPRESENTATIVE TO HELP US GET THE DEPOSIT OUT FROM THE SECURITY AND FINANCE 
COMPANY AND PROVIDE US WITH A FOREIGN ACCOUNT WHERE THIS MONEY COULD
BE TRANSFERRED WITHOUT THE KNOWLEDGE OF MY GOVERNMENT WHO ARE BENT ON TAKING 
EVERYTHING WE HAVE GOT. ALSO,  I AM FACED IN THE DILEMMA OF INVESTING THIS AMOUNT OF 
MONEY IN THE NETHERLANDS FOR  THE NETHERLANDS FOREIGN EXCHANGE POLICY DOES NOT ALLOW 
SUCH INVESTMENT FROM ASYLUM SEEKERS. I WILL ENTRUST MY FUTURE AND MY FAMILY YOUR HANDS.
I MUST ALSO LET YOU KNOW THAT  THIS TRANSACTION IS RISK FREE. IF YOU ACCEPT TO ASSIST 
ME AND MY FAMILY,  ALL I NEED YOU TO DO FOR ME IS TO MAKE ARRANGEMENT AND COME TO THE 
NETHERLANDS  SO THAT YOU CAN OPEN A
NON-RESIDENT ACCOUNT WHICH WILL AID US IN TRANSFERRING THE MONEY  INTO ANY ACCOUNT YOU 
WILL NOMINATE OVERSEAS. THIS  MONEY I INTEND TO USE FOR
INVESTMENT.
I HAVE OPTIONS TO OFFER YOU, FIRST YOU CAN  CHOOSE TO HAVE CERTAIN PERCENTAGE OF THE 
MONEY FOR NOMINATING YOUR ACCOUNT FOR THE TRANSACTION, OR YOU CAN GO INTO PARTNERSHIP 
WITH ME FOR A PROPER PROFITABLE INVESTMENT OF THE MONEY IN YOUR  COUNTRY.
WHICHEVER OPTION YOU CHOOSE, FEEL FREE TO NOTIFY ME. I HAVE MAPPED OUT 5% OF THIS 
MONEY FOR ALL EXPENSES INCURRED IN PROCESSING THIS TRANSACTION. IF YOU DO NOT PREFER A 
PARTNERSHIP, I AM WILLING TO GIVE YOU 20% OF THE MONEY WHILE THE REMAINING 75% THAT IS 
MEANT FOR ME, WILL BE FOR THE INVESTMENT IN YOUR
COUNTRY. PLEASE, CONTACT ME WITH THE ABOVE E-MAIL ADDRESS, WHILE I IMPLORE YOU TO 
TREAT THIS WITH ABSOLUTE CONFIDENTIALITY THAT IT DESERVES.
THANK YOU FOR TAKING THE TIME OFF YOUR SCHEDULES TO READ THIS AND I PRAY YOU RESPOND 
SOON.ENDEAVOUR TO SEND THROUGH THIS E-MAIL ADDRESS, YOUR CONFIDENTIAL
TELEPHONE AND FAX NUMBERS FOR FURTHER COMMUNICATIONS AND INFORMATION. GOD BLESS YOU 
ABUNDANTLY AS I LOOK FORWARD TO HEARING FROM YOU.
YOURS SINCERELY,
JOSEPH NKONO.
  

important

[Joseph Sekhoto]

Pretoria,
South Africa. 


It is my great pleasure to write you this letter on 
behalf of my colleagues and I.Your information was
given to me by a member of the South African Export
Promotion Council (S.A.E.P.C),who was with the Black
Economic Empowerment Commission (Government)
delegation on a trip overseas during a bilateral 
conference talk to encourage foreign investors.I have 
decided to seek a confidential co-operation with you 
in the execution of a deal hereunder for the benefit 
of all parties, and hope you will keep it 
confidential because of the nature of business. 

Within the Department of Mining Resources where I work

as the Director of Project Implementation,with the 
co-operation of two other officials,we have in 
possession,an overdue payment in US funds. 

The said funds represent certain percentage of the 
contract value executed on behalf of my Ministry by a 
foreign contracting firm,which we the officials 
over-invoiced to the amount of US$25,500,000.00(Twenty

Five Million Five Hundred Thousand United States 
Dollars).Though the actual contract cost has been 
paid to the original contractor,leaving the excess 
ballance unclaimed. 

