On Fri, Aug 13, 2010 at 09:32:57AM -0700, Jeff Simmons wrote:
It wouldn't surprise me if there's been some blowback from the
adoption of PCI-DSS (Payment Card Industry Data Security
Standards). As someone who has had to help several small to medium
size businesses comply with these 'voluntary'
On Tue, Jan 27, 2009 at 09:04:45AM -0500, Jerry Leichter wrote:
[...]
It might be useful to put together a special-purpose HTTPS client
which would initiate a connection and tell you about the cert
returned, then exit.
[...]
I often use this (though there's probably an easier way)...
On Tue, Jun 10, 2008 at 11:41:56PM +0100, Dave Howe wrote:
The key size would imply PKI; that being true, then the ransom may
be for a session key (specific per machine) rather than the
master key it is unwrapped with.
Per the computerworld.com article:
Kaspersky has the public key in
On Wed, Jun 11, 2008 at 11:53:54AM -0400, Leichter, Jerry wrote:
Returning to the point of the earlier question - why doesn't someone
pay the ransom once and then use the key to decrypt everyone's files:
Assuming, as seems reasonable, that there is a session key created
per machine and then
On Wed, May 28, 2008 at 10:34:53AM +0200, Philipp Gühring wrote:
it is imperative that wasteful reads of this pseudo-device be
avoided at all costs.
Yes. Still, some people are using fopen/fread to access
/dev/random, which does pre-fetching on most implementations I
saw, so using
On Sat, Feb 23, 2008 at 05:09:29AM +1300, Peter Gutmann wrote:
There were commercial products that did this available some years
ago, they hooked into the Windows auth using a custom GINA DLL
(GINA = the Windows extensible login/authentication mechanism,
think PAM for Windows) and locked the
On Mon, Jan 28, 2008 at 03:56:11PM -0700, John Denker wrote:
[...]
I don't think it is very common; I get only five hits from
http://www.google.com/search?q=two-person-login
[...]
Try searching for secret splitting instead.
From the foregoing, you might conclude that the two-person login
On Tue, Jan 29, 2008 at 03:37:26PM -0600, Nicolas Williams wrote:
I think you missed John's point, which is that two-person *login*
says *nothing* about what happens once logged in -- logging in
enables arbitrary subsequent transactions that may not require two
people to acquiesce.
Certainly,
On Tue, Mar 20, 2007 at 08:14:26PM -0400, Dan Geer wrote:
Quoting from a discussion of threat posed by software virtualization as
found in Symantec's ISTR:xi, released today:
The second type of threat that Symantec believes could emerge is
related to the impact that softwarevirtualized