What Do You Guys Have That's So Secret? - PGP

This is a discussion on What Do You Guys Have That's So Secret? - PGP ; I see people using PGP all the time- they encrypt everything, sign everything, right down to "Hey, man, it's rain'in outside!" Now, I know PGP _looks_ cool, and it _does_ create a certain state of importance around it's user, but ...

+ Reply to Thread
Page 1 of 3 1 2 3 LastLast
Results 1 to 20 of 48

Thread: What Do You Guys Have That's So Secret?

  1. What Do You Guys Have That's So Secret?


    I see people using PGP all the time- they encrypt everything, sign
    everything, right down to "Hey, man, it's rain'in outside!" Now, I know
    PGP _looks_ cool, and it _does_ create a certain state of importance
    around it's user, but don't you think signing/encoding everything by
    default it a little much? My OS came with GPG, and I think I used it
    exactly once (when it was actually needed). And that was to sign- I've
    yet to receive a fully-encypted secret-message.

    I just thought maybe you guys had the cure to aids or next week's lotto
    numbers, or the secret ingrediates to KFC encoded amongst yourselves....


    --
    ----------------
    -jayjwa Reg. Linux user #207147 PGPKey: http://atr2.ath.cx/jayjwa.asc
    Spambox: jayjwa@hotmail.com -- 4 Spammers: listme@listme.dsbl.org

    *We have come for your Buffer!*
    GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXX
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXX
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u90 90%u6858%ucbd3%u7801%
    u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9 090%u9090%u8190%u00c3
    %u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 200 140 "-" "-"


  2. Re: What Do You Guys Have That's So Secret?

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Well, if I want to write a letter to someone and send it via the US
    Postal service, I put it in an envelope. If I want every Tom, Dick,
    and Harry to read it while in transit, I would write it on a
    postcard. I have nothing to hide, but if I want to e-mail one of my
    friends that it's raining outside, that's my business and nobody
    elses! I wish more people would uses PGP. As far as the signing
    goes, I really haven't had a need for it yet, but it sure does look
    impressive!
    ......
    ......
    ......
    Looks cool!, huh?

    -----BEGIN PGP SIGNATURE-----
    Version: PGP Personal Privacy 6.5.8

    iQA/AwUBP2SD3Jii8dYr+NOwEQKPwACgzEwBsVs/jIIZotsFv2oE35Gkc2wAoMP1
    iFhWn1Z47tgf2FtyuFj4v5La
    =beoR
    -----END PGP SIGNATURE-----










    jayjwa wrote in message news:...
    > I see people using PGP all the time- they encrypt everything, sign
    > everything, right down to "Hey, man, it's rain'in outside!" Now, I know
    > PGP _looks_ cool, and it _does_ create a certain state of importance
    > around it's user, but don't you think signing/encoding everything by
    > default it a little much? My OS came with GPG, and I think I used it
    > exactly once (when it was actually needed). And that was to sign- I've
    > yet to receive a fully-encypted secret-message.
    >
    > I just thought maybe you guys had the cure to aids or next week's lotto
    > numbers, or the secret ingrediates to KFC encoded amongst yourselves....
    >
    >
    > --
    > ----------------
    > -jayjwa Reg. Linux user #207147 PGPKey: http://atr2.ath.cx/jayjwa.asc
    > Spambox: jayjwa@hotmail.com -- 4 Spammers: listme@listme.dsbl.org
    >
    > *We have come for your Buffer!*
    > GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    > XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXX
    > XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXX
    > XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u90 90%u6858%ucbd3%u7801%
    > u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9 090%u9090%u8190%u00c3
    > %u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 200 140 "-" "-"


  3. Re: What Do You Guys Have That's So Secret?

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    jayjwa wrote:

    >
    > I see people using PGP all the time- they encrypt everything, sign
    > everything, right down to "Hey, man, it's rain'in outside!" Now, I know
    > PGP _looks_ cool, and it _does_ create a certain state of importance
    > around it's user, but don't you think signing/encoding everything by
    > default it a little much? My OS came with GPG, and I think I used it
    > exactly once (when it was actually needed). And that was to sign- I've
    > yet to receive a fully-encypted secret-message.
    >
    > I just thought maybe you guys had the cure to aids or next week's lotto
    > numbers, or the secret ingrediates to KFC encoded amongst yourselves....
    >
    >


    I don't see where the "cool" or "important" element is.

