Yet more stego scare in the New York Times

[Trei, Peter]

> ----------
> From: 	Bram Cohen[SMTP:bram at gawth.com]
> Sent: 	Tuesday, October 30, 2001 12:36 PM
> To: 	Nelson Minar
> Cc: 	Crypto List
> Subject: 	Re: Yet more stego scare in the New York Times
> 
> On Tue, 30 Oct 2001, Nelson Minar wrote:
> 
> > What's so frustrating about this is that it is quite possible that
> > high quality stego is being used out there; how would we know?
> 
> That's highly doubtful. We cypherpunks are on the forefront of practical
> crypto applications, and what we've got is still quite limited. The
> following are pretty much all I've seen used by non-specialists -
> 
> link encryption - [...]
> anonymous remailers - [...]
> encrypted partitions - [...]
> ZKS - [...]
> hotmail/yahoo/hushmail/etc. accounts - [...]
> So there you have it. The state of deployed crypto is quite limited, and
> in practice hardly used for anything sinister at all.
> -Bram Cohen
> 
I'd add two:

	Usenet as a dead drop - It's relatively easy to post things to
usenet
with very limited traceback ability, and figuring out who has read a given 
message is also very difficult. Check out alt.anonymous.messages.
Interestingly,
this group's posters are also heavy users of anonymous remailers and PGP. If
OBL & co were actually using the Internet, this is a heck of a lot simpler
than
stego'd images.
 
	Anonymizing WWW proxies - eg www.anonymizer.com; www.cotse.com,
www.safeweb.com. The better of these use SSL and encrypted URLs, also manage
cookies intelligently. They sheild the user from both identification by the
target site,
and block an observer (for example, at a firewall) between the user and the
proxy from 
identifying the target site. Of course, none of this is shielded from the
proxy owner.

Peter Trei




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com