Peter Gutmann wrote:
Yup, see Why XML Security is Broken,
http://www.cs.auckland.ac.nz/~pgut001/pubs/xmlsec.txt, for more on this.
Peter's shared earlier drafts with me, and we've exchanged email about this.
The only complaint that has a factual basis is this:
I don't want to have to
Many important, sensitive login sites are not protected, making it
easier to steal passwords from naive (and even experienced) users. See
`Hall of Shame` listing such sites at
http://www.cs.biu.ac.il/~herzbea/Shame.html
Examples:
Banks and FIs: PayPal, Chase, SmithBarney (CitiGroup), Bank of
Ian G wrote:
On Wednesday 01 June 2005 15:07, [EMAIL PROTECTED] wrote:
Ian G writes:
| In the end, the digital signature was just crypto
| candy...
On the one hand a digital signature should matter more
the bigger the transaction that it protects. On the
other hand, the bigger the
Anne Lynn Wheeler wrote:
Peter Gutmann wrote:
That cuts both ways though. Since so many systems *do* screw with
data (in
insignificant ways, e.g. stripping trailing blanks), anyone who does
massage
data in such a way that any trivial change will be detected is going
to be
inundated with
--- begin forwarded text
Date: Tue, 7 Jun 2005 07:39:34 -0400
To: Philodox Clips List [EMAIL PROTECTED]
From: R.A. Hettinga [EMAIL PROTECTED]
Subject: [Clips] ECC registration is open
Reply-To: [EMAIL PROTECTED]
Sender: [EMAIL PROTECTED]
--- begin forwarded text
From: Tanja Lange [EMAIL
From: Ian G [EMAIL PROTECTED]
Sent: Jun 7, 2005 7:43 AM
To: John Kelsey [EMAIL PROTECTED]
Cc: Steve Furlong [EMAIL PROTECTED], cryptography@metzdowd.com
Subject: Re: Papers about Algorithm hiding ?
[My comment was that better crypto would never have prevented the
Choicepoint data leakage. --JMK]
On Tuesday 07 June 2005 14:52, John Kelsey wrote:
From: Ian G [EMAIL PROTECTED]
Sent: Jun 7, 2005 7:43 AM
To: John Kelsey [EMAIL PROTECTED]
Cc: Steve Furlong [EMAIL PROTECTED], cryptography@metzdowd.com
Subject: Re: Papers about Algorithm hiding ?
[My comment was that better crypto would
The likelihood of having the information compromised is very remote given
the type of equipment that is required to read it, Debby Hopkins,
Citigroup's chief operations and technology officer, said in an interview.
Additionally, the information is not in a format that an untrained eye
would even
--- begin forwarded text
Date: Tue, 7 Jun 2005 13:43:19 -0400
To: Philodox Clips List [EMAIL PROTECTED]
From: R.A. Hettinga [EMAIL PROTECTED]
Subject: [Clips] Christopher Hitchens: Terminal Futility
Reply-To: [EMAIL PROTECTED]
Sender: [EMAIL PROTECTED]
On Tue, Jun 07, 2005 at 05:41:12PM +0100, Ian G wrote:
|
| The difficulty here is that there is what we might call
| the Choicepoint syndrome and then there is the
| specific facts about the actual Choicepoint heist.
| When I say Choicepoint I mean the former, and the
| great long list of
In message [EMAIL PROTECTED], Perry E. Metzger writes:
The truth is, the likely reason no one encrypted the data on the tapes
in transit was because no one thought to do it, or they were too lazy
to bother to make even the simplest effort, or both.
I don't completely agree. While I suspect
On Tue, Jun 07, 2005 at 07:48:22PM -0400, Perry E. Metzger wrote:
It happens because some idiot web designer thought it was a nice
look, and their security people are too ignorant or too powerless to
stop it, that's why.
It has nothing to do with cost. The largest non-bank card issuer in
Steven M. Bellovin wrote:
The bigger issue, though, is more subtle: keeping track of the keys is
non-trivial. These need to be backed up, too, and kept separate from
(but synchronized with) the tapes. Worse yet, they need to be kept
secure. That may mean storing the keys with a different
13 matches
Mail list logo