PKI structure changes

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - Registry hack to disable password change I used to be able to do this on Windows2000, but do not find the registry settings or the offsets for Windows2003. What I would like to do is be able to set a password on an account, and to not allow anyone at all, including other administrators, to be able to change the password or the account name. I have searched through pages upon pages of articles, but have not found anything. Is this still possible? Tag: PKI structure changes Tag: 96095
  - 2
    - EFS Decryption - Lost Certificate Hi, Sometime back, I had encrypted a folder on my hard drive. In between, I changed my password. Obviously, I was denied access to those files thereafter. So I went back and restored my previous password. Still, I can't access the files. However, when I check Advanced Properties > Encryption Attribute Details, my username is shown in the list of users who have transparent access to the file(s). To add to my woes, I didn't make a backup of the encryption certificate, and XP has no default recovery agent, as I learned later. Is there any way to recover these files? Or are they gone for good? TIA! Tag: PKI structure changes Tag: 96091
  - 3
    - About SCardEstablishContext in Vista Hello: i use SCardEstablishContext in vista,but when i use SCardEstablishContext,the program stop,why can't use SCardEstablishContext in vista? Tag: PKI structure changes Tag: 96087
  - 4
    - Issuing Code-signing Certificate with Private Key Hello group, I am issuing a code-signing certificate from an Enterprise CA. I am currently using the Certificate Services' web interface with the code- signing template. There does not seem to be an option to export the private key, though I understand that is a requirement in Visual Studio 2005. When using ClickOnce, Visual Studio reponds that "The selected file does not contain a private key. You must choose a certificate that contains a private key." I have exported the key using the Certificates MMC. The Certificate Authority is reporting that "the associated private key is marked as not exportable." What am I missing? J Wolfgang Goerlich Related Links: ClickOnce Manifest Signing and Strong-Name Assembly Signing Using Visual Studio Project Designer's Signing Page http://msdn2.microsoft.com/en-us/library/aa730868(vs.80).aspx Tag: PKI structure changes Tag: 96085
  - 5
    - Help PKI installation - lots of questions ! Hello, First, I want to thank those who have already helping me here (Bryan and others....) but I need help again :) I'm not friendly with PKI. So in this post, I sum up all things I done and I ask questions about some steps. Thanks for your help :) I have 7 domains : ROOT.LOCAL. (thoe forest root domain, ressources domain, no user, located at Mexico) AMERICAS.LOCAL. (technical domain, located in Mexico) MEXICO.AMERICAS.LOCAL. (located at Mexico) BRAZIL.AMERICAS.LOCAL. (located at Rio) ASIA.LOCAL. (technical domain, located at Tokyo) JAPAN.ASIA.LOCAL. (located at Tokyo) KOREA.ASIA.LOCAL. (located at Seoul) There are 4 AD sites : MEXICO site (for DC of ROOT.LOCAL., AMERICAS.LOCAL. and MEXICO.AMERICAS.LOCAL.) RIO site (for DC of BRAZIL.AMERICAS.LOCAL.) TOKYO site (for DC of ASIA.LOCAL. and TOKYO.ASIA.LOCAL.) KOREA site (for DC or KOREA.ASIA.LOCAL.) All site are connected with MEXICO (hub site) with 20Mb/s link (uptime 24/7). PKI Target architecture : Three Tier PKI One STAND ALONE ROOT CA called SACAMX00 (SA stand for Stand Alone, CA for Certificate Authority, MX for Mexico not for the domain -machine is in workgroup- but site) Two STAND ALONE INTERMEDIATE CA called SACAAM01 (AM stand for America not for the domain -machine is in workgroup- but site) and SACAAS01 (AS stand for Asia not for the domain -machine is in workgroup- but site) Then, two Enterprise Issuing SA in each domains called ENCAJP01 and ENCAJP02 (EN stand for Enterprise, JP for Japan), same for others domains ENCAKR01 and ENCAKR02 (KR stand for Korea) etc ... Name : ENCAxx0y where xx are code corresponding of domain name. Stand alone CA are secured virtual machines. Name of CA are : - CA Root - AMERICAS Sub & CA ASIA Sub - CA JAPAN Iss1, CA JAPAN Iss2, ... Ok, let's see the installation steps: Installation of SACAMX00 ------------------------ Windows 2003 Standard Edition SP2 with IIS (even IIS is not necessary) Configuration of CAPolicy.inf before CA services looks like that : [Version] Signature= "$Windows NT$" [LegalPolicy] OID= 1.3.6.1.4.1.311.21.43 Notice= "http://intranet.americas.local/pki/cps.asp" [Certsrv_Server] RenewalKeyLength= 4096 RenewalValidityPeriod= Years RenewalValidityPeriodUnits= 20 [CRLDistributionPoint] [AuthorityInformationAccess] Q-01 Is the " " (space caracter) is required ? Q-02 What does legalpolicy section mean ? And what about notice parameter (can I change this parameter later?) ? Why this OID ? Does it show somewhere in my CA ? Q-03 What about Certsrv_server section ? We can configure these parameters laters, after the installation or we have to set its now ? Q-04 CRLDistributionPoint and AuthorityInformationAccess are explicited wrote and left blank. Why ? What's happened if I don't add these sections ? Then, I install CA services. SYSOCMGR /I:SYSOC.INF In the wizard, I specify a 4096 Key and a validity period of 20 years. Q-05 Is it redundant with Certsrv_Server section in CAPolicy.inf ? What was the real utility of this section ? CERTUTIL "CA Root.cer" Q-06 Is that action wich create the cert file ? Without this command, no .cer generated anywhere else ? Or should I specify option - ca.cert ? I map the offline root CA to the AD configuration container CERTUTIL -setreg ca\DSConfig CN=Configuration,DC=ROOT,DC=LOCAL Q-07 The Offline root never communicate with AD, why need we set this parameter ? What about this parameter exactly ? Q-08 Can we do the same action modifying the registry ? Then I configure CDPs. I clear all checkboxes where CRL Delta is mentionned. I have 3 CDP, on local, one LDAP and one HTTP. Q-09 Can I uncheck "Include in CRLs. Client use this to find Delta CRL locations." on all CDP because I don't use Delta CRL in an offline CA ? Or is this option has others consequences ? Then I configure AIAs with a local file publication, a LDAP and a HTTP. Q-10 Is there a difference if I set this parameters using REGEDIT.EXE instead of using Extension tab in the GUI ? Then I configure CRL publication interval. I set 180 days. (left blank Delta CRLs) Q-11 Should I publish again CRL when I change CRL interval ? Q-12 If I change CRL interval, are my certificated already issued still valid ? Q-13 180 Days, does that mean I have to bring online my CA in order to publish my CRL again even if no certificate are revoked ? Or does it expire (when? How to configure it ?) ? Then I modify "HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/ CertSvc/Configuration/Root CA". I set ValidityPeriod to Years, ValidityPeriodUnit with 10. Q-14 Can we set theses options in CAPolicy ? Q-15 Is the CAPolicy.inf file modified by wizards or other after the installation ? Installation of SACAAM01 ------------------------ Windows 2003 Standard Edition SP2 with IIS (even IIS is not necessary) Configuration of CAPolicy.inf before CA services looks like that : [Version] Signature= "$Windows NT$" [PolicyStatementExtension] Policies= AllInssuancePolicy Critical= FALSE [AllIssuancePolicy] OID= 2.5.29.32.0 Q-16 Is PolicyStatementExtension section required ? Why ? Q-17 OID 2.5.29.32.0 was in a exemple CAPolicy.inf file I found. Is it the good OID ? Is there only one OID for subordinate CA ? Q-18 What does critical parameter mean exactly ? It is not a technical parameter. Q-19 Why there are no section with Renewal information ? Because it is set by the Root CA so we don't need to specify here ? Then I insatll binaries SYSOCMGR /I:SYSOC.INF In the wizard, I specify a 2048 Key and a validity period of 10 years. Q-20 Should I prefer choice a 4096 bits key ? (it's an offline root, what is the drawback if I choice a 4096 bits key ? I modify registry as for the Root CA. I set 5 years for lifetime on issued certificates and 30 days for CRL publication (no delta CRL). Then I run CERTUTIL -setreg ca\DSConfig CN=Configuration,DC=ROOT,DC=LOCAL Q-21 Why ? Then I run certutil.exe -v -setreg policy\EnableRequestExtensionlist "+2.5.29.32" Q-22 Is it required even if this parameter is specified in CAPolicy.inf file ? Q-23 What is this parameter exactly ? I can't issue certificates if this parameter isn't set ? I omit certificate request and import/export ioperations. That's ok for theses. Now. If I revoke the subornidate CA certificate. Q-24 I publish CRL now ? Or I have to wait 180 days (I hope not ...) ? (and copy/past crl file in my HTTP point). Q-25 How can I republish CRL in AD ? Offline CA (wich are in workgroup) can check CRL in AD ? I don't think so. And you ? Q-26 Does the Sub CA service detect that its certificate is revoked and do not start ? I test this scenario, and Sub CA still work and chaining is OK. So, how much time this mechanism take ? Ok for Root and Sub. Let's see for Online issuing CA. Installation of ENCAJP01 ------------------------ Windows 2003 Enterprise Edition SP2 with IIS, member of the domain JAPAN.ASIA.LOCAL. Q-27 If an online CA is down, does the roll back to an other is automatic ? Q-28 I want that CA is JAPAN domain only issuing CA for JAPAN users (and even sub domains if I need in the future). I don't want that a MEXICO user can obtain a certificate from MEXICO's CA. Should I use X500 constraints or ACE permissions limitation ? What are the advantages and drawbacks of the two methods ? I don't use CAPolicy.inf file. Q-29 Is it optional ? What can I specify in this CAPolicy.inf file (constraints ?) ? I use theses parameters, 2048 bits key for the CA, 5 years lifetime. And 2 years lifetime on issued certificates. 1 week CRL and delta CRL allowed. Q-30 Can I use Delta CRL even if some of my servers are still Windows 2000 Server ? Then i run theses commands : certutil -dspublish <Root CRT file> RootCA certutil -dspublish <Sub CRT file> SubCA certutil -dspublish <Root CRL file> {Root CA Host Name} certutil -dspublish <Sub CRL file> {Sub CA Host Name} Q-31 In some documentations I found that I maty use -f parameters in addition. Why ? Q-32 When Root CA or Sub CA revoke a certificate, i have to run theses commands again (concerning CRL) ? I configure the Domain Policy GPO in order to publishing the root CA. Q-33 Is this operation is required or is AD automaticaly done this operation with other machanism ? At the moment I don't use KRA agent. But in the future, I will. Q-34 Can i configure all options about KRA later when the need will be more hurry ? Or should I configure that now ? I have many more questions about KRA and other. But if I can have answer of theses question, it will be great ! Sorry for my poor english, and thanks for reading until there ! -- P.J.A. Tag: PKI structure changes Tag: 96083
  - 6
    - Preventing Kerberos Ticket Expiration I have two MS Virtual Servers that are running in production. I keep an exact copy of the VM's on disk for disaster recovery purposes. All my DR restoration tests have failed because the Kerberos ticket expires between the time the copy is made and the time the copy is restored (from 1-4 weeks in the tests.) A copy that is restored within a day works fine. So I need a way to disable the expiration of the Kerberos ticket for these specific VM's. Is it possible to create a new Kerberos policy that over rides the default domain security policy? Is this the best way to do this? Are there any other options? Thanks, Joe Tag: PKI structure changes Tag: 96074
  - 7
    - Buy viagra where order Viagra online Buy Generic Viagra Buy viagra where order Viagra online Buy Generic Viagra http://www.buy-viagra-where.info/ http://www.buy-viagra-where.info/ http://www.buy-viagra-where.info/ VIAGRA for only $1.50 per pill, free shipping and visa accepted CIALIS for only $2.07 per pill, free shipping and visa accepted LEVITRA for only $2.54 per pill, free shipping and visa accepted ACOMPLIA for only $1.79[/b] per pill, free shipping and visa accepted http://www.buy-viagra-where.info -- Buy viagra where and Buy where Viagra and order Viagra online from www.buy-viagra-where.info. Buy Viagra from leading online pharmacy and we provide cheap Viagra by online order at affordable cost. Buy best quality cheap Viagra, buy online Viagra and order Viagra from us Order Generic Viagra (Sildenafil) Generic Viagra 50 mg (Viagra(R) equivalent) Tag: PKI structure changes Tag: 96073
  - 8
    - ActiveX Control Vulnerability My research takes me to a wide variety of web sites. I am running Win XP sp2, IE 7, Kaspersky Internet Suite, Spywareblaster and Linkscanner. To protect against the threats inherent in activex controls I disabled the security setting in IE 7 for â??runactivex controls and plug-insâ??. While most web pages still load 'adequately', my problem is with video files. Many (if not most) do not run unless I re-enable the setting. Setting a register bit (a suggestion by some experts) is too complex. Will switching to Mozilla (no activex problem) solve my problem? Is there a way to keep IE 7 and avoid the security issues and inconveniences of the activex controls? Any suggestions would be greatly appreciated. Thanks, Bryan Tag: PKI structure changes Tag: 96072
  - 9