    I consider it to be a matter of being a gentleman, of politeness. When
    posting or sending email, I apply my signature accepting full
    responsability for what I posted (authentication and non-repudiation).

    If someone has a public key, I know that this person values privacy. I
    respect my fellow mens' choices, and I show him my respect by using his key
    encrypting my messages to him or her.

    regards,

    Hans




    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)

    iD8DBQE/ZJFkeAFfPoyjZ2cRAmwLAJ4i3FJzGcfpALa62KM2SHfFfh1raQ CfXwDP
    jgia8Be03XU7jQCtsAaq49g=
    =7shl
    -----END PGP SIGNATURE-----

  4. Re: What Do You Guys Have That's So Secret?

    I have a list of reasons to encrypt at
    . Some of these
    reasons are merely hypothetical, and others reflect an
    after-the-fact realization that PGP should have been used. But
    some of these reasons present actual and valid uses of PGP. At
    the end of the list, I quote the policy of a large corporation on
    why its employees should use PGP.

    --

    David E. Ross


    Concerned about someone snooping into your E-mail?
    Use PGP. See my

  5. Re: What Do You Guys Have That's So Secret?

    "jayjwa" wrote in message
    news:vm8f1kj1fdok4d@corp.supernews.com...
    >
    > I see people using PGP all the time- they encrypt everything, sign
    > everything, right down to "Hey, man, it's rain'in outside!" Now, I know
    > PGP _looks_ cool, and it _does_ create a certain state of importance
    > around it's user, but don't you think signing/encoding everything by
    > default it a little much? My OS came with GPG, and I think I used it
    > exactly once (when it was actually needed). And that was to sign- I've
    > yet to receive a fully-encypted secret-message.
    >
    > I just thought maybe you guys had the cure to aids or next week's lotto
    > numbers, or the secret ingrediates to KFC encoded amongst yourselves....


    Absaloutly nothing. It's just something to be interested in.

    If I want to look cool, I'll wear a pair of shades. If I want to feel
    important, I'll hire a bodyguard.

    Don't come here and expect a constructive conversation when you start
    slagging everyone off.

    -----BEGIN GEEK CODE BLOCK-----
    Version 3.12
    GU d- s+:- a--- C++(++++) !U W++(+++) N+(++) o K? w+(--) ?O M>++
    V? PS+ PE-@ Y+(++) PGP++ t+(*) 5 X R(+) tv(-) b+(+++)
    DI++++ D G e(*) h!>--- r++ z+>+++
    ------END GEEK CODE BLOCK------



  6. Re: What Do You Guys Have That's So Secret?

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    jayjwa wrote in
    news:vm8f1kj1fdok4d@corp.supernews.com:


    > I just thought maybe you guys had the cure to aids or next week's
    > lotto numbers, or the secret ingrediates to KFC encoded amongst
    > yourselves....



    Opps we've been rumbled! ;-)
    He knows about the lotto and KFC. Hope he hasn't found out about the
    Coke/Pepsi formula - maybe we need stronger encryption? Or has some one
    been looking over my shoulder and got my passphrase...



    -----BEGIN PGP SIGNATURE-----
    Version: 6.5.8ckt http://www.ipgpp.com/

    iQA/AwUBP2YNDK8peim8DRxDEQKLrgCguCJcb6uDL8z/K3XqsnBGFeqEffsAoNwU
    qBPvTyEF/+jhwndOMewsNMd3
    =pSY/
    -----END PGP SIGNATURE-----

  7. What Do You Guys Have That's So Public?

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    jayjwa wrote:
    > I see people using PGP all the time-they encrypt everything, sign everything.


    What do you have that is so public?

