Experts Find a Door Ajar in an Internet Security Method Thought Safe
![On Monday, several security researchers, including from Google, uncovered a major vulnerability called “Heartbleed” in the technology that powers encryption across the Internet.]()
On Monday, several security researchers, including from Google, uncovered a major vulnerability called “Heartbleed” in the technology that powers encryption across the Internet.
Then companies began taking inventory of what they may have lost. But because the flaw would allow attackers to surreptitiously steal the keys that protect communication, user passwords and anything stored in the memory of a vulnerable web server, it was virtually impossible to assess whether damage had been done.Organizations were advised to download immediately the newest version of the OpenSSL protocol, which includes a fix, and quickly swap out their encryption keys. It also meant organizations needed to change their corporate passwords, log out users and advise them to change their own passwords.
http://bits.blogs.nytimes.com/2014/04/08/flaw-found-in-key-method-for-protecting-data-on-the-internet/?hp
http://www.nytimes.com/2012/11/08/technology/personaltech/how-to-devise-passwords-that-drive-hackers-away.html?pagewanted=all&_r=0
In a remarkable coincidence, the following book is in pubication process which describes a cipher which was discovered about 5500 years ago and used as Meluhha hieroglyphs and deployed on cuneiform and other tablets of clay. Maybe, the cipher offers a more reliable solution to the security of today's electronic tablets.
Clearly, there are insecure tablets and there are secure tablets for business transactions of Bronze Age.
Await the publication announcement. (Note: The ancient cipher is so safe and reliable, that it has defied meaning for nearly 150 years since the discovery of the first tablet of Bronze Age!!).
Kalyanaraman
Sarasvati Research Center
April 9, 2014
![]()
Table of Contents
On Monday, several security researchers, including from Google, uncovered a major vulnerability called “Heartbleed” in the technology that powers encryption across the Internet.Updated, 10:24 p.m. | A flaw has been discovered in one of the Internet’s key security methods, potentially forcing a wide swath of websites to make changes to protect the security of consumers.
The problem was first discovered by a team of Finnish security experts and researchers at Google last week and disclosed on Monday. By Tuesday afternoon, a number of large websites, including Yahoo, Facebook, Google and Amazon Web Services, said they were fixing the problem or had already fixed it.
Researchers were still looking at the impact on consumers but warned it could be significant. Users’ most sensitive information — passwords, stored files, bank details, even Social Security numbers — could be vulnerable because of the flaw.
The most immediate advice from security experts to consumers was to wait or at least be cautious before changing passwords. Changing a password on a site that hasn’t been fixed could simply hand the new password over to hackers. Experts recommended that, before making any changes, users check a site for an announcement that it has dealt with the issue. “This is a good reminder that there are many risks online and it’s important to keep a watchful eye around what you’re doing, just as you would in the physical world,” said Zulfikar Ramzan, the chief technology officer of Elastica, a security company.
The extent of the vulnerability was unclear. Up to two-thirds of websites rely on the affected technology, called OpenSSL. But some organizations appeared to have had advance notice of the issue and had already fixed the problem by Tuesday afternoon. Many others were still working on restoring security.
Because attackers can use the bug to steal information unnoticed, it is unclear how widely the bug has been exploited — although it has existed for about two years. On Github, a website where developers gather to share code, some were posting ways to use the bug to dump information from servers. The Finnish security researchers, working for Codenomicon, a security company in Saratoga, Calif., and security researchers at Google found the bug in a portion of the OpenSSL protocol — which encrypts sessions between consumer devices and websites — called the “heartbeat” because it pings messages back and forth. The researchers called the bug “Heartbleed.”
“It’s a serious bug in that it doesn’t leave any trace,” said David Chartier, chief executive at Codenomicon. “Bad guys can access the memory on a machine and take encryption keys, usernames, passwords, valuable intellectual property, and there’s no trace they’ve been there.”
Then companies began taking inventory of what they may have lost. But because the flaw would allow attackers to surreptitiously steal the keys that protect communication, user passwords and anything stored in the memory of a vulnerable web server, it was virtually impossible to assess whether damage had been done.Organizations were advised to download immediately the newest version of the OpenSSL protocol, which includes a fix, and quickly swap out their encryption keys. It also meant organizations needed to change their corporate passwords, log out users and advise them to change their own passwords.
Security researchers say they found evidence that suggests attackers were aware of the bug. Researchers monitoring various “honey pots” — stashes of fake data on the web aimed at luring hackers so researchers can learn more about their tools and techniques — found evidence that attackers had used the Heartbleed bug to access the fake data.