    - M-I 5.Persecution - B BC Newscas ters Li e & Den y Theyre Watch ing Me MI5 Persecution: BBC. Newscasters Lie & Deny They're Watching Me Central to the persecution campaign. waged against me for some nine years now by the Security Service is their use of the media, and in. particular the broadcast media,. to make clear to me that I am under surveillance and being watched. within my own home, even by BBC newscasters while they read the news. This is really an act of arrogance;. MI5 and their tools in the television and. radio are so sure that they can never be caught, that they have many times made. explicity clear on broadcast programmes that they are as. capable of seeing me as I am of seeing the broadcast pictures. Even when they have known I. am taping the programmes they still carry on this practice; for examples of TVand radio presenters caught. "in action", see the Evidence. area of my website. If you wish to reply. to this article...... then please include your name and fax. number! I provide the means for recipients to send me their thoughts on the. topics discussed, but ask that you provide me with your fax number or email address if. you require a response. Also would you please send not more than one or two. pages, if by fax.. Thank-you! It started with a Newscaster, and it continues. with Newscasters today The very first incident in the story started with. a reaction by an ITN newscaster, Sue Carpenter, in June of 1990, almost nine years. ago now. She reacted to what she saw in my living room at home as she read the. news. My mother had brought an apple for me into. the room, whereupon the newsreader smirked and giggled, apparently finding this funny. I couldn't. believe what I was seeing. I. carried on watching news and other television programmes to. see if presenters would show signs of "interactive watching"; to my surprise, this happened again and again. Unfortunately,. I did not have my wits sufficiently about me. to videotape these programmes, and it is now almost impossible to obtain recordings dating. back to 1990. However, I have been busy recording everything Ive watched the last. couple of years, and. the taping has yielded some nuggets, which you will find if you point your Web browser at the "evidence" area of my website,. whose URL address is given above. Strangely it. is not particularly the BBC who are "after me" at the moment (with the exception. of occasional fire from Nicholas Witchell), but that supposed paragon. of virtue and decency Jon Snow of Channel Four. TV News (he actually works for ITN), who once claimed hed turned down MI5s offer of a tax-free. salary. I will cover Snows recent actions in a. future article. BBCs Hidden. Shame The first ever Usenet post (internet newsgroup article) on the. subject of the MI5 bugging / BBC watching occurred, as stated in. a previous article, in early May 1995. It is. reproduced here; Date: Thu May 4 18:27:24. 1995 Newsgroups:. alt.conspiracy Subject: BBC's. Hidden Shame Remember the two-way televisions in. George Orwell's 1984? The ones which watched you back? Which you could never get rid of, only the sound. could be. turned down? Well the country which brought Orwell into the world has. made his nightmare follow into the world after him. Since 1990 the British. have been waging war against one of their own. citizens using surveillance to invade privacy and a campaign of abuse in the. transmitted media in their efforts to. humiliate their "victim". I suppose "BBCs Hidden Shame" is more of a wish than. a fact. It may be hidden, but the BBC and other media. and security organisations seem to have. no shame whatever in their anti-social, not to say criminal, actions. Nor. do the general public, who seem quite happy to parrot the vilest. obscenities without much hesitation or apparently thought. Martyn Lewis,. Nicholas Witchell and the rest Most of. the harassment occurred in 1990-92, when I wasnt making any recordings, and the BBC wont release copies of current affairs. programmes from that period.... so although I can remember there were many. incidents in that time,. even many specifics, I cant dig up the actual programmes to flesh out the. bones. This year,. there has been at least one incident with Nicholas Witchell as newsreader, which I have successfully recorded and. digitized, i.e. converted into a computer Quicktime movie file.. This has not yet found its way onto my website (Im a busy man,. dontcha know) but you can be sure I will let the readership of these articles know when that. clip makes it onto the web.. The Witchell clip was recorded on Saturday 10 April 1999 at 7pm, and shows Witchell trying to restrain his features from. collapsing into a smirk. First his. upper lip quivers for several minutes, then with the non-excuse of a. non-joke his entire face twists into a grin. It looks as if he finds me. so funny, that he allows himself to submerge any pretence. at professionalism in a sea of MI5-inspired sarcasm and harassment. The two BBC newscasters whose reactions to me I. can remember most vividly over the. years are Martyn Lewis and Nicholas Witchell. I can remember thinking years ago that Michael Buerk. was also seeing me at home; and if the other two are watching then there would be no reason why. he wouldnt be doing the same; but in. all honesty I cannot remember a single clear instance of his reacting. through facial or verbal expression to me. I can remember. several instances of Martyn Lewis reacting to what he saw of me, however. In early 1992 I was watching the BBC news. with Lewis on a small black-and-white portable TV at. my then home in Oxford. I threw a term of abuse at Lewis; he flinched, then gave a. grin and made a comment from which I understood that he had been on my side, but might. have changed his mind as a result of what Id just said to. him. And. in spring 1991 I remember Martyn Lewis clearly reacting to what he saw of me at my then accommodation. in Woking, Surrey, by continuing to stare at some fixed point near the camera after the news had. finished - presumably this is where the monitor. interactively showing pictures of my room. was located. Why would BBC and other Newscasters Watch and Harass Me,. Watching Them? This is a very difficult. question, and I dont actually know the answer. It is a matter of record that the Secret Services are very much part of. the Establishment.. The recent exposure of the "MI6 Agent List" on the internet, and its coverage in the newspapers, reveals how much. MI5 and MI6 are recruited from the ranks of the Establishment.. Obviously the relationship is bi-directional; the. Establishment influences MI5/MI6, but the secret services (well, perhaps not so secret now we know. who works for MI6!!!) also. influence the machinery of power and information dissemination i.e. media in this country. So they must have a. lot of covert leverage with the BBC and. ITN. Some of this leverage is. obviously through bribery. It is a matter of record that. MI5 tried some years ago to "buy" Jon Snow of Channel Four TV. He turned them down - obviously they must have approached. other media people. as well, and from the lack of other reports of people turning them down, it may be presumed that some other journalists will have. accepted the sugared carrots put before them. Ironically, Jon Snow has. been taking part in the recent "watching" actions against me - but. why he has allowed himself to be used by the secret services is something which I do. not know. Perhaps. the Security Service uses blackmail to twist arms of journalists into co-operating with them? I have always thought there was. something slightly odd about. Martyn Lewiss demeanour. At the time of the Ron Davies "rough trade" scandal it was reported that MI5 had known all about. Davies predilections and the sham of his pretence to. be a happily married man. Perhaps. MI5 have been able to dig something up from Martyn Lewiss private life to blackmail him into acting on their behalf? And. if there wasnt anything before the "newscaster watching" started. then there most certainly is something now.... once. theyve started watching, the newscasters will surely wish their activities to. remain covered-up, and co-operate with the. security service. "Newscaster Watching". Deliberately Constructed to Mimic Schizophrenia Presumably this is. the first case in history of television journalists actually taking. part in acts of real-time, live spying and reacting against one of their viewers. What you have to understand, though,. is that I was quite mentally healthy in June 1990, certainly relative. to November 1992, when after two and. a half years of harassment I was finally admitted to hospital as an out-patient. MI5 decided from the outset. that they would make me. mad; they constructed the media harassment to resemble what would be reported by a. person with mental illness; and then they carried on years of abuse to inflict on me the condition which they wished to. use as an excuse. to cover up their abuses. I sold my. portable TV in autumn 1990 and stopped watching television regularly. I realise now that this may have been a mistake. What. I should have done was to watch TV and listen to. the radio, but tape-record everything and make a. note of what each excerpt meant to me. I would then be in a much stronger position as regards to. evidence that I am now. That is what I am trying to do now,. but unsurprisingly the TV/radio presenters have stopped getting at me, now they. know they are being recorded. When I started publicising my case on internet newsgroups in. 1995, I was met with the disbelief one might expect to be. accorded to a mentally ill person who talks about "newscaster watching". and media persecution. Some newsgroup participants thought. I had started a "troll", an invention made to obtain a reaction; one. bright spark even suggested a group of psychology students were. behind the articles. But most people thought the articles were symptomatic of. derangement - and that is exactly what MI5 want people to think. MI5 chose me as a target. because I was mildly mentally ill at the outset. in 1990, although I stress my illness then was very mild in comparison with November. 1992, and because they knew that enough abuse would (a). make me much more seriously ill, and (b) once I was more. ill, they would "get away" with a harassment deliberately constructed to look like the symptoms of paranoid. schizophrenia. Martyn Lewis Denies. & Lies, But Wont in Writing In February 1997 I wrote to BBC Viewer & Listener Correspondence and. asked them. to investigate the claim that their newscasters had engaged in "real-time spying". on me. They replied that they had asked Martyn Lewis and Michael Buerk. whether they had engaged in such practices, and that they had. both made verbal denials to VLC, but were refusing to put their denials. in writing. To me it looks as if Lewis and Buerk are happy to lie verbally. but not in writing, because written falsehoods. would place them unambiguously in the wrong, whereas they can try to. talk their way out of verbal lies if they are ever caught, or perhaps. even deny the verbal lies completely? If they lie without. shame, then why would they have any shame about future lies about. lying? BBC-VLC also said that. the BBC "would never engage in any form of surveillance. activity" such as that described. Clearly Martyn Lewis and the rest have lied to their own organisations personnel about. their criminal actions. So much for. the "objective", "truthful" BBC, a nest of shabby. liars. Summons against. the BBC, for Nuisance caused by Newscaster Spying In March 1997 I issued a civil summons against the. BBC, seeking injunction against. further "newscaster spying", and token damages for what the BBC had done to me until that date. The purpose of the summons was to try. to "smoke out" the BBC, since obviously I did not. have good evidence which would be necessary for either a. civil or criminal case to be made against them. My summons was worded. as follows; 1. The plaintiff is and was at all. material times residing at [home address].. At some time prior to or during June 1990, persons of unknown identity. entered Plaintiff's premises and installed concealed television equipment in. said premises. 2. A campaign of harassment was. launched against the Plaintiff by the persons of unknown identity, which. in part took the form of instigating harassment. by BBC TV newscasters (including specifically Michael Buerk and Martyn Lewis) as they. read news bulletins, by making direct and personal comments to. Plaintiff. 3. The campaigns purpose was to subject Plaintiff to great mental. stress and induce mental breakdown. As a result of it Plaintiff. did indeed suffer from severe mental. strain in 1990-97. 