The Secret Macintosh - Part 3 (As continued from HackAddict 10 and 11) Privacy Information Via Usenet Newsgroups alt.privacy alt.privacy.anon-server alt.anonymous alt.security alt.anonymous.messages alt.2600 talk.politics.crypto comp.security comp.society.privacy comp.security.misc alt.security.pgp sci.crypt alt.security.pgp.announce alt.security.pgp.discuss alt.security.pgp.resources alt.security.pgp.tech alt.privacy.anon-messages [SPYRUS! This one is fun!] If this discussion has really turned you on, you might consider subscribing to the (not overwhelming) Mac-Crypto mailing list. E-mail: majordomo@thumper.vmeng.com Subject: subscribe mac-crypto or vinnie@vmeng.com E-mail to Usenet Gateways These servers forward your e-mail to Usenet, but not anonymously. To anonymise, first send your e-mail to a Cypherpunk remailer or chain of remailers to have your address stripped off, then specify your destination as one of the gateways below and, because your return address is E-mail to anonymous, read the Usenet group to receive your reply. You can even subscribe to a Usenet group via e-mail, info: http://csbh.mhv.net/~bobrankin E-mail to Usenet gateway list: http://sabotage.org/~don/mail2news.html I. The first group of mail-to-news gateways in general require you to edit your headers before sending though some will parse your headers in the way the gateway requires. Read the list above for pointers. Caveat: Some of these do not anonymise your e-mail address; make sure the one you choose does! m2n@alpha.jpunix.com mail2news@basement.replay.com usenet-article@news.uni-stuttgart.de mail2news@news.demon.co.uk mail2news@myriad.alias.net II. The second group of gateways merely require that you insert the name of your specific newsgroup. group.name@myriad.alias.net group.name@news.uni-stuttgart.de group.name@nic.funet.fi group.name@cs.dal.ca group.name@ug.cs.dal.ca group.name@undergrad.math.uwaterloo.ca group.name@demon.co.uk group.name@comlab.ox.ac.uk group.name@myriad.alias.net group.name@bull.com group.name@cass.ma02.bull.com group.name.usenet@decwrl.dec.com group.name@charm.magnus.acs.ohio-state.edu group.name@paris.ics.uci.edu group.name.usenet@canaima.berkeley.edu Usenet newsgroups are a tremendous personal security hole. What you say here could be archived, simply retrieved with your name and come back to haunt you decades later. Gateways collapse almost as quickly as remailers because of abuse: threats, harassment, spam, mailbombs. A simpler, but far less secure approach to Usenet is to send your postings via Dejanews: http://www.dejanews.com Dejanews, however, requires a name and valid e-mail address from you (use a remote computer for this!) and they keep an unencrypted log of all postings. TEMPEST Unless you’re a spy [SPYRUS!], moving major war weapons, tons of white powder or engaged in other exotic pursuits requiring serious counterspy shit, you’ll be unlikely to see an unmarked van parked outside monitoring your computer pulses into the electric grid. It’s not easy to buy TEMPEST electromagnetic shielding to the US military standard, made of mu-metal, an expensive alloy of nickel, iron and molybdenum. However, for less stringent requirements, a portable or laptop computer running on batteries will keep your keystrokes secret. And once encrypted, your data will be safe. If you just have to be the first on your block to have TEMPEST shielding, a less expensive alloy enclosure can be purchased from Field Services (tel. 1-310-605-0808): http://www.fms-corp.com or real TEMPEST shielding may be found at community computer recyclers reselling government computers. You might be glad you did! Cookies and Cache Wars Your computer sends a record, called a cookie, to every Internet site you visit. Perhaps