Actual victims may be out of luck. “Unless an attacker blackmails you, or publishes your information online, or steals a trade secret and uses it, you won’t know if you’ve been compromised,” Mr. Chartier said. “That’s what makes it so vicious.”
Mr. Chartier advised users to consider their passwords compromised and urged companies to deal with the issue quickly. “Companies need to get new encryption keys and users need to get new passwords,” he said.
Security researchers say it is most important for people to change passwords to sensitive accounts like their online banking, email, file storage and e-commerce accounts, after first making sure that the website involved has addressed the security gap.
By Tuesday afternoon, many organizations were heeding the warning. Companies across the web, including Yahoo, Amazon and PayPal, began notifying users of the bug and what was being done to mitigate it. Tumblr, the social network owned by Yahoo, said it had issued fixes and warned users to immediately swap out their passwords.
“This still means that the little lock icon (HTTPS) we all trusted to keep our passwords, personal emails and credit cards safe was actually making all that private information accessible to anyone who knew about the exploit,” the security team at Tumblr, which is part of Yahoo, wrote on its site. “This might be a good day to call in sick and take some time to change your passwords everywhere — especially your high-security services like email, file storage and banking, which may have been compromised by this bug.”
Steve Lohr and Vindu Goel contributed reporting.http://bits.blogs.nytimes.com/2014/04/08/flaw-found-in-key-method-for-protecting-data-on-the-internet/?hp
How to Devise Passwords That Drive Hackers Away
By NICOLE PERLROTH
Published: November 7, 2012
Not long after I began writing about cybersecurity, I became a paranoid caricature of my former self. It’s hard to maintain peace of mind when hackers remind me every day, all day, just how easy it is to steal my personal data.
Not long after I began writing about cybersecurity, I became a paranoid caricature of my former self. It’s hard to maintain peace of mind when hackers remind me every day, all day, just how easy it is to steal my personal data.
Minh Uong/The New York Times
Within weeks, I set up unique, complex passwords for every Web site, enabled two-step authentication for my e-mail accounts, and even covered up my computer’s Web camera with a piece of masking tape — a precaution that invited ridicule from friends and co-workers who suggested it was time to get my head checked.But recent episodes offered vindication. I removed the webcam tape — after a friend convinced me that it was a little much — only to see its light turn green a few days later, suggesting someone was in my computer and watching. More recently, I received a text message from Google with the two-step verification code for my Gmail account. That’s the string of numbers Google sends after you correctly enter the password to your Gmail account, and it serves as a second password. (Do sign up for it.) The only problem was that I was not trying to get into my Gmail account. I was nowhere near a computer. Apparently, somebody else was.It is absurdly easy to get hacked. All it takes is clicking on one malicious link or attachment. Companies’ computer systems are attacked every day by hackers looking for passwords to sell on auctionlike black market sites where a single password can fetch $20. Hackers regularly exploit tools like John the Ripper, a free password-cracking program that use lists of commonly used passwords from breached sites and can test millions of passwords per second.Chances are, most people will get hacked at some point in their lifetime. The best they can do is delay the inevitable by avoiding suspicious links, even from friends, and manage their passwords. Unfortunately, good password hygiene is like flossing — you know it’s important, but it takes effort. How do you possibly come up with different, hard-to-crack passwords for every single news, social network, e-commerce, banking, corporate and e-mail account and still remember them all?To answer that question, I called two of the most (justifiably) paranoid people I know, Jeremiah Grossman and Paul Kocher, to find out how they keep their information safe. Mr. Grossman was the first hacker to demonstrate how easily somebody can break into a computer’s webcam and microphone through a Web browser. He is now chief technology officer at WhiteHat Security, an Internet and network security firm, where he is frequently targeted by cybercriminals. Mr. Kocher, a well-known cryptographer, gained notice for clever hacks on security systems. He now runs Cryptography Research, a security firm that specializes in keeping systems hacker-resistant. Here were their tips:FORGET THE DICTIONARY If your password can be found in a dictionary, you might as well not have one. “The worst passwords are dictionary words or a small number of insertions or changes to words that are in the dictionary,” said Mr. Kocher. Hackers will often test passwords from a dictionary or aggregated from breaches. If your password is not in that set, hackers will typically move on.NEVER USE THE SAME PASSWORD TWICE People tend to use the same password across multiple sites, a fact hackers regularly exploit. While cracking into someone’s professional profile on LinkedIn might not have dire