Re: UK RIPA Pt 3
Peter Fairbrother wrote: The UK Home Office have just announced that they intend to bring the provisions of Pt 3 of the Regulation of Investigatory Powers Act 2000 into force on 1st October. This is the law that enables Policemen to demand keys to encrypted material, on pain of imprisonment, and without judicial approval of these demands. There is one last Parliamentary process to go through, the approval of a code of practice, but as far as I know there has never been a case of one of these failing to pass - though a related one was withdrawn a few years ago. We will try to prevent it happening, the chances of success are against us but it is not impossible. You are not required to keep keys indefinitely, or give up a key you don't have, but the rules regarding the assumption that you know a key at least partially reverse the normal burden of proof. I forgot to mention that Pt.3 also includes coercive demands for access keys - so for instance if Mr Bill Gates came to the UK, and if there was some existing question about Microsoft's behaviour in some perhaps current EU legal matter, Mr Gates could be required to give up the keys to the Microsoft internal US servers. Or go to jail. Though I'd quite like to see that :), I don't think it would be entirely appropriate ... -- Peter Fairbrother - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: The bank fraud blame game
R. Hirschfeld wrote: - differential pricing: electronic purse payments are potentially cheaper to process than those of debit cards because they are offline, but consumers find it more convenient to keep money in their bank account than on a smart card and will likely continue to do so as long as it costs no more. (This may become less of an issue if/when all vending machines and parking meters are on the internet anyway.) re: http://www.garlic.com/~lynn/aadsm27.htm#41 The bank fraud blame game in the mid-90s a number of US financial institutions looked at the economics of the EU chipcard electronic purses (modulo the float issue ... which could be made to work) the issue was that the (much more) expensive chips were being used to offset the significantly higher PTT costs (and/or just plain PTT availability) in Europe. The US could deploy a magstripe authentication card for stored-value ... that did online transactions using much of the existing online point-of-sale infrastructure ... for significantly lower overall infrastructure costs than the EU chip-based offline stored value. The magstripe card basically became a something you have authentication mechanism. The primary trade-off issue was that the US telecom pricing was so much lower than in Europe (and lots of 80s 90s design in europe was being driven by the extremely high PTT costs and/or, in some cases, lack of PTT availability). Note, however, the internet along with various telcom and technology changes around the world have contributed to significantly changing the online/offline economic trade-off considerations. Independent of the online/offline economic issues ... there are some fraud and security issues that could drive towards using chips for a more secure something you have authentication device. however, there is some lingering effects from the older high PTT costs related to chip-based architectures ... and whether there are any residual design features related to (originally) supporting offline operation. Part of this could be seen in the yes card exploits ... where, transaction business rules were left in the chip implementation (as oppsed to the chip being purely an authentication mechanism) ... contributing to the enormous vulnerability increase http://www.garlic.com/~lynn/subintegrity.html#yescard For the float issue with regard to this class of US gift/stored-value cards ... they are sold as merchant cards ... i.e. the kind of gift stored-value cards you see used by coffee shops, video rental, grocery stores, large department stores, etc. Possibly, in part, because they are merchant cards ... as opposed to bank cards ... the associated accounts and balances are pretty far removed from any jurisdiction that might impose payment of interest. misc. past posts about how the large difference in telecom costs drove different solutions http://www.garlic.com/~lynn/aepay11.htm#28 Solving the problem of micropayments http://www.garlic.com/~lynn/aepay11.htm#70 Confusing Authentication and Identiification? (addenda) http://www.garlic.com/~lynn/aadsm16.htm#12 Difference between TCPA-Hardware and a smart card (was: example: secure computing kernel needed) http://www.garlic.com/~lynn/aadsm18.htm#39 Financial identity is *dangerous*? (was re: Fake companies, real money) http://www.garlic.com/~lynn/aadsm21.htm#12 Payment Tokens http://www.garlic.com/~lynn/aadsm6.htm#digcash IP: Re: Why we don't use digital cash http://www.garlic.com/~lynn/2001m.html#4 Smart Card vs. Magnetic Strip Market http://www.garlic.com/~lynn/2002c.html#22 Opinion on smartcard security requested http://www.garlic.com/~lynn/2002c.html#23 Opinion on smartcard security requested http://www.garlic.com/~lynn/2002d.html#41 Why? http://www.garlic.com/~lynn/2002e.html#22 Opinion on smartcard security requested http://www.garlic.com/~lynn/2003h.html#54 Smartcards and devices http://www.garlic.com/~lynn/2004j.html#39 Methods of payment http://www.garlic.com/~lynn/2004j.html#43 Methods of payment http://www.garlic.com/~lynn/2005g.html#34 Maximum RAM and ROM for smartcards - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