there are some streetcorners where you’d rather not be seen peddling your ass. If so, visit these sites by first logging onto: http://www.anonymizer.com Use Anonymizer as your home site so you don’t forget to use it or use this site as a proxy server in Netscape options, with one warning: using a proxy server slows things down a lot. Anonymizer offers slow and free trial access or faster paid subscribership. Caveat: Anonymizer is US-based. It is also a good idea to have Netscape warn you about losing your cookies by making it so in the Options menu under Network Preferences and Protocols. On the Macintosh, a folder cannot replace a file with the same name, and vice versa. You will find MagicCookie in Netscape 3, cookies.txt in Internet Explorer in the Preferences folder of your System Folder. You can completely eliminate cookies by copying the name of the cookie file, deleting the file, creating a new folder in the same place and renaming the folder by pasting the copied name. This means the application will not be able to create a replacement file when your Mac is booted up next time. Netscape 4 offers the following Advanced option in Preferences under the Edit menu: a “Do not accept cookies” button and a “warn me before accepting cookies” check-box. I would also use one of the freeware cookiekillers below as a fail-safe because companies are going to figure out a way around these options. To more fully explore the cookie problem, check out: http://www.cookiecentral.com and the path /macfiles.htm which provides links to the following freeware applications for Macintosh: CookieMonster: http://www.geocities.com/Paris/1778/CookieMonster151.sit CookieCutter: http://hyperarchive.lcs.mit.edu/HyperArchive/Archive/comm/inet/web/ntscp/cookie-cutter-10.hqx or http://www.geocities.com/SiliconValley/2784 ScapeGoat: http://hyperarchive.lcs.mit.edu/HyperArchive/Archive/comm/inet/web/ntscp/scape-goat-10.hqx CookieCleaner: http://hyperarchive.lcs.mit.edu/HyperArchive/Archive/comm/inet/cookie-cleaner.hqx No More Cookies: http://hyperarchive.lcs.mit.edu/HyperArchive/Archive/comm/inet/web/no-more-cookies-20.hqx Default No Cookie: e-mail: zimmie@abwam.com or http://www.sharewarejunkies.com/defaultc.htm One of these cookie killers should do the trick for you. Equally dangerous to your privacy is the Cache folder in the Netscape folder in the Preferences folder of your System Folder. This folder keeps a log of the sites you visit. In Netscape v3.0 choose Options/Network Preferences; in the Cache tab, click on “Clear disk cache now” or make an alias (Command-M) of the Netscape folder in Preferences and leave it on your Desktop so you will remember to Select All these items and drag them to the Trash after every surf session. In Netscape v4.0, choose Edit/Preferences, then click the + sign next to Advanced; click Cache, then select Clear Disk Cache. Netscape also keeps files of Inbox, Sentmail and Trash here, too; don’t leave a record of these--trash them every time. You should also make sure to delete any mail or cookies and to purge the disk cache every time you use a remote site login. You might also like to check out this neat shareware application: Cache Killer Pro: http://web2.airmail.net/sdh/killerpro A commercial product to be released for Macintosh in February 1998 will likely be the best to deal with both these tell-tales: IEClean & NSClean: http://www.wizvax.net/kevinmca/macs.html PGP & PRZ Amerika has dropped its legal case against Philip R. Zimmermann, the creator of PGP! There may be minor safety in numbers! He has certainly done us all a great service. The latest update is that PRZ has bought Viacrypt, now PGP, Inc., to make privacy available to the masses--support PRZ and buy PGP! EPIC & EFF At the