consequences, hackers will use that password to crack into, say, someone’s e-mail, bank, or brokerage account where more valuable financial and personal data is stored.COME UP WITH A PASSPHRASE The longer your password, the longer it will take to crack. A password should ideally be 14 characters or more in length if you want to make it uncrackable by an attacker in less than 24 hours. Because longer passwords tend to be harder to remember, consider a passphrase, such as a favorite movie quote, song lyric, or poem, and string together only the first one or two letters of each word in the sentence.OR JUST JAM ON YOUR KEYBOARD For sensitive accounts, Mr. Grossman says that instead of a passphrase, he will randomly jam on his keyboard, intermittently hitting the Shift and Alt keys, and copy the result into a text file which he stores on an encrypted, password-protected USB drive. “That way, if someone puts a gun to my head and demands to know my password, I can honestly say I don’t know it.”STORE YOUR PASSWORDS SECURELY Do not store your passwords in your in-box or on your desktop. If malware infects your computer, you’re toast. Mr. Grossman stores his password file on an encrypted USB drive for which he has a long, complex password that he has memorized. He copies and pastes those passwords into accounts so that, in the event an attacker installs keystroke logging software on his computer, they cannot record the keystrokes to his password. Mr. Kocher takes a more old-fashioned approach: He keeps password hints, not the actual passwords, on a scrap of paper in his wallet. “I try to keep my most sensitive information off the Internet completely,” Mr. Kocher said.A PASSWORD MANAGER? MAYBE Password-protection software lets you store all your usernames and passwords in one place. Some programs will even create strong passwords for you and automatically log you in to sites as long as you provide one master password. LastPass, SplashData and AgileBits offer password management software for Windows, Macs and mobile devices. But consider yourself warned: Mr. Kocher said he did not use the software because even with encryption, it still lived on the computer itself. “If someone steals my computer, I’ve lost my passwords.” Mr. Grossman said he did not trust the software because he didn’t write it. Indeed, at a security conference in Amsterdam earlier this year, hackers demonstrated how easily the cryptography used by many popular mobile password managers could be cracked.IGNORE SECURITY QUESTIONS There is a limited set of answers to questions like “What is your favorite color?” and most answers to questions like “What middle school did you attend?” can be found on the Internet. Hackers use that information to reset your password and take control of your account. Earlier this year, a hacker claimed he was able to crack into Mitt Romney’s Hotmail and Dropbox accounts using the name of his favorite pet. A better approach would be to enter a password hint that has nothing to do with the question itself. For example, if the security question asks for the name of the hospital in which you were born, your answer might be: “Your favorite song lyric.”USE DIFFERENT BROWSERS Mr. Grossman makes a point of using different Web browsers for different activities. “Pick one browser for ‘promiscuous’ browsing: online forums, news sites, blogs — anything you don’t consider important,” he said. “When you’re online banking or checking e-mail, fire up a secondary Web browser, then shut it down.” That way, if your browser catches an infection when you accidentally stumble on an X-rated site, your bank account is not necessarily compromised. As for which browser to use for which activities, a study last year by Accuvant Labs of Web browsers — including Mozilla Firefox, Google Chrome and Microsoft Internet Explorer — found that Chrome was the least susceptible to attacks.SHARE CAUTIOUSLY “You are your e-mail address and your password,” Mr. Kocher emphasized. Whenever possible, he will not register for online accounts using his real e-mail address. Instead he will use “throwaway” e-mail addresses, like those offered by10minutemail.com. Users register and confirm an online account, which self-destructs 10 minutes later. Mr. Grossman said he often warned people to treat anything they typed or shared online as public record.“At some point, you will get hacked — it’s only a matter of time,” warned Mr. Grossman. “If that’s unacceptable to you, don’t put it online.”
Within weeks, I set up unique, complex passwords for every Web site, enabled two-step authentication for my e-mail accounts, and even covered up my computer’s Web camera with a piece of masking tape — a precaution that invited ridicule from friends and co-workers who suggested it was time to get my head checked.
But recent episodes offered vindication. I removed the webcam tape — after a friend convinced me that it was a little much — only to see its light turn green a few days later, suggesting someone was in my computer and watching. More recently, I received a text message from Google with the two-step verification code for my Gmail account. That’s the string of numbers Google sends after you correctly enter the password to your Gmail account, and it serves as a second password. (Do sign up for it.) The only problem was that I was not trying to get into my Gmail account. I was nowhere near a computer. Apparently, somebody else was.