The Government of the Republic of South Africa 
believes that private investment in general,and 
foreign direct investment in particular,are the real 
engines for sustainable economic development,for which

reason it has continued to encourage investments in 
the key growth-oriented sector of Mining with sincere 
determination to pay foreign contractors all debts 
owed to them, so as to continue to enjoy close 
relationship,and a mutually beneficial co-operation 
with foreign governments and non-governmental 
financial agencies.As a result we included our bills 
for approvals with the co-operation of some offitials 
at the Department of Finance and the Reserve Bank of 
South Africa(R.B.S.A).We are seeking your assistance 
to be the beneficiary of the unclaimed funds,since we
are not allowed by law to operate a foreign 
account.Details and changing of beneficiary 
information and other forms of documentation upon 
application for claim to reflect the payment and 
approvals will be secured on your company or your good
self. 

I have the authority of my colleagues involved to 
propose that,if you are willing to assist us in 
this transaction your share as compensation will be 
20% while my colleagues and i shall receive 70%, and 
the ballance of 10% shall be used to reimburse all 
expenditures,taxes and miscellaneous expenses so 
incurred. 

It does not matter whether or not your company does 
contract projects of the nature described here.The 
assumption is that your company won the major contract

and subcontracted it to other companies. More often 
than not, big trading companies and firms of unrelated

fields win major contracts and subcontract same to 
more specialized firms for execution. 

This business itself is 100% safe,provided you treat 
it with utmost confidentiality.Also your 
specialization is not a hindrance to the successful 
execution of this mutually beneficial transaction.I 
repose confidence in you and hope that you will not 
disappoint us. 

Kindly notify me for futher details,upon your 
acceptance of this proposal. 

Regards, 

Joseph Sekhoto

STRICTLY CONFIDENTIAL

[JOSEPH SAVIMBI]

Good Day,

I hope this mail meets you in good time. My proposal to you will be very surprising, 
as we have not had any Personal contact. However, I sincerely seek your confidence in 
this transaction, which I propose to you as a man of intergrity.

First and foremost I wish to introduce myself properly to you. My name is Joseph 
Savimbi, I am a nephew and Personal Assistant to Jonas Malheiro Savimbi, the leader of 
UNITA (National Union for the Total Independence of Angola). I got your email address 
from a directory, in my search for a partner for this transaction, hence this letter. 

You may know that my Uncle was recently killed in a battle with the government troops 
of Angola, led by President Dos Santos, on Friday 22nd February 2002. After my Uncle's 
death, Mr. Antonio Dembo who was his second in command,  assumed office as leader of 
UNITA, and UNITA was in a state of turmoil. Prominent members like Carlos 
Morgado lobbyed to depose him and assume office as leader to enrich themselves and 
some of them who saw me as a threat to their ambitions, including Mr.Dembo, planned to 
kill me. The tension and confusion in UNITA become uncontrlable when Mr. Dembo died 
10days after my Uncle died. Being a young man who desires a peaceful life, I am 
no more interested in conflicts and wars, this is why I secretly left Angola and came 
here (The Netherlands) to seek political asylum.

I am sincerely seeking for your highly needed assistance in respect to safekeeping of 
some of my Uncle's money that arose from Diamonds sales. This money (US$18.5million), 
was already on its way to my Uncle's Swiss Bank account, through the Diplomatic means 
we use to move money abroad, and was on transit with a private safe deposit 
security company here in Amsterdam, Netherlands when the tragic incident of my Uncle's 
death occurred. I then instructed the company to secure the consignment containing the 
money pending on further instrutions from me.

As a matter of fact, this is the reason I chose to come to The Netherlands to seek for 
political asylum. It is very clear with 
the way things are now, that President Dos Santos will lobby the International 
Community to freeze my Uncle's assets and accounts abroad, to ground UNITA, since he 
has already done this in Angola.

I plan to use this money to safeguard my future. It is very essential that you 
understand that the kind of trust and confidence I want to put in you is 
extraordinary, and an act of desperation on my part, in order not to lose this money. 
Also, ensure that this contact with you should be treated with utmost secrecy.

The help I need from you is clearing the box containing the money which is deposited 
in my name, from the security company, after which, the money will transfered to your 
account preferably a new account you should open for this transaction.  My share of 
the money will be returned to me when my asylum application is granted, and I have 
permission to do business and open an account here. 

For your reliable assistance, I will reward you with 15%($2,775,000) of the money. We 
shall use 5%($925,000) to carry out every expenses that we come across at any time. 
The remainder of the 5% shall be given to a Charity Organisation. 

I have with me, the Certificate of Depositfor the consignment, which will be used for 
claim from the security company. Also, everything will be legally processed for 
transfer of ownership to you, and this transaction should be completed immediately 
depending on your prompt response.

I thank you in advance as I anticipate your assistance in enabling me achieve this 
goal. Please contact me whether or not you are interested in assisting me. This will 
enable me scout for another partner in the event of non-interest on your part.

Sincerely,
J.Savimbi.