UK RIPA Pt 3
The UK Home Office have just announced that they intend to bring the provisions of Pt 3 of the Regulation of Investigatory Powers Act 2000 into force on 1st October. This is the law that enables Policemen to demand keys to encrypted material, on pain of imprisonment, and without judicial approval of these demands. There is one last Parliamentary process to go through, the approval of a code of practice, but as far as I know there has never been a case of one of these failing to pass - though a related one was withdrawn a few years ago. We will try to prevent it happening, the chances of success are against us but it is not impossible. You are not required to keep keys indefinitely, or give up a key you don't have, but the rules regarding the assumption that you know a key at least partially reverse the normal burden of proof. m-o-o-t will be there on the day. m-o-o-t is a freeware live CD containing OS and applications, including an ephemerally keyed messaging service, and a steganographic file system. If anyone knows of any other technologies to defeat this coercive attack I would be glad to hear of them, and perhaps include them in m-o-o-t. -- Peter Fairbrother www.m-o-o-t.org - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: The bank fraud blame game
R. Hirschfeld wrote: During the course of the CAFE project some commercial electronic purse systems emerged, notably Proton (from Banksys in Belgium, replicated in other counties under other names) and Mondex. These were in many ways less sophisticated than CAFE's system (which was multi-issuer, multi-currency, privacy-respecting, etc.) but had serious commercial backing. For the most part these seem to have stagnated or died. I suspect that getting them to catch on would require drastic measures such as: we had gotten tasked to do a design and costing of mondex implementation in the states (all the transaction processing dataprocessing, sizing capacity and resources, etc) ... and looking at pricing various kinds of mondex related transactions (super brick from mondex international and how it flowed thru the rest of the infrastructure). the conclusion we came up with was that nearly all the financial justification for mondex was in the float. later there were scenarios where mondex international was encouraging deployment in various countries by offering to split the float with the chartered mondex national body (and then it seemed like float offerings were starting to peculate down to financial institutions lower in the mondex hierarchy) then along came an EU statement that mondex (and similar implementations) would only be given a grace period with regard to retaining the float (as a mechanism to underwrite start-up costs) ... but after a period of 2-3 yrs, they were then going to be required to start paying interest on balances carried in the cards. after that, much of the interest(?) seemed to evaporate. separately there were some issues with the chip technology being used in the mondex cards. misc. past posts mentioning mondex. http://www.garlic.com/~lynn/aepay6.htm#cacr7 7th CACR Information Security Workshop http://www.garlic.com/~lynn/aadsm6.htm#digcash IP: Re: Why we don't use digital cash http://www.garlic.com/~lynn/aadsm7.htm#idcard2 AGAINST ID CARDS http://www.garlic.com/~lynn/aadsm18.htm#42 Payment Application Programmers Interface (API) for IOTP http://www.garlic.com/~lynn/aadsm20.htm#7 EMV http://www.garlic.com/~lynn/aadsm21.htm#1 Is there any future for smartcards? http://www.garlic.com/~lynn/aadsm23.htm#23 Payment systems - the explosion of 1995 is happening in 2006 http://www.garlic.com/~lynn/aadsm25.htm#31 On-card displays http://www.garlic.com/~lynn/2002e.html#14 EMV cards http://www.garlic.com/~lynn/2002e.html#18 Opinion on smartcard security requested http://www.garlic.com/~lynn/2002g.html#53 Are you sure about MONDEX? http://www.garlic.com/~lynn/2002g.html#54 Are you sure about MONDEX? http://www.garlic.com/~lynn/2004j.html#12 US fiscal policy (Was: Bob Bemer, Computer Pioneer,Father of ASCII,Invento http://www.garlic.com/~lynn/2004j.html#14 US fiscal policy (Was: Bob Bemer, Computer Pioneer,Father of ASCII,Invento http://www.garlic.com/~lynn/2005i.html#10 Revoking the Root http://www.garlic.com/~lynn/2005v.html#1 Is Mondex secure? http://www.garlic.com/~lynn/2007b.html#47 newbie need help (ECC and wireless) http://www.garlic.com/~lynn/2007i.html#57 John W. Backus, 82, Fortran developer, dies - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: The bank fraud blame game
