On Mon, 11 Jul 2005, Lance James wrote:
[...]
place to fend off these attacks. Soon phishers will just use the site itself
to phish users, pushing away the dependency on tricking the user with a
spoofed or mirrored site.
[...]
You dismiss too much with your just. They already do attack
--
Adam Fields [EMAIL PROTECTED]
But it's so much worse than that. Not only is there no
standard behavior, the credit companies themselves
have seemingly gone out of their way to make it
impossible for there to be any potential for a
standard.
Widely shared secrets are inherently
Well, whether you like the cell phone as
the out-of-band second-factor, you can now
unlock your front door with it...
http://weblog.physorg.com/news2334.html
--dan
-
The Cryptography Mailing List
Unsubscribe by sending
Eric Rescorla wrote, on July 1:
There's an interesting paper up on eprint now:
http://eprint.iacr.org/2005/205
Another look at HMQV
Alfred Menezes
...
In this paper we demonstrate that HMQV is insecure by presenting
realistic attacks in the Canetti-Krawczyk model
Jason Holt wrote:
On Mon, 11 Jul 2005, Lance James wrote:
[...]
place to fend off these attacks. Soon phishers will just use the site
itself to phish users, pushing away the dependency on tricking the
user with a spoofed or mirrored site.
[...]
You dismiss too much with your just. They
Perry E. Metzger wrote:
Florian Weimer [EMAIL PROTECTED] writes:
* Perry E. Metzger:
Nick Owen [EMAIL PROTECTED] writes:
It would seem simple to thwart such a trojan with strong authentication
simply by requiring a second one-time passcode to validate the
transaction itself in addition to
Peter Fairbrother wrote:
Florian Weimer wrote:
* David Alexander Molnar:
Actually, smart cards are here today. My local movie theatre in Berkeley,
California is participating in a trial for MasterCard PayPass. There is
a little antenna at the window; apparently you can just wave your card
Ben Laurie [EMAIL PROTECTED] writes:
That could be fixed. I think the right design for such a device has
it only respond to signed and encrypted requests from the issuing
bank directed at the specific device, and only make signed and
encrypted replies directed only at the specific issuing
In Brazil there's alot of trojans similar to the one Steven mentioned,
almost all of them targeted at diferent national banks.
A while back they worked as external pop-ups as we named them. That is
they appeared on top of the browser appearing visually like when you are
asked for your
Perry E. Metzger wrote:
Ben Laurie [EMAIL PROTECTED] writes:
That could be fixed. I think the right design for such a device has
it only respond to signed and encrypted requests from the issuing
bank directed at the specific device, and only make signed and
encrypted replies directed only at
Perry E. Metzger wrote:
By the way, I note as an aside that this also means (in my opinion)
that certificates are no longer an interesting technology for
payments protocols, because in a purely online environment, you
never need a third party x.509 certificate in the course of the
payments
Perry E. Metzger wrote:
Ah, I see what you mean.
Sadly, I don't think there is much to be done about that, but I think
that (personally) I'd only end up with two of the things. If they can
be made credit card sized, I don't see this as worse than what I have
to carry now.
there are a
Ben Laurie [EMAIL PROTECTED] writes:
Perry E. Metzger wrote:
Anonymity is a concern to me, too, but I suspect that it is hard to
get anonymity in a credit card transaction using current means, even
if the merchant isn't online. Pseudonymity, perhaps.
Can we not aim higher than merely doing
Perry Metzger wrote:
So, the next time one of your friends in Germany asks why the crazy
Americans think ID cards and such are a bad thing, remember my
father, and remember all the people like him who fled to the US over
the last couple hundred years and who left children that still
remember
At 09:29 PM 7/9/2005, Perry E. Metzger wrote:
The Blue Card, so far as I can tell, was poorly thought out beyond its
marketing potential. I knew some folks at Amex involved in the
development of the system, and I did not get the impression they had
much of a coherent idea of what the
I am reminded of a passage from Buffy the Vampire Slayer.
In the episode Lie to Me:
BILLY FORDHAM: I know who you are.
SPIKE: I know who I am, too. So what?
My point here is that knowing who I am shouldn't be a
crime, nor should it contribute to enabling any crime.
Suppose you
On Tue, Jul 12, 2005 at 02:48:02PM -0700, Bill Stewart wrote:
| At 09:29 PM 7/9/2005, Perry E. Metzger wrote:
| The Blue Card, so far as I can tell, was poorly thought out beyond its
| marketing potential. I knew some folks at Amex involved in the
| development of the system, and I did not get the
In Hong Kong a lot of people do little more than wave their bags at the
turnstile. Removing the wallet and revealing its size is unnecessary.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ben Laurie
Sent: Tuesday, 12 July 2005 8:14 PM
To: Peter
18 matches
Mail list logo