4.. In order to avoid the mental strain being caused to him the Plaintiff has been compelled. to stop watching BBC TV news. Defendant therefore committed the tort of private nuisance, since normal use. of home was interfered. with. 5. Plaintiff claims a. permanent injunction prohibiting further nuisance, and damages for nuisance suffered limited. to 5,000. Naturally, my attempt to smoke-out the. BBC and its lying newscasters failed. The BBCs litigation department sought to have my. summons struck out; and they succeeded in doing so, on the grounds of my. action "disclosing no reasonable cause of. action". I was also prevented from issuing further civil claims. against the BBC without leave of the Court. Apparently litigants-in-person frequently / usually. have their claims struck out with this wording,. regardless of the merit of their claims. BBC Suppresses my Claims of "Watching by. Newscasters" BBCs staff. magazine Ariel ran my advert "BBC Newsreaders Spying on my home" for one issue in the Personal. category on 8/July/1997 before it was spotted and axed by editor Robin Reynolds; please. see webpage;. http://www.pair.com/spook/evidence/plaint/ariel.htm Clearly the BBC will not allow claims of its wrongdoing to be. made public in. the media channels it controls. On several occasions people said to my face that harassment from the. TV was happening. On the first day I worked in. Oxford, I spent the evening in the local. pub the Rose and Crown with the company's technical director Ian, and Phil, another employee. Ian made a few references to. me and said to Phil, as if in an aside, "Is he the bloke who's been on TV?" to. which Phil replied, "Yes, I think. so". The reader. might think that mere "watching" by newscasters etc might be a relatively benign happening. But it is not; it is part of. MI5s framework of harassment and lies. On. many occasions the reactions of the BBCs newscasters to me has been. in the nature of sarcasm, implicit contempt and abuse. This is visible in Witchells. news programme mentioned above, where he engages in abuse by laughing at me during his newsreading.. It was particularly visible in the early period of 1990-92,. and as late as Autumn 1993, when during a Newsnight broadcast Jeremy Paxman. interviewed a football person about soccer hooliganism, and the interviewee gave vent. to an unsubtle rant. about "theyre idiots, theyre just idiots, keep up the surveillance". Paxman started grinning,. showing he understood and was taking part in the abuse being perpetrated on. that programme. Conclusion The. MI5 Persecution started with harassment by television newscasters, and today harassment by TV and. radio presenters still forms a key part of MI5s activities against me. When this business started in June 1990 I was. in relatively good health of mind. Years of persecution by the. secret police and their mouthpieces. in the state-run BBC and other media eroded my health until MI5 achieved their aim of seeing me rendered mentally. ill in November 1992.. The diagnosis which was forced on me unfortunately and ironically meant. that my reports of the harassment are disregarded, because the mentally ill are second-class citizens in. todays Britain. Yet TV and radio harassment continues, albeit in a reduced. form, despite my taping all the programmes I. watch, resulting in my being able to obtain and demonstrate. objectively on the website instances of media presenters attacking me. Unfortunately these. recorded instances are quite tenuous; I might understand them, the presenters understand what. it is theyre doing, but despite many thousands of. people knowing the truth of the "newscaster watching", the omerta. continues and they continue to refuse to admit the truth of the matter. It is a terrible indictment of. British society that there is not even one decent person willing to speak out.. I look forward to the day when the truth does finally emerge, and the mass. corruption which has allowed the MI5 persecution to take place. is finally purged and the Establishment. criminals caught and appropriately punished. 5385 Tag: PKI structure changes Tag: 96071
  - 10
    - M'I.5 Per secution , Fou r Ye ars of MI5 Persecuti on Po sts on Internet Newsgroup s Four Years of "MI5 Persecution" Posts. on Internet Newsgroups For. approximately the first three years of the MI5 persecution, from June 1990 until late. 1992, I kept as quiet as possible, in the hope that by not reacting,. MI5s interest in me would decrease and they would simply go away of their. own accord. This is the sort of behaviour some people employ against bullies; if the. bullies arent getting a reaction, then they might simply go away and victimize someone. else. Unfortunately, this tactic. didnt work. The quieter I became, the more shrill and hysterical the noise from the Security. Service operatives. For about two years. I didnt watch TV news at all. Yet this only heightened their obsessed fixation; they continued to follow me. wherever I went, they continued to induce harassment. at work by managers and fellow workers, and they continued. to encourage me to commit suicide. They seemed to regard my refusal. to react as a crime which they would have to "put right" by ever more extreme forms of. abuse. Finally, in 1995, I changed tactics radically. Since late. 1994 I had had accounts with internet. providers in Ontario, Canada. I discovered the cornucopia of internet. newsgroups, on every topic from consumer electronics,. to politics and legal topics, and I discovered online services such as Compuserve and. AOL. In May 1995, I made the first posting to the conspiracy newsgroup, on the. subject of "BBCs Hidden Shame". BBC's. Hidden Shame The internet newsgroup discussion, which has now reached its. fourth anniversary, started with. an article in alt.conspiracy, which I reproduce here. Date: Thu May 4 18:27:24. 1995 Newsgroups:. alt.conspiracy Subject: BBC's Hidden. Shame Remember the two-way televisions in. George Orwell's 1984? The ones which watched you back? Which you could never get rid of, only the sound could. be turned down? Well the country which brought. Orwell into the world has made his nightmare follow into the world after him. Since 1990 the British have been waging war against one of. their own citizens using surveillance to invade privacy and a campaign. of abuse in the transmitted media in their efforts to. humiliate their "victim". And the most remarkable thing about it is that what they. do is not even illegal - the UK has. no laws to protect the privacy of its citizens, nor does it proscribe harassment or. abuse except in the case of racial abuse. A lot of people in England know this to be going on, yet so far they have. maintained perfect "omerta"; not a sound, not a squeak has escaped. into the English press, and for all the covert harassment. absolutely nothing has come out into the public domain. Have. the British gone mad? I think we should be told At this point, I did not name MI5. as my persecutors. I was still unsure that they were the ones. responsible for the "psychological terrorism". In followup posts however. I did name them; and the persecutors have never denied. the claim; so I think my guess is valid. (The Security Service Tribunal in 1997 have said "no. determination in your favour was made", but it is a. well established fact that MI5 lies routinely to the Tribunal which has never. found in favour of a plaintiff, so no conclusions can be drawn. from this.) This first. post was made to alt.conspiracy, but further posts were made to the UK-local newsgroups,. in particular uk.misc but also uk.legal and uk.politics (which is now called uk.politics.misc). Some time ago I. tried to take the battle to the Compuserve forums,. UKPOLITICS (which is now called UKCURRENT - current. affairs), but my articles were censored by the forum operators.. Such censorship is impossible on the internet newsgroups. Police Refuse. to Act I have complained several. times to the Metropolitan Police, who have each time refused to. help. From:. Green <Green@guidion.demon.co.uk> Newsgroups:. uk.misc,uk.politics,alt.politics.british,soc.culture.british Subject: Re: MI5 Persecution: Why Aren't the British Police. Doing Their Job? Reply-To:. Green@guidion.demon.co.uk Date: Sun Apr. 7 21:13:30 1996 In article. <DpIE0r.736.0.bloor@torfree.net> . bu765@torfree.net "Mike Corley" writes: >Last Easter (1995) I went into the local police station in London and spoke. to >an officer about the harassment against me. But. I couldn't provide tangible >evidence; what people said, in many cases years ago, is beyond proof,. and >without something to support my. statements I cannot expect a police officer to >take. the complaint seriously. This in itself dos not suggest that the police have it in for you. The. old bill operates on extremely tight. spending limits forced on them by that pillock Michael Howard, and without evidence, they often have higher. priorities than chasing something that cannot. go to court. I doubt. that the police are actually being leant on, but they probably realise that if they looked into this, they would. be leant on hard. The met always stays away from anything. that looks like it has Defence, Security or secret service interest already, because they realise that they are. below these government agencies in the general pecking. order. If I walked into my local nick and. complained that MI5 were snooping on me, they would show me the door without. even looking at my evidence, because that bored desk seargant with only five years to go. before he retires doesn't want to start fucking about with somebody who has incurred the wrath of Stella Rimington.. He would rather deal with the lost dogs and driving licence producers, eat. his cheese and pickle sandwiches and piss off home at. the end of his shift than have some high ranking spook having a go at his boss and getting him a. bollocking. In. short, you have earned much sympathy but little surprise. Just remember that saying about the enemy of your. enemies. Most recently, I wrote in March 1999 to Charing. Cross Police Station CID. They. did not acknowledge or reply to my letter. When I phoned them up,. the detective Id written to treated me to a sadly not unusual display of police bigotry, with. an uneducated rant about "your paranoid rubbish". It would be nice to think that such uneducated bigotry is . something other than wholly typical of police behaviour, but unfortunately that is. an illusion that is. rapidly dispelled. Uncorruptible Jon. Snow of Channel Four News From previous articles the reader. will know what I think Jon Snow has recently been watching me. while he reads Channel Four News in the evening. Recently I digitized a few moments of one. such broadcast, where his face twists into a smile, without there. being anything in the news broadcast to cause merriment. Here is a usenet. post from some time ago on MI5s "bought and paid. for" tools in the so-called "free" press. Peter. Harding (harding@ermine.ox.ac.uk) wrote: : I was at speakers' corner on Sunday. There was. one chap who was bellowing : about something or other, I don't know what, but one. thing he said to : someone. caught my ear: : "BBC, MI5,. same thing." Can't disagree with that. sentiment. Wasn't it. documented that MI5 sometimes "bought" journalists and broadcasters? I remember reading a report by some jouralist who. had been offered an extra tax-free income by MI5. to become their covert mouthpiece, and had refused. ............................................................................. > : >mouthpiece,. and had refused. >. : > : It was Jon Snow. of Channel 4. > > Was it. reported in any of the papers? It has been reported. several times. The most recent was in Private Eye, a few months back. As. I recall they also wanted information from him; journalists would be. a natural choice for members of the Security Service and the. Secret Intelligence Service for information sources. > It might be interesting to see what he had. to say regarding their >. attempt to recruit him. He was most concerned. that many others would have accepted such an offer. However, we can probably make an educated guess as to. some of those who accepted: Nigel. West (Rupert Allason, MP) and Chapman Pincher would. come near to the top of the list. -- \/ David. Boothroyd. Socialist and election analyst. Omne ignotum pro magnifico. British Elections and. Politics at http://www.qmw.ac.uk/~laws/election/home.html I wish I was in North Dakota. Next General. Election must be before 22nd May '97 The House of Commons now. : C 324, Lab 272, L Dem 25, UU 9, PC 4, SDLP 4, SNP 4, UDUP 3, Ind 1, Ind UU 1, Spkrs 4. Government. majority = 1. Telephone Tate 6125. Corrupt Security Service agents steal. millions from taxpayers Money is of course a factor in. the grand equation which is the MI5 persecution. It. costs money for the Security Service to "buy" people in the media etc. But that. is only a small part of their expenditure of taxpayers resources. Most of the expenditure is. directly on the salaries if the. agents involved; and in this post I put forward the theory that MI5 are trying to draw out. their involvement for as long as possible, very cynically, to maximise. their income and line their own pockets. At. each stage they have tried to pretend that I am something out of the ordinary. Either I was very stupid ("he's an idiot") or very clever ("he's. like a genius"). Either I was. a threat to Western civilization (Levin once referred to me as the next Hitler) or. I was completely defenceless ("a soft toy"). Now, it should be obvious to any. person with common-sense that I am not out of the ordinary in. any way. I have an IQ which is average for the Web, I am racially white European, and there are plenty of other people with schizophrenia or. epilepsy out there who haven't been targeted for MI5 attention,. so why me? I think the answer is that the MI5 agents. who harass me have cynically exploited the situation by painting me as extraordinary in order. to assure themselves of well-paid employment. funded by the ordinary British taxpayer. To put it bluntly, they are stealing millions of pounds from the. taxpayer to feed their own pockets. This assertion is. supported by the observation that it's the same agents who are doing the. harassment. Six months ago in a local hospital I was harassed by someone whose face I had seen (he had stared straight at me aggressively, at the time. I just thought it was some nutter but it turns out he. was one of "them") aboard a KLM flight a couple of years ago. It's presumably been the same people most of the time. I've seen the. way contractors act when they don't want their. positions terminated. Would these agents really want to. lose their well-paid employment harassing me? Presumably they are promising their bosses a "breakthrough" (ie. my demise) real-soon-now and have been for the last seven. years, while all the while these MI5 agents skim millions off the. taxpayer. I wouldn't mind a job like that. Perhaps if. I persecute myself a little bit, like standing in front of a mirror and shouting mindless obscenities,. do you reckon I'd get a slice of the caky Service. Tribunal. This year Nick Brooks, current Tribunal Secretary, confirmed to me that he could not think of a. single case where the Tribunal had found in favour of. a complainant. Here is my usenet post. from two years ago. Subject: MI5: "It. wasn't us" Newsgroups:. uk.misc,uk.legal Organization:. Toronto Free-Net "The Security Service Tribunal have now. investigated your complaint and have asked me to inform you. that no determination in your favour has been made on your. complaint." Signed. ER Wilson, Tribunal Secretary Well that's a relief then. All. that spamming for nothing eh. Gaw blimey, if they say they're not doing it then. it can't be them, can it? In a recent letter to Mr Brooks I expressed the. opinion that the Tribunal were unable to fulfil their responsibilities in the face. of MI5 falsehoods. Nevertheless,. I do intend to make another complaint to the Tribunal in the. near future, despite the Tribunal appearing to be a toothless. watchdog. Discrimination. against a Unit Minority MI5 have been very clear in their instructions as to. what I should do. They have openly shouted at me the. word "suicide", and also from the other abuse it is clear that they want. my existence terminated. This point is covered in more detail in a. previous article. The following post describes the xenophobic nature of MI5s campaign. against me. They have refined their bigotry. down to a unit minority, yet they make use of the discrimination against the mentally ill which is a feature. of current British. society. Subject: Re: MI5 says. "Kill Yourself" Newsgroups:. uk.misc,uk.legal,uk.politics.misc,uk.media References:. <zlsiida.4248.3258FE24@fs1.mcc.ac.uk> <53eeev$cmg@axalotl.demon.co.uk> Organization:. Toronto Free-Net Distribution: iain@hotch.demon.co.uk (Iain L M. Hotchkies) wrote: >Indeed. If you've ever had a. 