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.3 (FreeBSD)

    iD8DBQE/Zu/IZsrx6aBPZiwRAkk/AJ0d/3N1EWEuHXpdhv+xWWdP6zYV6gCeLQcy
    XkTqUx+AZ0OMZt6UajYEyJo=
    =MRrN
    -----END PGP SIGNATURE-----

  8. Re: What Do You Guys Have That's So Secret?

    > I see people using PGP all the time- they encrypt everything, sign
    > everything, right down to "Hey, man, it's rain'in outside!" Now, I know
    > PGP _looks_ cool, and it _does_ create a certain state of importance
    > around it's user, but don't you think signing/encoding everything by
    > default it a little much?


    Here is a perfect example to illustrate why it's a good idea to PGP encrypt
    any email, even casual conversations.

    Since 2003-09-15, Verisign has modified its root servers that answer for
    all .COM and .NET domains to return a default Verisign IP address in case
    the domain doesn't exist.

    Now let's say a friend or colleague emails you but has a typo in their
    return address domain name. Your mail (believe it or not, it's true) will
    be sent to Verisign's mail server.

    For me this is a straightforward issue of privacy. With PGP I can be
    certain that only the intended recipient will actually be able to read the
    email.

    --
    Jem Berkes
    http://www.sysdesign.ca/

  9. Re: What Do You Guys Have That's So Secret?

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I do this, in the hope that everyone will, so that then it doesn't look
    suspicious when I send something I really want to keep secure.

    -----BEGIN PGP SIGNATURE-----
    Version: 6.5.8ckt http://www.hn.org/drno/pgp.shtml

    iQA/AwUBP2dI8LHlcSptAz1hEQItKACfRki12YzpBiG26UIsCBjDtW UH5QsAoJzG
    8+i43Px27qQdRhXpRyCxOd2Y
    =FlWe
    -----END PGP SIGNATURE-----

    >
    > I see people using PGP all the time- they encrypt everything, sign
    > everything, right down to "Hey, man, it's rain'in outside!" Now, I know
    > PGP _looks_ cool, and it _does_ create a certain state of importance
    > around it's user, but don't you think signing/encoding everything by
    > default it a little much? My OS came with GPG, and I think I used it
    > exactly once (when it was actually needed). And that was to sign- I've
    > yet to receive a fully-encypted secret-message.
    >
    > I just thought maybe you guys had the cure to aids or next week's lotto
    > numbers, or the secret ingrediates to KFC encoded amongst yourselves....
    >




  10. Re: What Do You Guys Have That's So Secret?

    "Jem Berkes" wrote in message
    news:Xns93F849BF638C5jbuserspc9org@130.179.16.24.. .
    >
    > Since 2003-09-15, Verisign has modified its root servers that answer for
    > all .COM and .NET domains to return a default Verisign IP address in case
    > the domain doesn't exist.
    >
    > Now let's say a friend or colleague emails you but has a typo in their
    > return address domain name. Your mail (believe it or not, it's true) will
    > be sent to Verisign's mail server.
    >
    >


    Whoa! C'mon! Who said Verisign had the monopoly on all unknown domain names?
    Have you got a link or something to check that out?



  11. Re: What Do You Guys Have That's So Secret?

    "MikeyD" wrote in news:1063735034.91517.3
    @iris.uk.clara.net:

    > I do this, in the hope that everyone will, so that then it doesn't look
    > suspicious when I send something I really want to keep secure.


    And I guess that is the real point for using encryption on a regular basis:
    if you *only* use it when talking about KFC's secret ingredients but *not*
    when discussing the weather, it becomes apparent to anyone monitoring your
    emails that some of them are probably worth closer investigation...

    But if you use it all the time...

    Pete.

  12. Re: What Do You Guys Have That's So Secret?

    On Tue, 16 Sep 2003 21:02:53 +0100, "Gamma3000"
    wrote:

    >"Jem Berkes" wrote in message
    >news:Xns93F849BF638C5jbuserspc9org@130.179.16.24.. .
    >>
    >> Since 2003-09-15, Verisign has modified its root servers that answer for
    >> all .COM and .NET domains to return a default Verisign IP address in case
    >> the domain doesn't exist.
    >>
    >> Now let's say a friend or colleague emails you but has a typo in their
    >> return address domain name. Your mail (believe it or not, it's true) will
    >> be sent to Verisign's mail server.
    >>
    >>

    >
    >Whoa! C'mon! Who said Verisign had the monopoly on all unknown domain names?
    >Have you got a link or something to check that out?
    >


    #1. See slashdot
    #2. Do your own dns lookup. (nothing for .com or .net comes back as invalid
    anymore)

    Man, this is not good....