It is absurdly easy to get hacked. All it takes is clicking on one malicious link or attachment. Companies’ computer systems are attacked every day by hackers looking for passwords to sell on auctionlike black market sites where a single password can fetch $20. Hackers regularly exploit tools like John the Ripper, a free password-cracking program that use lists of commonly used passwords from breached sites and can test millions of passwords per second.
Chances are, most people will get hacked at some point in their lifetime. The best they can do is delay the inevitable by avoiding suspicious links, even from friends, and manage their passwords. Unfortunately, good password hygiene is like flossing — you know it’s important, but it takes effort. How do you possibly come up with different, hard-to-crack passwords for every single news, social network, e-commerce, banking, corporate and e-mail account and still remember them all?
To answer that question, I called two of the most (justifiably) paranoid people I know, Jeremiah Grossman and Paul Kocher, to find out how they keep their information safe. Mr. Grossman was the first hacker to demonstrate how easily somebody can break into a computer’s webcam and microphone through a Web browser. He is now chief technology officer at WhiteHat Security, an Internet and network security firm, where he is frequently targeted by cybercriminals. Mr. Kocher, a well-known cryptographer, gained notice for clever hacks on security systems. He now runs Cryptography Research, a security firm that specializes in keeping systems hacker-resistant. Here were their tips:
FORGET THE DICTIONARY If your password can be found in a dictionary, you might as well not have one. “The worst passwords are dictionary words or a small number of insertions or changes to words that are in the dictionary,” said Mr. Kocher. Hackers will often test passwords from a dictionary or aggregated from breaches. If your password is not in that set, hackers will typically move on.
NEVER USE THE SAME PASSWORD TWICE People tend to use the same password across multiple sites, a fact hackers regularly exploit. While cracking into someone’s professional profile on LinkedIn might not have dire consequences, hackers will use that password to crack into, say, someone’s e-mail, bank, or brokerage account where more valuable financial and personal data is stored.
COME UP WITH A PASSPHRASE The longer your password, the longer it will take to crack. A password should ideally be 14 characters or more in length if you want to make it uncrackable by an attacker in less than 24 hours. Because longer passwords tend to be harder to remember, consider a passphrase, such as a favorite movie quote, song lyric, or poem, and string together only the first one or two letters of each word in the sentence.
OR JUST JAM ON YOUR KEYBOARD For sensitive accounts, Mr. Grossman says that instead of a passphrase, he will randomly jam on his keyboard, intermittently hitting the Shift and Alt keys, and copy the result into a text file which he stores on an encrypted, password-protected USB drive. “That way, if someone puts a gun to my head and demands to know my password, I can honestly say I don’t know it.”
STORE YOUR PASSWORDS SECURELY Do not store your passwords in your in-box or on your desktop. If malware infects your computer, you’re toast. Mr. Grossman stores his password file on an encrypted USB drive for which he has a long, complex password that he has memorized. He copies and pastes those passwords into accounts so that, in the event an attacker installs keystroke logging software on his computer, they cannot record the keystrokes to his password. Mr. Kocher takes a more old-fashioned approach: He keeps password hints, not the actual passwords, on a scrap of paper in his wallet. “I try to keep my most sensitive information off the Internet completely,” Mr. Kocher said.
A PASSWORD MANAGER? MAYBE Password-protection software lets you store all your usernames and passwords in one place. Some programs will even create strong passwords for you and automatically log you in to sites as long as you provide one master password. LastPass, SplashData and AgileBits offer password management software for Windows, Macs and mobile devices. But consider yourself warned: Mr. Kocher said he did not use the software because even with encryption, it still lived on the computer itself. “If someone steals my computer, I’ve lost my passwords.” Mr. Grossman said he did not trust the software because he didn’t write it. Indeed, at a security conference in Amsterdam earlier this year, hackers demonstrated how easily the cryptography used by many popular mobile password managers could be cracked.
IGNORE SECURITY QUESTIONS There is a limited set of answers to questions like “What is your favorite color?” and most answers to questions like “What middle school did you attend?” can be found on the Internet. Hackers use that information to reset your password and take control of your account. Earlier this year, a hacker claimed he was able to crack into Mitt Romney’s Hotmail and Dropbox accounts using the name of his favorite pet. A better approach would be to enter a password hint that has nothing to do with the question itself. For example, if the security question asks for the name of the hospital in which you were born, your answer might be: “Your favorite song lyric.”