'conversation' with someone suffering >from florid schizophrenia, you'll know how. difficult it can be to >'argue'. with them. I don't. have florid symptoms. But I'm in a difficult situation, because those people who don't. know, aren't going to believe, and those who do, they just go along with the crowd. It's never a good idea to go against the grain, and. the grain here is defined by interests in the establishment. and the media. Even people who could say out loud what. was happening won't, because then there's a risk that they'll. be seen as traitors and ostracised. Usually this type of 'hidden abuse' is racial. and targetted at a racial minority within a country. You keep the minorities out of the. good jobs, but you don't admit discrimination exists. It happens everywhere,. not just in Britain. The persecution. that is going on now is in reality a refined form of racism. Instead of "nigger" it's "nutter", and. abusing the mentally ill is still socially acceptable today. In. 50 years it might not be, but today there isn't. any social or legal sanction against it. So really they've refined racial harassment down. to a minority of one. The words may be different, but the methods are the. same. 3915 Tag: PKI structure changes Tag: 96069
  - 11
    - M`I,5`Persecution ` MI5 Wast e Taxpayer Milli ons on Poin tless Hate -Campaign MI5 Persecution. Update: Friday 30 April, 1999 If You Intend To Reply,. Please Read This Please.... keep your response to one page!. Faxes over. a page or two will be deleted without. being read. Somewhere between 0 and. 100% The. last few days there have been no clear recordable instances of abuse. However, while travelling on. the Underground, while walking around near my home and going to friends. homes, I am constantly troubled by thoughts that those people over there. might be about to get at me; that the couple sitting in the. opposite seats laughing are in fact laughing at me; et. cetera, et cetera. A comment by a scientist to the BSE. inquiry sticks in my mind. He described the possible scale. of the epidemic as "between 0% and 100%". It might not be happening, it. might not happen at all, to any discernable degree.... or. it might be total. Without clear recording, which seems to have become impossible. the last couple of weeks, there is no way of knowing whether the harassment really is continuing,. whether we have entered a temporary hiatus, or whether perhaps. it has perhaps stopped for now. But for the time being I think there. arent any reasons to dicontinue these faxes. I only re-started them six weeks ago in response. to a resumption of MI5 harassment; and I think I will need. to be more convinced of absence of persecution before I. discontinue my complaints. The Newscasters. are still watching In the last few weeks there have been at least a couple of. fairly overt instances of "interactive watching". by newscasters. I reported this in a previous "MI5 Persecution. Update". These. instances are really very rare compared to 1990-91, when there were many dozens. of such occurrences. Undoubtedly the reduction is due to my practice of videotaping everything I see. Recently I had the. opportunity of showing this years "happenings" (Jon Snow/Nicholas. Witchell) to my psychiatrist, and he agreed that in both cases the newscasters. were expressing merriment without visible cause,. and that objectively it might be possible for my claims to be. true - although of course other people reported similar thoughts to him, and. this thinking is usually a symptom of. illness. Read About the MI5 Persecution on the World. Wide Web The March 1998 issue (number. 42) of .net Magazine reviews the website describing it as an "excellent site". Since August 11, 1996. over 50,000 people have. browsed this website. You are. encouraged to read the web pages which include a FAQ (frequently asked. questions) section outlining the nature of the persecutors, their methods of harassment through the. media, people at work and among. the general public an evidence section, which carries audio and video. clips of media and workplace harassment, rated according. to how directly I think they refer to me objective descriptions of the. state security agencies involved scanned texts of the complaints I have made to media. and state security agencies. involved posts which have been made to netnews over the last four years. on this topic Keith Hill MP (Labour -. Streatham), my elected representative, as ever refuses to. help. MI5 Waste Taxpayer. Millions on Pointless Hate-Campaign Recently I. was talking to an independent observer about the nature and purpose of the perceived campaign of persecution. against me. The person I spoke to, a highly intelligent man, said he was struck. by the utter pointlessness of the perceived campaign against me. He also. said that, if my theories were in fact true, many people. would have to be involved, in the surveillance itself,. and in the technical side of the delivery of information from my home to. TV studios for example, if the "interactive watching" were happening. as described. He voiced these thoughts without any prompting from me;. but both I and other observers had arrived at pretty much the. same conclusions, some years ago. I saw a team of four. men at Toronto Airport in 1993 To carry out the surveillance alone, full-time, would employ four. or five men, or their equivalent in terms of man-hours.. Each man would "work" an eight-hour shift, so you would need at least three men doing. the surveillance, plus a connecting link /. manager. An indicator that this estimate is correct arrived in. 1993, when I was accosted by one of a group of four men at Toronto. Airport; he said, laughing, "if he tries to run away well find him". Plainly these were the men who had been. involved in the intrusive surveillance of me for the. preceding three years. On other occasions, I have seen the same man on two or three. occasions. On one such occasion, at. Ottawas Civic Hospital in November 1996; he gave his name to the doctor as "Alan Holdsworth" or. some such; my hearing is not very good sometimes and. I am not sure of the surname, although I am sure "Alan" was his first name. I saw exactly the same man again in. Ottawa, at the airport, in July 1998. Obviously, other people must. be "working" with this person; he would not. be the sole agent employed in this case. Usenet. readers views on the Cost to MI5 of Running the Campaign Here's what a couple of. other people on internet newsgroups / Usenet (uk.misc) had to say regarding the cost of running. such an operation... PO: >Have some sense, grow. up and smell reality. What you are talking about PO: >would take loads of planning, tens of thousands of pounds. and lots of PO: >people involved. in the planning, execution and maintenance of it. You PO: >must have a very high opinion of yourself to think you are worth. it. and...... PM: >But why? And why you?. Do you realize how much it would cost to keep PM: >one person under continuous surveillance for five. years? Think about PM: >all the man/hours. Say they _just_ allocated a two man. team and a PM: >supervisor. OK., Supervisor's salary, say,. #30,000 a year. Two men, PM: >#20,000 a year each. But they'd need to work in shifts. -- so it would PM: >be six men at. #20,000 (which with on-costs would work out at more like PM: >#30,000 to. the employer.) PM:. > PM: >So, we're talking #30,000. x 6. #180,000. plus say, #40,000 for the PM: >supervisor.. #220,000. Then you've got the hardware involved. And PM: >any transcription that needs doing. You don't think the 'Big. Boss' PM: >would. listen to hours and hours of tapes, do you. PM:. > PM: >So,. all in all, you couldn't actually do the job for much less than PM: >a quarter million a year. Over five years. What are. you doing that makes PM: >it worth the while of. the state to spend over one and a quarter million PM:. >on you? Those are pretty much the sort of calculations that went. through my head once I stopped to consider what it must be costing. them to run this operation. At the very least,. a quarter million a year - and probably much more, given the intrusive and. human-resource-intensive methods employed. Times nine years. Equals well over two million pounds. - and probably. much, much more. Its wasteful for someone with my skills. to be unemployed The wastefulness of the MI5 campaign. against me is not just that of futile expenditure on their side. It. is also extremely wasteful for someone with my talents to be unemployed and on. a disability pension. I am highly qualified in numerate. disciplines, yet am unable to work, specifically because of the MI5 hate-campaign against me. It is. a terrible waste of resources for a supposedly efficient economy. like that of the UK to be squandering the talents of a skilled and. capable worker. I made. every effort to remain in employment for as long as I could, but ultimately I. was defeated by MI5s employment of massive resources specifically. targeted on my workplaces with the sole aim of seeing me evicted from those. workplaces. You might expect this sort of behaviour from the Stasi or some other secret police. force in a communist country where labour is cheap, and the. governments aim on seeing its citizens confined; but for a supposedly free and efficient. economy like Britains, the wastefulness resulting both directly and indirectly. from the Security Services activities is simply criminal, and should. never be allowed. The international dimension means the costs are multiplied many. times overoer had any sense, then they have surely taken leave of them over. the last. nine years. Four years of persecution. in Canada The persecution re-started within less than five minutes. of my arrival in Canada, as. documented above, and in the "frequently asked questions" article on the website. The words, "if he tries to. run away well. find him" spoken by one of the harassers at Toronto Airport are now imprinted. on my mind. A year later I emigrated to Canada, intending to. find a job and settle there, hoping. that MI5s interest in me might dim with time. I did manage to find work there, but my hopes. of avoiding Security Service interest were ground into dust. As detailed above, I. saw the same man in November 1996 and July 1998, both times in Ottawa. Apart. from these encounters, there were numerous incidents between 1994 and 1998 of. harassment, of an identical nature and in most cases using identical words to what. had occurred. in the UK. It became quite clear to me that the permanent surveillance and harassment operation which MI5 had subjected me to. in England was being. continued. For a team of four or five men to be employed overseas must. cost a lot more than if they. operate in their home country. And for MI5 to continue the operation for a period of over four years,. continuously, must cost many hundreds. of thousands of pounds. This confirms my belief that the state is funding the campaign against. mehat the Security Service receives current annual funding of #160M. Divided by 1850 staff, works. out at #86,000. But. the unit annual cost of each "watcher" must be much higher than this, especially given the frequently mobile and overseas. nature of their actions of the last few years. A very conservative figure might. be a little over #100,000 pa for each of a team of five people, or. half a million pounds. per year. For nine years, so far. So the most conservative estimate of the surveillance element alone is perhaps. four or five million pounds since. 1990. This. guesstimate is of course theoretical - I am not privy to inside details of how MI5 split their funding. But to take. some other examples, the cost of a US counter-surveillance specialist. per day is USD 5,000. Even if the agents permanently assigned to. me are not of this calibre - even if they. employ specialists when difficult work planting bugs etc is encountered - their salary and support costs. must still be very high. The individual agents are doing. well for themselves as they are well-paid to exercise psychopathic instincts which in. any sane society would see them in prison;. but the taxpayers who must fund this terribly wasteful exercise are being "done" out of hundreds of. thousands of pounds each. year. It must be. emphasised that the above estimates are highly conservative.. Besides the surveillance operation, it must carry a high cost in man-hours to propagate covert. slanders through the population; to setup and maintain the "interactive watching" links. to TV and radio stations, which these organisations continue desparately to "lie. and deny"; and to. induce antipathy in co-workers which would not otherwise exist. Why they are wasting Millions of Pounds on a "Nobody. from South London" As remarked in the prologue. to this article, it is really most extraordinary that the Security. Service spends a chunk of its budget, every. year for nine years so far, on a meaningless campaign against a "nobody from South London". That they. are spending such a large amount of money has been confirmed to me on several occasions,. usually by oblique references to "its costing this country millions". The. supposed "logic". behind the persecution is that MI5 wish to avoid their harassment of me, and the involvement of the UK media, to be made public; yet. as the reader will appreciate that is. a circular argument, "theyre doing it because they want to keep it secret and avoid. humiliation for themselves and their country" begs the question, "why did they. start doing it in the first place?", to which in truth. I myself do not know the answer. Plainly MI5 with its. rich budget can afford half a million pounds a year to waste on a "nobody from. South London". Some time ago I was talking to a British surveillance professional on Compuserve who. told me "this work costs a lot of money and is usally because the person I. am following has done something (usually criminal) to. warrant all this money and time being spent." Yet in this particular case it is plainly not the. "victims fault" that the harassment is taking place.. The hate-campaign against me is completely. the creation of the obsessive psychologies of the MI5 agents who have. made themselves my persecutors; it is obviously a "personal" campaign for them, and for years. they misuse taxpayer funding to feed their. insane, unnatural and fixated fantasies. 2445 Tag: PKI structure changes Tag: 96068