forefront of the legal and educational battle for privacy are two organisations deserving of your membership and support. Their web pages also contain many valuable privacy resources: Electronic Privacy Information Center 666 Pennsylvania Avenue SE, Suite 301 Washington DC 20003 USA Tel. (202) 544-9240 Fax. (202) 547-548 E-mail: info@epic.org Web: http://www.epic.org Electronic Frontier Foundation, 1001 G Street NW Suite 950 East Washington DC 20001 Tel. (202) 861-7700 Fax. (202) 393-5509 E-mail: eff@eff.org Web: http://www.eff.org BBS: (202) 638-6120 & (202) 638-6119 RSA E-mail Sig Pssstt! Hey buddy, wanna be an arms trafficker??? Append a label, three lines of the RSA algorithm in perl, as your e-mail signature: http://dcs.ex.ac.uk/~aba/x.html Further Reading NOTE: Many of these privacy resources are of limited use to Macintosh users--examine carefully before you buy. Answers to Frequently Asked Question About Today’s Cryptography, Version 3.0, RSA Laboratories, 100 Marine Parkway, Suite 500, Redwood City CA 94065, 1996, http://www.rsa.com/rsalabs/ [Exhaustive, if simplified, discussion of cryptography issues--great!] Computer Privacy Handbook: A Practical Guide to E-Mail Encryption, Data Protection, and PGP Privacy Software, Andre Bacard, Peachpit, 1995, ISBN 1-56609-171-3, US $24.95 The Computer Privacy Report, W.G. Hill, Scope International [Box 4682, Forestside House, Rowlands Castle, Hants PO9 6EE, tel. 44-705-631-751, fax. 44-705-631-322], 1995, US $100, 153 pp [Expensive but pioneering overview of how to use PGP, steganography and remailers to protect your anonnymity.] Computer Security Basics, D. Russell & G.T. Gangetti, Sr, O’Reilly, 1991 [Although somewhat dated, includes a good description of TEMPEST.] Data Security, Janet Endrijonas, ISBN 1-55958-750-4 [Recommended to the author but unseen.] Disappearing Cryptography, Being and Nothingness on the Net, Peter Wayner, Academic Press Professional, 1996, ISBN 0-12-738671-8, US $29.95, http://www.access.digex.net:/~pcw/pcwpage.html [Although a technical presentation of advanced steganography, this book also contains some great philosophy, a good overview of steg applications and remailer use.] The Electronic Privacy Papers: Documents on the Battle for Privacy in the Age of Surveillance, Bruce Schneier & David Banisar, Wiley, 1997, ISBN 0-47-112297-1, 747 pp., US $59.95 Electronic Privacy Sourcebook, Bruce Schneier & David Banisar, Wiley, 592 pp., US $39.95 E-Mail Security: How to Keep Your Electronic Messages Private, Bruce Schneier, Wiley, 1995, ISBN 0-471-05318-X, US $24.95, 365 pp. [Excellent overview of this topic.] How To Use PGP, Superior Broadcasting Company [Box 1533-N, Oil City PA 16301, tel. (814) 678-8801], US $10-13 [Almost completely PC.] net.sex: The Complete Guide to the Adult Side of the Internet, Candi Rose and Dirk Thomas, SAMS Publishing, 1995, ISBN 0-672-30702-2, $19.99, 243 pp. [Excellent information on anonymous Usenet.] netspy: How You Can Access the Facts and Cover Your Tracks Using the Internet and Online Services, Wolff New Media, 1996, ISBN 0-679-77029-1, $12.95, 185 pp. [Great resource and reference book divided into Spy and Counterspy sections. Updates available at http://www.ypn.com] The Official PGP User’s Guide, Philip R. Zimmermann, MIT Press, 1995, ISBN 0-262-74017-6, $14.95, 216 pp [Although official, even PC users say this text is pretty cryptic!] Personal Computer Security, Ed Tiley, International Data Group Books, 1996, ISBN 1-56884-814-5, US $24.99 PGP on the Internet: Easy Encryption for Your Electronic Information, Peter Kent, Ventana, 1995, ISBN 1-56604-304-2, US $14.95 paper, US $29.95 cloth, 175 pp. PGP for Personal Privacy, Version 5.0: User’s Guide for Macintosh, Mike Iannamico, Pretty Good