  13. Re: What Do You Guys Have That's So Secret?

    > I don't want to sound paranoid here, but, anyone else a little worried
    > that Mail Rejector Daemon might someday become Mail Acceptor Daemon?


    Yes, I think this is a very valid concern.

    At the moment Verisign is reading all email addresses that reach bogus
    domains. This is because the MAIL FROM: and RCPT TO: commands are accepted;
    private email addresses _are_right_now_ being transmitted to Verisign from
    around the world.

    It would be a simple matter for them to now actually accept the mail body
    in the DATA command. Or imagine that host gets hacked... WOW.

    --
    Jem Berkes
    http://www.sysdesign.ca/

  14. Re: What Do You Guys Have That's So Secret?

    On Tue, 16 Sep 2003, "Gamma3000"
    wrote:

    >Whoa! C'mon! Who said Verisign had the monopoly on all unknown domain names?
    >Have you got a link or something to check that out?


    Verisign themselves explain it openly in this document...

    http://www.verisign.com/resources/gd...ementation.pdf

    They entered a wildcard A record for .COM and .NET that points at
    64.94.110.11. That means ANY formerly unresolved .COM or .NET domain will
    point to that IP. Period. It's not just email... any fubar domain name
    request for ANY reason will resolve there. They've basically stolen the
    net, and if they have an email server running they absolutely DO have the
    ability to capture and read mis-addressed mail.



  15. Re: What Do You Guys Have That's So Secret?

    On 17 Sep 2003 01:45:17 -0000, Helene De Portes
    wrote:

    >On Tue, 16 Sep 2003, "Gamma3000"
    >wrote:
    >
    >>Whoa! C'mon! Who said Verisign had the monopoly on all unknown domain names?
    >>Have you got a link or something to check that out?

    >
    >Verisign themselves explain it openly in this document...
    >
    >http://www.verisign.com/resources/gd...ementation.pdf
    >
    >They entered a wildcard A record for .COM and .NET that points at
    >64.94.110.11. That means ANY formerly unresolved .COM or .NET domain will
    >point to that IP. Period. It's not just email... any fubar domain name
    >request for ANY reason will resolve there. They've basically stolen the
    >net, and if they have an email server running they absolutely DO have the
    >ability to capture and read mis-addressed mail.
    >


    I wouldn't be surprised if the fbi ran a predator machine at verisign
    if all invalid dns requests go to one spot.

  16. Verisign wildcard domains

    "Helene De Portes" wrote in message
    news:33FJ8XHQ37880.9064467593@bog.lir.dk...
    > On Tue, 16 Sep 2003, "Gamma3000"
    > wrote:
    >
    > >Whoa! C'mon! Who said Verisign had the monopoly on all unknown domain

    names?
    > >Have you got a link or something to check that out?

    >
    > Verisign themselves explain it openly in this document...
    >
    > http://www.verisign.com/resources/gd...ementation.pdf
    >
    > They entered a wildcard A record for .COM and .NET that points at
    > 64.94.110.11. That means ANY formerly unresolved .COM or .NET domain will
    > point to that IP. Period. It's not just email... any fubar domain name
    > request for ANY reason will resolve there. They've basically stolen the
    > net, and if they have an email server running they absolutely DO have the
    > ability to capture and read mis-addressed mail.


    Just read the document, but that doesn't tally: If I go to
    http://www.gjierownvirwgurwigjirwngurow.com/ or
    http://gjierownvirwgurwigjirwngurow.com/ (being a bunch of characters that I
    typed randomly), I get different pages depending on my browser (IE returns
    'Cannot find server or DNS Error', Opera returns 'Could not connect to
    remote server' in a message box). IE said it was connecting to 64.94.110.11
    first, so fair enough, but why don't both browsers get the same Verisign web
    page?