Stefan Lucks [EMAIL PROTECTED] writes: There is a big difference between a TPM providing this kind of service, and Peter's device. The TPM is supposed to be hard-wired into a PC -- so if you are using it to safe your banking applications, you can do banking at one single PC. On the other hand, Peter's device is portable, you can use it to do safe banking from your PC at home, or in the office (only during lunch- breaks with the employer's permission of course), or even at a public internet cafe. To this end, Peter's device would be much more useful for the customer than a TPM ever could be. The portability aspect was one contributing factor, but the other one was more philosophical. As Dan Geer put it recently, If you're losing at a game that you can't afford to lose, change the rules. We've been trying since at least the mid-1960s to move the insecurity away from the computer using an entire industry's worth of gadgets and tricks, and yet we're falling further and further behind the attackers. The external-authorisation-box approach changes the rules and instead moves the computer away from the insecurity. Since the only interface to the computer is feed in blob and retrieve blob, it doesn't matter how insecure the surrounding environment is, there's not much that it can do to the auth-box. BTW, Peter, are you aware that your device looks similar to the one proposed in the context of the CAFE project? See http://citeseer.ist.psu.edu/48859.html I had the feeling it sort of collapsed under its own complexity, the smart card/EMV/etc problem that I referred to earlier. Philipp =?iso-8859-1?q?G=FChring?= [EMAIL PROTECTED] writes: About 50% of the online-banking users are doing personal online banking on company PCs, while they are at work. Company PCs have a special property: They are secured against their users. A user can't attach any device to a company PC that would need a driver installed. The external device emulates a standard USB memory key, to send data to it you write a file, to get data back you read a file (think /dev). There's no device driver to install, and no particularly tricky programming on the PC either. Peter. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: The bank fraud blame game
Philipp � wrote: * An external device that lets the user verify the transaction independently from the PC. The second possiblity has been realized by some european banks now, based on SMS and mobile phones, which sends the important transaction details together with a random authorisation code, that is bound to the transaction in the bank�s database. The user can then verify the transaciton, and then has to enter the authorisation code on the webinterface. (And the good thing is that they succeeded to get the usability so good that it�s more convenient than the previous TAN solution, and the cost increase of SMS compared to paper TANs is irrelevant) So I personally woul declare the online-banking problem solved (with SMS as second channel), but I am still searching for solutions for all others, especially non-transactional applications. How large is this code? The security of this system would seem to rest on the security of mobile phones against cloning. How were mobile phones protected against cloning? - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Hackers target C-level execs and their families
Hasn't this already been going on a while? I'm only surprised there hasn't been a big public incident yet. Udhay http://www.computerworld.com/action/article.do?command=viewArticleBasictaxonomyName=securityarticleId=9026048http://www.computerworld.com/action/article.do?command=viewArticleBasictaxonomyName=securityarticleId=9026048 By Jeremy Kirk July 02, 2007 IDG News Service Hackers appear to have stepped up their efforts over the past year to trick corporate executives into downloading malicious software that can steal company data, according to new data released today. MessageLabs Ltd., a security vendor that offers e-mail filtering services to catch spam and malicious attachments, caught an average of 10 e-mails per day in May targeted at people in senior management positions, up from just one a day during the previous year, said Mark Sunner, chief security analyst. Those 10 e-mails are a tiny percentage of the 200 million e-mails that MessageLabs scans every day, but the composition of those messages is alarming, Sunner said. Many of the e-mails contained the name and title of the executive in the subject line, as well as a malicious Microsoft Word document containing executable code. The hackers are trying to trick the victims into thinking the messages come from someone they know, in the hope that the victim will willingly install, for example, a program that can record keystrokes. MessageLabs won't reveal what companies have been targeted, but it has contacted executives who have been names in the e-mails and discovered that the family members of the executives have also received messages on their own, noncorporate e-mail accounts, Sunner said. Those methods suggests that hackers may be researching victims and culling data from social networking sites such as Linked In, MySpace or Facebook, Sunner said. If you really want to work out somebody's background ... you can actually find out a lot, Sunner said. Tricking a relative into installing malicious code would offer the hacker another way to collect sensitive data if an executive decides to do some work on a home computer, Sunner said. In June, MessageLabs picked up more than 500 of these targeted messages, with some 30% aimed at chief investment officers, a position that can include handling mergers and acquisitions. Other positions targeted include directors of research and development, company presidents, CEOs, chief information officers and chief financial officers. Another danger is that the e-mails