From owner-freebsd-security Sun Feb 20 23:37:29 2000 Delivered-To: freebsd-security@freebsd.org Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id C1B1737C17E for ; Sun, 20 Feb 2000 23:37:23 -0800 (PST) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id XAA58181; Sun, 20 Feb 2000 23:37:19 -0800 (PST) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <200002210737.XAA58181@gndrsh.dnsmgr.net> Subject: Re: Strange Spam In-Reply-To: from Matt Heckaman at "Feb 21, 2000 01:55:44 am" To: matt@ARPA.MAIL.NET (Matt Heckaman) Date: Sun, 20 Feb 2000 23:37:19 -0800 (PST) Cc: security@FreeBSD.ORG (FreeBSD-SECURITY) X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > This is funny, reading it more carefully - there are also references to > DARPA (Defense Advanced Research Projects Agency), UHF (Ultra High > Frequency), and Interpol. > > Also, Mathematic is mispelled to "Mathematik" which strikes me as odd, German/Danish dictionary? > giving the caliber of words used throughout the message. Another thing > to note, is the capitalization scheme; It appears that proper nouns and > places are for the most part capitalized, with some exceptions such as > "cynthia", "sarah1", and a few others. > > All and all, this is nothing but pure conjecture, but it does almost > totally rule out the possibility of it being some random misplaced SPAM > email. It definately has the form of being intended for someone. I agree with that. And would further conjecture the person is at an unknown location and/or hiding. And has possibly limited access to resources. Another think to yourself for a long hard time about _why_ someone might try to use this form (bulk email) of communications and cryptography of a weak form to get a message to someone. They probably don't care that the NSA could crack this in a day, but they do care that every other person could just read it. It could say ``Nuclear launch in 6 hours from this transmission'' and it wouldn't matter that the NSA could crack it in 12 hours, just so long as all the ``agents'' knew that in 6 hours all hell was going to break loose around the globe and they need to take care of the last minute details. You don't need a sledge hammer to break a piece of tempered glass, a tap with a 1 ounce hammer works fine if the glass is stricken at the right angle (usually the edge of the sheet of glass). > > Unfortunately, without figuring the key sequence that this is based on, > it's probably impossible for us to decypher it. My original question still > stands. If this is some kind of code, why would someone do something like > this as opposed to PGP encryption or similar? -- Or both combined for the > very paranoid. Your assuming the sender of the message has/had a way to get the receipents public key. If the receipent is at an unknown location (also explaining why this is going out as mass email/spam) how would you get his/her key to encrypt with? -- Rod Grimes - KD7CAX @ CN85sl - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message