USE DIFFERENT BROWSERS Mr. Grossman makes a point of using different Web browsers for different activities. “Pick one browser for ‘promiscuous’ browsing: online forums, news sites, blogs — anything you don’t consider important,” he said. “When you’re online banking or checking e-mail, fire up a secondary Web browser, then shut it down.” That way, if your browser catches an infection when you accidentally stumble on an X-rated site, your bank account is not necessarily compromised. As for which browser to use for which activities, a study last year by Accuvant Labs of Web browsers — including Mozilla Firefox, Google Chrome and Microsoft Internet Explorer — found that Chrome was the least susceptible to attacks.
SHARE CAUTIOUSLY “You are your e-mail address and your password,” Mr. Kocher emphasized. Whenever possible, he will not register for online accounts using his real e-mail address. Instead he will use “throwaway” e-mail addresses, like those offered by10minutemail.com. Users register and confirm an online account, which self-destructs 10 minutes later. Mr. Grossman said he often warned people to treat anything they typed or shared online as public record.
“At some point, you will get hacked — it’s only a matter of time,” warned Mr. Grossman. “If that’s unacceptable to you, don’t put it online.”
In a remarkable coincidence, the following book is in pubication process which describes a cipher which was discovered about 5500 years ago and used as Meluhha hieroglyphs and deployed on cuneiform and other tablets of clay. Maybe, the cipher offers a more reliable solution to the security of today's electronic tablets.
Clearly, there are insecure tablets and there are secure tablets for business transactions of Bronze Age.
Await the publication announcement. (Note: The ancient cipher is so safe and reliable, that it has defied meaning for nearly 150 years since the discovery of the first tablet of Bronze Age!!).
Kalyanaraman
Sarasvati Research Center
April 9, 2014
Philosophy of symbolic forms in Meluhha cipher
The thesis reports re-discovery of lexical repertoire of Meluhha language. Meluhha language was in vogue during the Bronze Age from ca. 5th millennium BCE. Meluhha hieroglyphs of symbolic forms relate to Meluhha life-experiences as sphoṭā‘burst forth’ expressions in Meluhha language. The function of Meluhha writing system deploying Meluhha cipher as mudrā is to catalog wheelwright-lapidary artifacts of stone, shell, metal traded by maritime seafaring merchants and artisan-merchant caravans along the famed, extensively documented Tin Road. The cipher key here is artha translated as composite of entities and also ‘meaning’. In the Indian tradition, the word artha is a gloss which signifies both ‘meaning’ and also ‘wealth’ as seem in the compound Arthaśāstra used as a title for Kauṭilya’s treatise on wealth-creation and polity. This meaning is consistent with the word used for a polity Rāṣṭram (lit. ‘the firm, lighted path’) personified as divinity, vāk.
sphoṭāvāda elaborates on philosophical foundations of symbolic forms as media for ‘meanings’. In Indian rhetoric tradition mudra refers to ‘the natural expression of things by words , calling things by their right names’ (Kuvalayānanda). It is an energetic seal of authenticity. The gloss mudrā also signifies a seal, stamp, or impression made by a seal. Thus, by definition, the process of ‘sealing’ to create a ‘seal impression’ is an expression of words deploying symbolic forms. To call things by their right names, a rebus cipher with glosses of underlying glosses and related sounds of Meluhha language are used. The semantics get expanded to evolve mudra as a particular branch of education (e.g., reckoning by the fingers). In Tantra 108 mudrā are used; in Yoga, mudrā are used together with praanaayaama (breathing exercises) and āsana-s ("seated postures"). Nāṭyaśāstra lists 24 asamyuta ("separated", meaning "one-hand and fingers") and 13 samyuta("joined", meaning "two-hand and fingers") mudrā-s. A commentary on Hevajra Tantra refers to symbolic bone ornaments as seals or mudrā -s. (Sanskrit: aṣṭhiamudrā).
In the entire corpora of Meluhha hieroglyphs there are only two significant symbolic forms which may relate to ‘veneration’ or ‘worship’. Even these two symbolic forms are read rebus and are consistent with the archaeological context of working with ores, minerals, metals and alloys as life-activities. One form is of a person seated in a penance and is read rebus: kamaḍha‘penance’ Rebus: kammaṭa‘coiner, mint’. The second form is of a pair of persons flanking a person seated in persons; the pair of persons are shown using a mudrā‘with folded hands – as salutation’; this is called in Indian tradition añci- ‘to reverence’ read rebus: añjana’antimony’ (Chemical symbol: Sb).