  - 12
    - M,I`5'Per secution Compa ring the MI 5 Persecuti on w ith Ge rman Fi nal Solution MI5 Persecution Update:. Friday 16 April, 1999 If. You Intend To Reply, Please Read This Please.... keep your response to one page!. Faxes. over a page or two will be deleted without being. read. BBC newscaster. Nicholas Witchell cant stop himself laughing During 1990-91. there were very many instances of "interactive television" where newscasters and other TV presenters. saw on a screen before them what was happening in my. home, and reacted, frequently by laughing at me. During this period. I unfortunately did not record these programmes. For. the last year or two, I have been recording everything I watch, and there has been a drastic. decrease in such incidents. However, on occasion, television. presenters do still engage in "interactive. watching" and react to what they see. This has been evident with Jon Snow of Channel Four News recently - a particularly. interesting case, since it has been established that he cannot be corrupted. by money (it is well-documented that MI5 offered him. a tax-free salary and he turned them down). I wonder what device MI5. are using to encourage him to do the. "interactive watching"? On Saturday 10 April 1999 at 7pm,. Nicholas Witchell on BBC2 News reacted when he saw that I was watching the programme, and I. have his reactions stored safely on videotape. I. have watched this tape several times and I am entirely confident that my evaluation of his reactions is correct.. For several minutes his upper lip. quivered in mirth as he attempted to keep a straight face. Then finally his self-control evaporated through the. excuse of a weak joke and. his face collapsed into a grin. The strange thing is that I dont know why he was laughing at. me, what I had done recently. to "deserve" to be laughed at. The MI5 persecutors usually manage to. invent some justification as to why people should laugh at and/or abuse me ("hes. an X", "it was so funny" etc), so Mr Witchell could have been laughing for any number of reasons. Perhaps. he found the views I have been expressing in these. articles amusing? I suppose if youre paid enough money and ordered to laugh then even the most innocuous. thing becomes. funny. Jon Snow. of Channel Four News cant stop himself smirking, either. On 12 February. 1999 I was watching Channel Four News presented by Jon Snow. As usual, I was recording the programme, so that if anything out. of the ordinary happened, Id be. able to go back and watch it again. Now, Jon Snow, by his own claim, is uncorruptible. He says. he turned down an. offer of a substantial tax-free salary from MI5 - they wanted to make him their. mouthpiece, and he told them where to get off. So. you will be most surprised to learn that Jon Snow "interactively watched" me that evening, and on many other. evenings. Approximately fifteen minutes into the programme, he announced that the. US President would. be making a live appearance at about 7.30pm; I looked at the clock on the mantelpiece; and Snow. saw me looking at the clock, and visibly tried to. suppress a smirk. Uncorruptible, are you, Mister Snow? If. not money, then why are you watching me, Mister Snow? Are they forcing you to. watch me? Cant you turn the. monitor off, Mister Snow? Keith Hill MP (Labour. - Streatham), my elected representative, as ever refuses. to help. Comparing the MI5. Persecution with German "Final Solution" It might seem offensive to compare the mass murder of. millions of civilians in wartime with. the peacetime persecution of merely one person. Yet the comparison has been coursing. through my mind for several years now, because. the brutality of German intent to "sub-humans" is very much. comparable to the brutality of British intent to someone they vituperate and. term "not up to British standards". The methods may differ, but the persecutors. mindset is the same. The Germans first targeted. the mentally disabled, too During. WW2 millions of ethnic Russians, Poles, Jews, mentally ill, gypsies and other minorities were. rounded up and murdered in purpose-built camps by the German regime, in the name of "racial superiority". Fifty. years on, the British. Secret Police, MI5, instituted a campaign of mass hysteria;. but in their cowardice, limited their activities to one single victim. It is instructive to note that the. early German "cleansing" effort was directed primarily not at Jews, but at the mentally ill. The. Nazis set up the T4 project in the thirties to "cleanse" away 70,000 mentally. disabled people, including schizophrenics and. epileptics. After WW2 the Jews with their media influence used the reaction from the holocaust to roll. back anti-semitism in the Western countries; however,. the mentally ill are today still a persecuted group in the modern Western world as they. were under the Nazis (the current Jewish home secretary in. the UK intends to bring in. laws for incarceration without any criminal charge for some mentally ill people - he protects his. own minority, but does nothing for the other minorities in todays. society), and this continuing bias forms a central cause for the current acts of. persecution in the UK. Widespread. knowledge of what is happening to the "un-British" minority In both the. German persecution of the thirties and early forties, and the current British persecution, many, many people. are well aware of whats happening. There is widespread. complicity through inaction of populace; and in a substantial proportion of the mainstread. population, the persecution had/has widespread. enthusiastic support; yet in both the German case in the 1940s and the British today,. the existence of persecution is a mass. secret which must be never admitted out loud. In the recent Lawrence. case this "secret bigotry" has been termed "institutionalised racism", and that is a very good word for. what the British are doing today. The persecutory attitudes and omerta regarding them are so deeply ingrained. in the national psyche that they define the national. mood During WW2 many Germans knew minorities were. disappearing, and through inaction quietly condoned their government's. mass murder of "un-German". minorities and inferior "foreigners"; and in the 1990s, similarly, many. English people know what the MI5 British Secret Police have been doing, and not only condone. it, but actively take part, because of xenophobia against the "un-British" unit minority that is the. target of "British" actions. This attitude by the British persecutors has. been made explicit. through the words "he's not up to British standards"; the British seem to have found their very own "untermenschen". to victimise. Why these obsessive "holy wars". happen This. type of aggression occurs when the majority is threatened or humiliated in some way, economically, militarily or culturally.. In pre-WW2 Germany the threat was primarily economic and. military, following Germany's humiliating. defeat in the first world war and the reparations it was forced to pay. In modern Britain, one might. guess that the majority English who are behind the persecution feel pressured by the. swiftly diminishing status of Britain in. the world, and the rapidly increasing coloured colonisation of their country, which in time will see the. ethnic English a minority in. their own land, and their more antisocial elements, unable to reply to. the obvious threat, instead project their aggression onto another, weaker,. unit minority In both cases there is a whiff. of "holy war" or irrational obsession with the persecution. Certainly the. German behaviour fifty years ago bordered on the not-quite-sane, and the current. British behaviour towards their chosen victim is. strongly tinged with a leave-taking of reason. And the choices open to the victims are the same, since MI5 will never allow me. to escape them, "if he tries to run. away we'll find him", just like the commandant of Auschwitz telling. the new arrivals, "the only escape is through. the chimney". The Victim Will Destroy. Us if We Dont Destroy Him First The persecutors propaganda is the same. Fifty years ago the Germans. said, "if we don't do it. to the Jews then the Jews will do it to us"; and MI5's propaganda in the early nineties concentrated on their victim. as a "monster". aesome "untermenschen" minority. "We are decent fellows" say. the Brutal Persecutors During the. course of researching this article I read part of the very interesting book, "Hitler - A Study in Tyranny", by Alan. Bullock. This volume contains a quote from Himmler on the "Final. Solution"; "Most of you know what. it means when a hundred corpses are lying side by side, or five hundred or one thousand. To have stuck it out, and at. the same time .... to have remained decent. fellows, that is what has made us hard. This is a page of glory in our history. which has never been written and is never. to be written." In the MI5 persecution, too, there. is a thread of deliberate brutality to the sick and. vulnerable, while the persecutors maintain that "we are decent fellows".. There is almost a conscious schizophrenia in the self-attitudes. of the Security Service operatives and those in the public who they employ against me, which. reflects the contradiction evident in the. German attitude above. On the one hand, they stoop to the lowest and most base behaviour; yet at the. same time, the MI5 operatives tell themselves that since. they are civilised British people, then surely they must by definition be "decent fellows". Any indecency is made. the fault of the victim; "hes making us persecute him, so we need feel. no guilt". Yet the conduct is atypical of the way these peoples see their. normal modes. of behaviour. Befslaughter was not typical of normal German behaviour up to that. point. Similarly, the current MI5 abuse goes against the grain of British self-image as being "reserved" and. "decent", since they are using terms of abuse which are common among blacks and. other supposedly less-developed races, but. not among the English. Conclusion The ultimate aim of both persecutions is the humiliation and. physical extinction of the persecuted group. The Germans did this in a. very direct way; the British Secret Police MI5 are acting indirectly. and relying on self-extinction of their target, because in peacetime. and in the current somewhat false climate of "political. correctness" more direct methods are impossible. If MI5 undertook more direct. action the mass "omerta" would be broken. I have written this article with sincerity. to show how a historically recent. persecution in another country parallels what is being done in this country today. In both cases, the evil-doers are of their. countries establishments, and rely on widespread tacit. support to maintain the persecution and omerta around it. While. the holocaust was undoubtedly the greater evil, it is important. to be aware of the fact that had the Germans not been defeated fifty years ago, their plans would have. gone through to total completion. In Britain today. no force threatens the "permanent government" of which the. Security Service forms a part; and it looks very unlikely. that the wrongs perpetrated by the MI5 secret police will ever be revealed to. public view, and the British secret state brought to justice for. its evil actions. 975 Tag: PKI structure changes Tag: 96067
  - 13
    - WINDOWS DEFENDER NEVER FINDS INFECTIONS I have been using WinDefender for at least two years in Windows XP and now Vista, but it never finds any type of infection in my PC (not that I want one, just want to see that it really helps). In comparison, other software like AVG and McAffee can always find some on occassion. Has anybody had better luck with this thing? I have already uninstalled it from XP and thinking of doing this for Vista; seems to me it only a waste of disk space or that Microsoft uses it to monitor your PC. I see the same thing happening with the famous "Malicious Removal Tool", it never seems to find anything either. What Gives???? -- EAL Tag: PKI structure changes Tag: 96064