are often single messages sent to a single person, rather than a mass spam run. When hackers send out millions of messages, security companies often either update their software or change their spam filters to trap the bad messages. But single messages have a higher chance of slipping through, although Sunner said MessageLabs' filtering service catches the messages by analyzing the e-mail's attachment and determining whether it is potentially harmful. Other security companies catch malware by updating their software with indicators, or signatures, to detect harmful code or block code from running based on what it does on a computer, a technology called behavioral detection. Tracing where the messages come from is difficult because the sender's name is always fake, Sunner said. The IP addresses from which the messages were sent indicate that the computers are located around the world. Hackers often use networks of computers they already control, called botnets, to send e-mails. Certainly, people need to raise the level of vigilance, Sunner said. -- ((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com)) - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: UK RIPA Pt 3
* Peter Fairbrother: I forgot to mention that Pt.3 also includes coercive demands for access keys - so for instance if Mr Bill Gates came to the UK, and if there was some existing question about Microsoft's behaviour in some perhaps current EU legal matter, Mr Gates could be required to give up the keys to the Microsoft internal US servers. Or go to jail. Well, if Mr Gates is a witness and not a suspect, such coercive measures are well within the legal framework of most countries. As a witness, you must testify. It simply does not matter if the information you are asked to provide is encrypted, or is stored in a database and needs significant preprocessing to obtain. It would be quite surprising if this was any different in the UK. So it's purely the self-incrimination part that is questionable from a legal POV. I think this bears repeating because we face a similar discussion in Germany regarding covert data seizure using technological measures, and the discussion focuses almost entirely on the technological measures. But the legal obstacle is just the covertness. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: The bank fraud blame game
Hi, The second possiblity has been realized by some european banks now, based on SMS and mobile phones, which sends the important transaction details together with a random authorisation code, that is bound to the transaction in the banks database. The user can then verify the transaciton, and then has to enter the authorisation code on the webinterface. How large is this code? 5 characters, including numbers and letters. I think you have something like 4 tries to enter a code correctly. (rough estimation: 5^30 = 931322574615478515625 / 4 = 232830643653869628906 , so you have a chance of 1:232830643653869628906 per transaction if you try it 4 times) The security of this system would seem to rest on the security of mobile phones against cloning. How were mobile phones protected against cloning? Well, the security depends on an attacker not being able to infect a specific users´s computer with a MitB and knowing and being able to clone this specific users´s mobile phone at the same time. Peter Gutmann wrote: The external device emulates a standard USB memory key, to send data to it you write a file, to get data back you read a file (think /dev). There's no device driver to install, and no particularly tricky programming on the PC either. Neat idea! It only has the problem that I know several companies already where you have to register your USB-stick, and only registered USB-sticks are allowed on the network ..., but it´s a neat workaround, yes. I think SecurityLayer should be easily adaptable to that concept. Do you already have an demo implementation of that external device, Peter? Best regards, Philipp Gühring - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Hackers target C-level execs and their families
* Udhay Shankar N.: Hasn't this already been going on a while? I'm only surprised there hasn't been a big public incident yet. Doesn't this one count? | According to Chief Superintendent Arye Edelman, head of the Tel Aviv | fraud squad, which ran the investigation, Haephrati used two methods | to plant his malicious software (or malware) in the target | computers. One was to send it via e-mail. The other was to send a disk | to the target company that purported to contain a business proposal | from a well-known company that would arouse no suspicions. Then, when | an employee loaded the disk to view the proposal, the Trojan horse | would infect his computer. http://www.haaretz.co.il/hasen/pages/ShArt.jhtml?itemNo=581790contrassID=Cd=1 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
How the Greek cellphone network was tapped.
A fascinating IEEE Spectrum article on the incident in which lawful intercept facilities were hacked to permit the secret tapping of the mobile phones of a large number of Greek government officials, including the Prime Minister: http://www.spectrum.ieee.org/print/5280 Hat tip: Steve Bellovin. Perry -- Perry E. Metzger[EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]