Privacy, Inc., 1997 [Both the Mac and PC manuals truly make PGP accessible.] PGP: Pretty Good Privacy, Simson Garfinkel, O’Reilly, 1994, ISBN 1-56592-098-8, US $24.95, 400 pp [Very PC! The Mac section is pitifully inadequate.] Protect Your Macintosh, Bruce Schneier, Peachpit, 1994 Protect Your Privacy: A Guide for PGP Users, William Stallings, Prentice-Hall,1994, ISBN 0-13-185596-4, US $ 19.95, 302 pp [Includes a top-notch section for Macintosh users.] Underground Guide to Computer Security, Michael Alexander, ISBN 0-201-48918-X] [Recommended to the author but unseen.] ViaCrypt PGP, Pretty Good Privacy User’s Manual Version 2.7.1 For [sic] Macintosh, 1994, ViaCrypt [The manual for the commercial PGP version prior to v5.0 is not nearly as useful.] E-mail: info-rama@wired.com, or : 3.01/departments/getting.macpgp 3.01/departments/pgp.faq 3.01/departments/pgp.faq2 3.01/departments/getting.pgp 3.01/departments/getting.macpgp Anonymity on the Internet FAQ: Anonymous FTP: ftp://rtfm.mit.edu:/pub/usenet/news.answers/net-anonymity/part E-mail: mail-server@rtfm.mit.edu [mail-server@BLOOM-PICAYUNE.MIT.EDU?]; subject not read; message: PGP FAQ: E-mail: mail-server@rtfm.mit.edu [mail-server@BLOOM-PICAYUNE.MIT.EDU?]; subject not read; message: Privacy and Anonymity FAQ: Anonymous FTP: ftp://rtfm.mit.edu:/pub/usenet/news.answers/net-privacy/part E-mail: mail-server@rtfm.mit.edu [mail-server@BLOOM-PICAYUNE.MIT.EDU?]; subject not read; message: Xenon, Here’s How to MacPGP! ftp://ftp.netcom.com/pub/qwerty E-mail: qwerty@netcom.com, in subject line [Mail returned!] [Very basic introduction, though somewhat helpful.] PGP Tutorial http://sun1.bham.ac.uk/N.M.Queen/pgp/pgp.html http://netaccess.on.ca/~rbarclay/bg2pgp.txt E-mail: slutsky@lipschitz.sfasu.edu, in subject line [Mac users will find some pointers here, though most is of use to PC owners.] Chaining Remailers Help ftp://ftp.erg.ucd.ie/public/macintosh/cryptography/ [The single most useful document on remailer use.] Privacy-enhancing technologies for the Internet, Ian Goldberg, David Wagner, Eric Brewer, 1997 {A superb, must-read discussion of the latest advances in protection.] Encryption and Evolving Technologies as Tools of Organized Crime and Terrorism, Dorothy E. Denning & William E. Baugh, Jr., US Working Group on Organized Crime, National Strategy Information Center, Washington, 1997 http://www.cs.georgetown.edu/~denning/crypto/oc-abs.html E-mail: nsic@ix.netcom.com or denning@cs.georgetown.edu [Know thy enemy--perhaps in the Biblical sense! An overview of the US government’s laughable reasons to further restrict our liberties.] Snakeoil FAQ E-mail: cmcurtin@research.megasoft.com [A good report on inadequate cryptography.] Kudos to Bill Hill for turning me on to some fiendish, diabolical ways to protect my own privacy, and proto-cryptoguru Bruce Schneier who really does know the answer to everything. You should add two other principal sources of inspiration to your subscription lists: Wired [e-mail: subscriptions@wired.com; +1-415-276-5000; (in the USA: 800-769-4733); fax, +1-415-276-5200] and 2600, The Hacker Quarterly [e-mail: subs@2600.com; +1-516-751-2600; fax, +1-516-474-2677]. 1601 encryption products are currently produced in 29 countries. Does any government think it can control this??? -------------------------------------------------------------------------- WARNING -- THIS LABEL IS CLASSIFIED AS A MUNITION RSA ENCRYPTION IN THREE LINES OF PERL HAVE YOU EXPORTED A CRYPTO SYSTEM TODAY? http://dcs.ex.ac.uk/~aba/x.html --rsa--------------------------------8<----------------------------------- #!/usr/local/bin/perl -s-- -export-a-crypto-system-sig -RSA-in-3-lines-PERL ($k,$n)=@ARGV;$m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2% Sa2/d0