  - 14
    - Guest Account Activity Help!... I have been disabling the Guest account serveral times, and I can't figure out whats enabling it. I am assuming its Virtual PC 2007, but I can't duplicate the action. Seems like its random. I have Clearwire as my ISP. There a wireless ISP company. There wireless hub is connect to my Dynex Router and I have no ports open (I tested my ports through GRC with a Stealth rating). I have a Desktop and Labtop connect to my Router. My Desktop has the NVidia Active Armor internet card. It's active and set to medium. Can anyone give me some idea's on what is changing my Guest account. Also, I changed the Guest name and set a password to it using the Local Security Policy, and it was still enabled. Thanks for your help!... Tag: PKI structure changes Tag: 96057
  - 15
    - Folder Redirection and Permissions Hi! I am implementing Folder Redirection for my Users' My Documents folder but after i redirect their folders to a windows 2003 Server which is joined to my domain, i cannot access those folders using domain admin account. Only the owner of that document can access it from his computer. All the users' My Documents folders are under one root folder. How can i set permissions so that users can access only their own My Documents folder and cannot access other users data in that folder and domain admins can have full access. thanks! Tag: PKI structure changes Tag: 96052
  - 16
    - Folder security I know you can assign a password to a file, but is there a way to assign one to an entire file. It would be a lot easier to be able to put sensitive files in one password protected folder but it dioesn't appear there is a way to do that. Thank you Tag: PKI structure changes Tag: 96050
  - 17
    - 1yz.info - Anonymous Proxy Visit Hyves Myspace YouTube etc. without being blocked by schools, Company's, ISP's http://www.1yz.info Tag: PKI structure changes Tag: 96047
  - 18
    - Live OneCare Backups I would like to set up my laptop to back up ONLY on weekdays to my work network. I seem to be able to do 7 days, but not 5. Can this be adjusted? James jlatour2002@msn.com Tag: PKI structure changes Tag: 96045
  - 19
    - Decrypting a small byte string w/ CryptDecrypt I want to encrypt ciphertext with a public key and decrypt it with a private key. The performance impact is acceptable since I'm dealing with a very small payload. I have a curious problem using CryptDecrypt (w/ a public key) against a byte blob previously encoded with CryptEncrypt (w/ a private key). The key pair I'm using comes from a call to CryptAcquireCertificatePrivateKey against a certificate store. I can hex dump the private/public keys so I know they're present in the key handle. I keep getting a NTE_BAD_KEY error. I notice the ALG_ID on the key pair is AT_SIGNATURE. I tried force the type to CALG_KEYX to get it to be AT_KEYEXCHANGE but I get "invalid type error". Am I hitting an international limitation in the software or do you think i have a defect in my code??? Tag: PKI structure changes Tag: 96038
  - 20
    - Freedom.exe and disabled Internet Explorer and Desktop I ran a free-trial version of Verizon PC Security Checkup. It id'd 30 instances of spyware. After removing them, I rebooted. I can no longer bring up the Control Panel, My Computer, Explorer, or any folders on the desktop. I get a "Fatal Error - Cannot start Freedom, because the "Resource" directory or one of its sub-directories is missing. Please try re-installing Freedom." Internet Explorer 7 also hangs, but doesn't generate the error. (Firefox doesn't appear to be affected.) Verizon tech support has been polite, but not very helpful. Any suggestions? I run XP on a desktop HP. Tag: PKI structure changes Tag: 96034
  - 21
    - oakley.log Hi, the L2TP/IPSec connection to our ISA Server suddenly stopped working (only PPTP is possible any more). I enabled oakley.log logging to find the error, but there are some different messages starting with "failed" but no one results in an error. Finally the connection is ended with "IKE SA deleted before establishment completed". I have got: failed to get chain 80092004 Could not find the peer list entry Can anybody help me? Regards, Dagmar Tag: PKI structure changes Tag: 96025
  - 22
    - Credit Card Details If sensitive information (such as a credit card) has to be saved to a database then there is a duty of care to protect this information. If the data is saved in plain text, then there is a concern that a hacker gaining access to the server will therefore gain access to the credit card data. One option is therefore to encrypt it. This means that the data is stored on the server in an encrypted format. However, at some stage, the software will legitimately need to decrypt the data in order to use this information. To achieve this, it has to have access to the key to decrypt the information. If the software has access to this decryption key then surely so will any hacker. It would be equivalent to buying a secure safe and hanging the keys next to it. There must be a more secure implementation - could someone describe it> Many thanks Griff Tag: PKI structure changes Tag: 96018
  - 23
    - How to detect antivirus software on a system I am preparing an installer. Pre-requisite for this installer is to check if any anti-virus software is installed on the machine. If so then show a message to the user saying - Detected anti-virus software in the system. please stop the anti-virus software services and then proceed with the installation. Does any one know if there is any Windows API or some registry from which i can know that some anti-virus software is installed on the system? The installer i am preparing will be installed on Win2K3 and Win XP machine. Thanks... Tag: PKI structure changes Tag: 96016
  - 24
    - Windows 2003 - svchost.exe trying to access the Internet the IP Addresses that it tries to connect are: 209.221.135.134 209.221.135.136 199.93.55.123 Does anybody know what these IP addresses are? I can't find any info for these hosts. Thanks... Tag: PKI structure changes Tag: 96014
  - 25
    - Recommendations for use of Policy CA in small PKI solutions Hi I am considering updated Pros and Cons about having Policy CA's as a separate level in the CA hierarchy as opposed to having it in a combined role together with issuing CA's. In almost all the PKI cases I have been involved in so far, we only have two or three levels in the CA hierarchy with or without HSM modules. Three level CA solution : Offline Root, Offline Policy CA and two issuing CA's Two level CA solution: Offline Root, Two or more Issuing CA I am wondering if the use of the Policy CA is overkill in such rather small designs - if the Policy CA does not make use of qualified subordination using policy.inf or cross-certification with other companies CA, could you say that the use of a policy CA is overkill? - if the Policy CA is being used with or without qualified subordination specified in a policy.inf file, would it be ok to have the policy CA online as part of the domain, even though it would be a standalone sub-CA. This would make it a lot easier to manage. - Is it possible at all to have the policy CA being standalone, non-domain and still be able to use the qualified subordination features? It seems that the signing of qualified subordination requires v2 templates which are normally only available on an enterprise OS and Enterprise CA? We typically restrict which Issuing CAs are able to issue which certificates based on which CA's the templates are published on and together with permissions on the templates, this is often enough, when the hierarchy is as small as mentioned and especially when only a few number of persons administers the CA's in a given company. Thanks in advance for any inputs/thoughts on this subjects. Links to white papers about the use of Policy CA's with pros and cons would be appriciated. kind regards Claus -- Claus Jespersen WM-data Denmark Tag: PKI structure changes Tag: 96008
- Next
  - 1
    - Expire or not expire? Hello, Help me to solve this dilema. What scenario is more secure? 1. I apply policy to change their passwords every 2 months. 2. I apply policy that passwords are never expired. In first scenario half of users will store their passwords on stickers and that confuse me. Thank for any suggest! Tag: PKI structure changes Tag: 95988
  - 2
    - time is 11pm This is a multi-part message in MIME format. ------=_NextPart_000_0026_01C84036.C9639F20 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit 11pm ------=_NextPart_000_0026_01C84036.C9639F20 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 6.00.6000.16587" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3DArial size=3D2>11pm</FONT></DIV> <DIV> </DIV></BODY></HTML> ------=_NextPart_000_0026_01C84036.C9639F20-- Tag: PKI structure changes Tag: 95986
  - 3
    - abc This is a multi-part message in MIME format. ------=_NextPart_000_0033_01C83FFA.B01020C0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit abc ------=_NextPart_000_0033_01C83FFA.B01020C0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 6.00.6000.16587" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3DArial size=3D2>abc</FONT></DIV> <DIV> </DIV></BODY></HTML> ------=_NextPart_000_0033_01C83FFA.B01020C0-- Tag: PKI structure changes Tag: 95978
  - 4
    - www.nikepopularshoes.com cheap wholesalenike shoes air dunks,Nike http://www.nikepopularshoes.com wholesale nike shoes,nike shoes air force 1s one,nike shoes air force 1s xxv 25th,nike shoes dunk,nike shoes air jordan, nike shoes air jordans,nike shoes air dunks,Nike shox,Nike shocks,Nike shox tl,Nike shox nz,Nike shox r4,Nike shox ride,Nike shox turbo,shox monster, nike shoes air max, Nike shoes air max tn plus,Nike shoes air max 360,Nike air rift.adidas shoes,puma shoes,prada shoes,gucci shoes,bape shoes,red monkey jeans,children shoes,bape hoodies,bbc hoodies,evisu hoodies,lrg hoodies,polo hoodies,ed hardy hoodies,timberland shoes,gucci bags,chloe bags,juicy bag,coach bag,fedi bag,chanel bag,red monkey jeans,bape jeans,evisu jeans, bbc jeans,seven jeans,D&g jeans,antik jeans,lrg jeans,gunit jeans,akademikes jeans,iv bag,nike shoes women shoes, nike shoes men shoes, nike shoes women ... msn.nikepopularshoes@hotmail.com e- eail.nikepopularshoes@yahoo.com.cn http://www.nikepopularshoes.com Tag: PKI structure changes Tag: 95970
  - 5
    - HOTMAIL, ACCESS 2007 SECURITY ISSUE have a Hotmail email account which I use with MSN EXPLORER as my mail handler. I have an application written with Access 2007. I have downloaded the software for viewing and using .snp formatted files from MSN website. I created several reports in Access 2007 and want to email them to several people in .snp format. My Browser, or Email Server I cannot tell which or why "Blocks" .snp formatted files. I cannot find a swithch or Microsoft doesn't seem to know why their software considers their software "UNSAFE". Does anyone know how to make this work. It works if you are not using Hotmail or MSN Webmail. it works with Earthlink to many various email servers by Not Microsoft's go figure. Tag: PKI structure changes Tag: 95965
  - 6
    - Something Not Rigth! Anti virus scanners that scan software are one thing, but what about virus' that are flashed into the soft memory or other micro chips within a computer and hibernate there and execute at any time when the system is rebooted? Antiviral programs and malware removal programs only scan the physical hard drive and sometimes (if you have a good malware remol tool) deep scan the RAM memory for malicious software. What happens when other memory modules become infected and launch at system startup? Something to ponder for the holidays... Season's Best! Elaine Beauxrauxgard-Weiderhoff Tag: PKI structure changes Tag: 95960
  - 7
    - Need for SSL? I'm having a debate with a co-worker about the need for SSL. The debate originates from our need to provide external access to our SharePoint 2007 farm. We agree that we need to put the outfacing SharePoint farm in a DMZ to isolate it from our intranet. I say that we also need to make SSL part of the solution (using an SSL VPN or ISA Server box with an SSL cert) if for no other reason than to encrypt logon credentials. He says that we can just create a NAT to the SharePoint server and allow HTTP through port 80 and be done with it because "man-in-the-middle" attacks are pretty much a thing of the past. He says further that the greater risk with exposing resources to the Internet these days is from trojans and the like on external PCs. All the Microsoft best practices and model topologies for exposing SharePoint include SSL. What do you think? Am I overstating the need? Tag: PKI structure changes Tag: 95956
  - 8
    - AD Startup Script Containing Password Hello - I have a batch file that runs a dsmove command that needs authentication of a user that has control of 2 very small OUs. I happen to be that user, so the batch file contains my password. I want to run this as a machine startup script. For testing, I temporarily put this in the respective subfolder of Sysvol and I removed my password after every testing session. However, I also changed the permissions to the batch file to: System - Full Me - Full Domain Computers - Full Enterprise Domain Controllers - Full I realize a Domain Admin would be able to him/herself access if they wanted to. Other than that, is there any risk with the above permissions? I don't see how there could be, but I may be missing something. By the way, before putting this into production, I will delegate control of the OUs to a service account and use those credentials in the batch file instead of mine. Thanks. Tag: PKI structure changes Tag: 95955
  - 9
    - Lock to home folder Hi, how i can lock user in home folder in Vista? Thx. Tag: PKI structure changes Tag: 95949
  - 10