  17. Re: Verisign wildcard domains

    >
    > Just read the document, but that doesn't tally: If I go to
    > http://www.gjierownvirwgurwigjirwngurow.com/ or
    > http://gjierownvirwgurwigjirwngurow.com/ (being a bunch of characters that

    I
    > typed randomly), I get different pages depending on my browser (IE returns
    > 'Cannot find server or DNS Error', Opera returns 'Could not connect to
    > remote server' in a message box). IE said it was connecting to

    64.94.110.11
    > first, so fair enough, but why don't both browsers get the same Verisign

    web
    > page?
    >

    Because they haven't put a web server there, so when IE sends GET /index.htm
    it gets an invalid response and says the server doesn't exist.(or something
    like that. I don't know the http specification) But if they did put a web
    page there, then you would see it for any invalid domain name.



  18. Re: Verisign wildcard domains

    > Because they haven't put a web server there, so when IE sends GET
    > /index.htm it gets an invalid response and says the server doesn't
    > exist.(or something like that. I don't know the http specification)
    > But if they did put a web page there, then you would see it for any
    > invalid domain name.


    Actually there used to be a web server there, although I can't access it
    now from any of the ISPs I have accounts with. Maybe Verisign shut down the
    site, or it collapsed under the load? Verisign's SMTP server is still
    running:

    berkes@arpum:~$ telnet alsfjalsksf.net smtp
    Trying 64.94.110.11...
    Connected to alsfjalsksf.net.
    Escape character is '^]'.
    220 snubby1-wceast Snubby Mail Rejector Daemon v1.3 ready

    --
    Jem Berkes
    http://www.sysdesign.ca/

  19. Re: Verisign wildcard domains

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Hey,

    Gamma3000 wrote:

    > Just read the document, but that doesn't tally: If I go to
    > http://www.gjierownvirwgurwigjirwngurow.com/ or
    > http://gjierownvirwgurwigjirwngurow.com/ (being a bunch of characters
    > that I typed randomly), I get different pages depending on my browser
    > (IE returns 'Cannot find server or DNS Error', Opera returns 'Could not
    > connect to remote server' in a message box). IE said it was connecting
    > to 64.94.110.11 first, so fair enough, but why don't both browsers get
    > the same Verisign web page?
    >


    Just for kicks, I tried your links to see what would happen in my
    browser... and I got the verisign sitefinder website. So it appears that
    they do have a webserver running. I wonder why you guys got different
    results. Could it be where the my specific DNS servers?

    The website I got, for those who are interested is:
    http://sitefinder.verisign.com/

    - -Ylan


    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.0.2

    iQA/AwUBP2tMJkg0R901fZxEEQILKACg4CnPaZJ6ynIz+cAv26vBtP FbfusAn10a
    AuNPcIoxwIO54Dlo7tcADn/d
    =WXLL
    -----END PGP SIGNATURE-----


  20. Re: Verisign wildcard domains

    A long time ago, in a galaxy far, far away, Ylan Segal wrote:
    > Just for kicks, I tried your links to see what would happen in my
    > browser... and I got the verisign sitefinder website. So it appears that
    > they do have a webserver running. I wonder why you guys got different
    > results. Could it be where the my specific DNS servers?


    No, the problem is probably that the web site was getting inundated
    with traffic.

    After some requests get filtered, due to some ISPs changing their BIND
    configuration, cutting down on traffic, it makes it more likely that
    you'll actually get through to the web site.
    --
    output = reverse("ac.notelrac.teneerf" "@" "454aa")
    http://cbbrowne.com/info/oses.html
    Rules of the Evil Overlord #215. "If I ever MUST put a digital timer
    on my doomsday device, I will buy one free from quantum mechanical
    anomalies. So many brands on the market keep perfectly good time while
    you're looking at them, but whenever you turn away for a couple
    minutes then turn back, you find that the countdown has progressed by
    only a few seconds."

+ Reply to Thread
Page 1 of 3 1 2 3 LastLast