This is a sequel to Meluhha – tree of life which evaluated hieroglyphs as sacred carvings incised, to convey rebus substantive messages in Meluhha as we traverse, in a pilgrim’s progress, through mists of time into the Bronze Age. Language glosses tag to symbolic forms and get associated with divinities and tree of life are Meluhha sacred carvings; they connote -- rebus -- metal artifacts of a kole.l'smithy/forge' which is, kole.l'temple'.
Archaeological evidences from Ancient Near East point to the practice of worship in temples of divinities associated with these hieroglyphs. Kabbalah of the Ancient Near East tradition is a synonym of aagama of Indian tradition with the roots found in Meluhha as a visible language. Both traditions venerate altars as models of temples. Many metal artifacts are shown as aayudha ‘weapons’ in the hands of Pratimā in Indian iconographic tradition with an intimation of memories of smithy traditions of ancestors. In Indian tradition. Pratimā lakṣaṇa, bimba reflections in a tranquil pool of consciousness transform into stone or metal or wood hieroglyphs in a temple. Pratimā or mudrā -s are not mere abstractions but firmly premised on language sememes.
Table of Contents
Re-discovery of Meluhha language Indian linguistic area: pre-aryan, pre-Munda and pre-dravidian in India Intimations of casting, soldering, riveting work, working with zinc (pewter), ivory Evidence from Vālmīki Rāmāyaṇa Evidence from Śatapatha Brāhmaṇa for mleccha Vācas Evidence related to proto-Indian or proto-Indic or Indus language Proto-Munda continuity and Language X Reconstructing mleccha of 5th millennium BCE Tin road caravan documentationHistorical background Mleccha as bhāratam janamHarappan control over the Oman SeaMeluhha, Mleccha areas: Sarasvati River Basin and Coastal Regions of Gujarat, Baluchistan, Ancient Near EastSphōṭavāda, theory of bursting forth Three Samarra bowls: morakkhaka loha, pisācī loha morakkhaka loha 'a kind of copper' pisācī loha, ‘a kind of copper’ Tin Road: Ashur-Kultepe and Meluhha hieroglyphs Function served by the ‘standard device’ in Meluhha cultural, life-activities Shahdad standard Hieroglyphs on Warka vase read rebus as epigraphs Tabernae montana as a hieroglyph Seafaring metal merchants One Meluhhan village in Akkad (3rd millennium BCE) Forge: stone, minerals, gemstones Meluhhans had travelled, traded and settled in Ancient Near East Meluhha artisans had blazed the trail of lost-wax metallurgy Dhokra as a Meluhha hieroglyph Reduplication and homonyms with rebus readings as ‘areal universals’ Starting with verbs depicted as hieroglyphs Structural characteristics of hieroglyphs Indus script “fish-eyes” traded with Ur ‘Fish’ hieroglyph on Susa pot connotes alloy metal Functions of tablets and seals: an archeological context Appendix A: tagar symbolic forms Appendix B: krəm‘neck’ symbolic forms Appendix C:काणkāṇa‘one-eyed’, āra‘six’, ‘six rings of hair’ symbolic forms Appendix D: kol ‘tiger’ symbolic forms Appendix E: eṟaka'upraised arm' Appendix F: dhokra kamar‘lost-wax metal caster’ Appendix G: Processions of stone-/metal-ware competence Appendix H: Interpretation of Māyā's dream in Bauddham Appendix I: Sphōṭavāda Appendix J: Meluhha glosses related to symbolic form: helmsman, cargo kārṇī account Appendix K: Metals trade catalog on a seal Appendix L: Seal number 198 from Legrain 1921 Appendix M: Rebus as dream, as literacy Appendix N: Bronze Age Linguistic Doctrine Appendix O: Eagle and snake hieroglyphs Appendix P: Meluhha hieroglyphs on a Proto-Cuneiform tablet Appendix Q: Archaeological context is a cultural context for symbolic forms of ‘meanings’ Appendix R: ran:ga‘pewter or alloy of tin (ran:ku), lead (nāga) and antimony (añjana)’ Bibliography Index End Notes | 5 22 25 32 38 45 54 61 73 79 86 89 95 130 132 144 153 163 165 182 184 186 201 208 210 220 259 263 271 274 285 288 304 313 317 327 328 351 362 368 392 484 538 578 585 639 655 689 693 717 723 729 735 739 750 |