    - Excel spreadsheet disapear on the network Hi, I have a critical excel spreadsheet on my network, a couple of user have the write access on that file, someone is deleting that file and then the production is stop. I had to restore that file 3 times this week. how can I know who is delete that file, is there an audit that I can do, or even a third party software that I can use?? thank you for your help it is pretty urgent! Tag: PKI structure changes Tag: 95939
  - 11
    - Account Lockout event log only recorded ... sometimes Hello, I've got my policy set up on Account Management success and Failure and I have been getting records in the event log when user accounts lock out (a 644 event) and I still get them, but it seems to be a hit-or-miss thing recently. If I weren't getting any, I would think the policy wasn't right, but it's an intermittent issue. I know about the event log bug, and I archive the logs with a VBscript every night so they don't get too big and start dropping them, but there is at least one account, and probably more, that is not recording the event of its locking out, and I need to see those so I can inform the developer the originating machine name. Any ideas? Tag: PKI structure changes Tag: 95938
  - 12
    - 70 GB of Files I can't Find Hi all, When I check the individual folder properties on the main hard disk on my system, I can find 30 GB of data on a fairly new installation of Windows Vista Ultimate. However, when I check the properties for the disk itself (with the pie chart), I see 100 GB of data taking up space on a 500 GB hard disk. I run scans regularly, the antivirus and antimalware software is updated daily, and I don't go to any internet sites that are considered hazardous. Does anyone know what might cause the disparity of 70 GB? Thanks, MBO Tag: PKI structure changes Tag: 95937
  - 13
    - I have TWO iexplore.exe's running -- why? Hello, In determining why my system's been acting up (running slow, prohibiting "backspace" from deleting characters backwards in Excel, e.g.), I discovered in the Task Manager that there were TWO iexplore.exe's running. After Googling it, it says one version is a legit process that runs w/ IE. However, elsewhere it says it could be a Trojan. I can't tell where the process is running from, from the Task Mgr, or whether I should kill one. I have multiple IE (version 7) windows running -- do I get an iexplore per window? I ran UniBlue Registry Booster, but it [free version] just fixed 15 of my about 500 registry errors. Please advise... Thanks! Mark H. -- Science-based nutrition! See TIOEnterprises.net Tag: PKI structure changes Tag: 95929
  - 14
    - Cannot input certain keystrokes when leaving PC up over night. I'm using Windows XP, SP2 and the oddest thing. After leaving the PC up for awhile I lose the ability to input certain keystrokes into fields. The keys are THCS to name a few. I am not able to type them into browser fields, excel fields etc. If I bring up notepad they type fine. I usually end up rebooting. I've scanned high and low for viruses and trojans, nothing. Has anyone seen anything this bizarre. Its quite annoying. Tag: PKI structure changes Tag: 95928
  - 15
    - Publish CRL with a CNAME Hello, I want to publish my CRL on a webiste using a DNS CNAME. I wonder if it is compatible with protocol that check certificate chain. What do you think about ? Regards, -- P.J.A. Tag: PKI structure changes Tag: 95925
  - 16
    - Root CA on a VM Hello, I wonder if it a good idea. I want to install my root CA on a Virtual Machine, and burn virtual hard drive into a DVD. It's more handy for me than use a dedicated hardware. What do you think about this way ? Regards, -- P.J.A. Tag: PKI structure changes Tag: 95924
  - 17
    - Users cannot modifie files with disable option delete subfolders f SO: sbs windows 2003 one share folder that i want remove possibility of deleting files, I had disable the security option in special permissions delete subfolders files. But when the user try to change documents, he cann't save it and generate temp files. I f I active this option the user can delete files too Any idea? thanks regards Tag: PKI structure changes Tag: 95919
  - 18
    - Users cannot connect from external domain. - We have users from an external Domain (DomainB) that can no longer connect to a file share on a server in our Domain (DomainA). - Both Domains have outgoing external trusts setup to each other, which have both been validated and are working OK. - DomainB users logon to their own domain, then connect though a drive mapping, and enter their DomainB credentials and connect to Server1\fileshare in our DomainA. - Server1 at this point gets two identical Security Event Log Audit Failure events for each attempt as follow â?? - Sourceâ??Security, Category-logon/logoff, EventID-537, user-NT AUTHORITY\SYSTEM - Logon Failure: Reason: An error occurred during logon User Name: DomainBUser1 Domain: vtx-alt Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: DomainBWorkstation1 Status code: 0xC000005E Substatus code: 0x0 Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 172.2x.4x.1xx Source Port: 0 - The DomainB\group that has permissions to the share on Server1 can still be seen on the folders with the correct rights assigned, BUT if an attempt is made to add the same DomainB\group to another folder on Server1, whilst DomainB can be seen in the Locations box, it cannot resolve the group and cannot be added. - The above has been tested for other file servers in various VLans in DomainA, and none can resolve or add the DomainB\group. - 2 Domain Controllers from the same VLan as Server1, however, can resolve and add DomainB users & groups OK. And when a user from DomainB maps a drive and connects to a test share to which the DomainB\group has permissions to on these Domain Controllers, they can do so with their DomainB credentials, and all works as expected. - The two DCâ??s are in the same VLan as Server1, and they have the same DNS etc settings, - I believe these two DCâ??s hold the trust for DomainA to DomainB - Network team have confirmed that there are no Firewalls in place between DomainA & DomainB, and all servers on the Vlan that Server1 and the two DCâ??s are on are treated in exactly the same way. - There are no failed logon attempts on the DCâ??s from DomainB. Hope that all makes sense, and any help hugely appreciated! Tag: PKI structure changes Tag: 95917
  - 19
    - Today: Q&A with Security MVP Expert Chat Hello everyone, You are invited to join our public chat on December 11th. Security Chat: Q&A With the Security MVP Experts We invite you to attend a Q&A with the Microsoft Security MVPs. In this chat the MVP experts will answer your questions regarding online safety issues such as phishing, spyware, rootkits as well as server related topics. If you have questions on how to protect your PC, please bring them to this informative chat. When: December 11th at 4pm PDT Where: TechNet Chat Room www.microsoft.com/technet/community/chats/chatroom.aspx Password: Public Chat no password required We are also holding similar chats for Exchange Server if anyone is interested. For more information on the Security and Exchange chats and an add to calendar file, please vistit http://www.microsoft.com/communities/chats/default.mspx Exchange Chats: Q&A With the Exchange MVP Experts We invite you to attend a Q&A with the Microsoft Exchange Server MVPs. In this chat Exchange MVPs will be on hand to answer your questions about Exchange Server, Outlook and Exchange for Small Business Server. So if you are thinking of upgrading to Exchange Server 2007 or have questions about Exchange Server 2003 we hope you can join us for this informative online chat! Chat 2: December 12 at 5pm PDT Where: TechNet Chat Room www.microsoft.com/technet/community/chats/chatroom.aspx Password: Public Chat no password required -- Melissa Travers MVP Lead | Microsoft Exchange Server, Virtual Machine, Windows Security, Windows Server: Clustering, DPM, Directory Services, ISA Server & MIIS. Please do not send email directly to this alias. This alias is for newsgroup purposes only. This posting is provided "AS IS" with no warranties, and confers no rights. Tag: PKI structure changes Tag: 95913
  - 20
    - Hacked!!! Question on port 137 I've recently had my linksys befsx41 router hacked. I've installed a packet sniffer and am watching the logs. Im noticing a random UDP Packet being sent out port 137 from my XP pro box. Its going to a few addresses in asia. Should I be overly concerned with this? It happens in safe mode which strikes me as odd. No viruses, trojans etc found. Thanks in advance, Ralph Gustavsen Tag: PKI structure changes Tag: 95910
  - 21
    - Create certificate with makecert for LDAPS on a DC ? Hi, I would like to use LDAPS on my DC. I have already read this article : http://support.microsoft.com/default.aspx/kb/321051 ... but I am not able to create my self-signed certificate with certreq as I dont have any CA in my domain to submit the "request.req" file. So I tried to create my own certificate with makecert by using this command : "makecert -r -pe -n "CN=FQDN_OF_DC.domain.local" -b 01/01/2000 -e 01/01/2036 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localMachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12" The certificate is created in Personal\Certificates (under Computer) but when I watch the certificate status, I have a warning saying : "This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store.". When I try to connect (locally)to my LDAPS using ldp.exe , I have an error "Error <0x51>: Fail to connect to FQDN_OF_DC.domain.local." Do you think I have this problem because of the fact the certificate that I have created has not been delivered by a Trusted root CA store ? Is there a way to bypass this limitation by creating a self signed certificate for my DC that will let me try to use LDAPS ? Thank you :) P.S: Sorry for my english ;-) -- bigstyle MVP Windows Server - Directory Services MCSE 2000/2003 Security Tag: PKI structure changes Tag: 95909
  - 22
    - lookupaccountname and workgroups hello, i asked this question in win32.programming.networks but got the advice to try here, so here we go... my basic problem is, when im calling LookupAccountName on a process running as localsystem when not member of a domain (i.e., the machine is in a workgroup) it returns 1332: no mapping between account names and security ids was done. i have been experimenting a bit using a small program similar to this pseudo-c++: string username GetUserNameEx (NameSamCompatible, username, username.length) print (username) string domainname // the sid things here are out parameters not relevant for my example if (LookupAccountName (NULL, username, sidbuf, sidbuf.length, domainname, domainname.length, sidthing)) { print (domainname) } else { print (geterror ()) } when running as user on a machine on a domain i get: username: mydomain\jdoe domainname: mydomain running as localsystem on a domain i get: username: mydomain\mycomputer$ domain: mydomain but, running as user on a machine in a workgroup i get: username: mycomputer\jdoe domain: mycomputer and finally, running as localsystem when in a workgroup i get: username: workgroup\mycomputer$ domainname fails with 1332 as noted above an interesting side note is that the domain part of the username differs in the last two examples... after some trial and error i discovered that if i removed the domain part and the trailing $ from the username the call to lookupaccountname succeeds, but returns the same domainname as username (e.g., mycomputer in the example above). do i have to make a condition like if (in_workgroup && localsystem) { ... } or have i got something else wrong here? regards, lars Tag: PKI structure changes Tag: 95907
  - 23
    - problem with EFS Recovery agent 4 month ago, i have implemented a certificate autority on my domain and i have create one EFS Recovery Agent. i have deployed many certificates for my users and the efs recovery agnet work fine for these months. today, i have make a change to my "User" certificate in the security tab, i have deployed the updated template to one user and i have tested the recovery of crypted data with my begening "efs recovery agent" certificate. now, i'm unable to recover file with this certificate... Why??? i need to know why my EFS Recovery Certificate does not work after the change. (the only thing i have change is to enable the autoenrollment for this user). for security, i need to have a fonctional EFS Recovery Agent Thanks. Tag: PKI structure changes Tag: 95903
  - 24
    - File xfer security Hello, How can I securely transfer files using a recordable CD from one XP to the other. The XP Pro's native file encryption works only in the same HD. The moment the file is copied to any other media it disables its security feature. Is there any Microsoft product or a Freeware software that does not expire nor has a number of files limitation for this purpose? Thanks Jim Tag: PKI structure changes Tag: 95902
  - 25
    - SAMR OpenUser fails with C0000022 Hi everybody! A customer of ours operates an AD with one domain and a couple of subdomains spread over few dozens AD-Servers across their intranet. On one of the member servers (W2003) in their HQ there is an application that authenticates users from several sub domains against the respective AD-Servers (W2000). For users from some of the subdomains, the authentication works, for at least three of the subdomains the authentication fails. I do not have source code access for this application but I captured the network traffic and it seems like the SamrOpenUser request gets a c0000022 (STATUS_ACCESS_DENIED) response from the subdomain controllers. We checked the ACL on the "user" object in the AD - it had sufficient access rights for a read access set. Also, a object access audit on the AD "user" object showed no failure. What other settings can cause a STATUS_ACCESS_DENIED response for the SamrOpenUser request? Tag: PKI structure changes Tag: 95900

We've currently got a 1-tier PKI setup with an enterprise-root CA. I'd like
to move to a 3-tier - offline standalone root, offline standalone policy, and
an enterprise issuing. I can't find any docs to explain how to get there.

Do I need to tear down the existing to bring up the new one, or can they
exist side by side?

C. Brice

Top

Re: PKI structure changes by Brian

Brian
Fri Dec 28 18:24:23 CST 2007

I would say the best way is to deploy the new, only keep the enterprise root
CA around for revocation and publication of CRLs.
WHen its last certificate expires, wrip it out <G>
Brian

"C. Brice" <CBrice@discussions.microsoft.com> wrote in message
news:93FE7F51-729E-46A6-AFDC-B5FB83D15641@microsoft.com...
> We've currently got a 1-tier PKI setup with an enterprise-root CA. I'd
> like
> to move to a 3-tier - offline standalone root, offline standalone policy,
> and
> an enterprise issuing. I can't find any docs to explain how to get there.
>
> Do I need to tear down the existing to bring up the new one, or can they
> exist side by side?
>
> C. Brice

Top

Re: PKI structure changes by djpaynesr

djpaynesr
Wed Jan 02 12:58:03 CST 2008

I agree with Brian. They shouldn't interfere with each other operationally as
they will both be trusted by the domain. When the new PKI infrastructure is
up and running and the certificates have been distributed the old PKI
infrastructure can be removed. As long as the objects (users, computers,
etc.) have a trusted certificate associated with them or in their local
certificate store, communication won't be affected.

However, I would definitely try this out in a lab environment before
deployment to ensure that I am completely familiar with the depolyment, error
correction and recovery and proof of concept. The lab doesn't have to be
anything fancy, a few servers, workstations and users would work. It can even
be done in a virtual environment if resources are limited.

Top