Our (Sandy Clark, Travis Goodspeed, Perry Metzger, Zachary Wasserman, Kevin Xu
and me) Usenix Security paper on vulnerabilities in the P25 two-way radio
system (used by public safety agencies in the US and elsewhere) is out today.
See
http://www.crypto.com/papers/p25sec.pdf
for the paper
I don't know anything beyond this this news story, but interesting...
http://www.praguemonitor.com/2010/09/14/mfd-bis-offers-tax-free-money-encryption-system
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe
On May 2, 2009, at 5:53, Peter Gutmann wrote:
Perry E. Metzger pe...@piermont.com writes:
Greg Rose g...@qualcomm.com writes:
It already wasn't theoretical... if you know what I mean. The
writing
has been on the wall since Wang's attacks four years ago.
Sure, but this should light a fire
Like many people, I found last week's Newsweek cover
piece, revealing Thomas M. Tamm as the principal source
for James Risen and Eric Lichtblau's 2005 NY Times story
that broke the warrantless wiretap story, to be a riveting
read.
But I actually found a sidebar to the story even more
On Aug 26, 2008, at 10:15, [EMAIL PROTECTED] wrote:
On Tue, Aug 26, 2008 at 9:24 AM, Perry E. Metzger
[EMAIL PROTECTED] wrote:
http://www.technologyreview.com/Infotech/21301/?a=f
From the article: other toll systems, like E-Z Pass and I-Pass, need
to be looked at too
A couple years ago I
The EFF yesterday filed a letter from a number of academic security
researchers
urging the judge in the MIT Charlie Card case to reverse the
restraining
order. It can be found on the EFF's case page, at
http://www.eff.org/cases/mbta-v-anderson/
As a security researcher (and one of the
One of the less-discussed risks of widespread surveillance is
not just the abuse or misuse of intercepted content and meta-
data by the government, but its accidental disclosure. As
more and more private data gets collected, and as it sits
around for longer and longer, it becomes inevitable that
There was a terrific interdisciplinary workshop this week at MIT on
security and human behavior. Organized by Ross Anderson and
Bruce Schneier, the idea was to bring together security researchers
from diverse fields who don't normally talk with each other: computing,
psychology, economics,
On May 8, 2008, at 19:08, Leichter, Jerry wrote:
An interesting datapoint I've always had on this question: Back in
1975
or so, a mathematician I knew (actually, he was a friend's PhD
advisor)
left academia to go work for the NSA. Obviously, he couldn't say
anything at all about what he
During the 1980's and 1990's crypto wars, an occasional topic of
speculation was
just how much the NSA was ahead of the open/public/academic
cryptography research
community in cryptanalysis and cipher design. We wondered (and still
wonder)
whether the NSA was merely a strong center of
Nonsense. Total nonsense. A half-decent reverse engineer does not
need the source code and can easily determine the exact operation of
all the security-related components from the compiled executables,
extracted ROM/EPROM code or reversed FPGA/ASIC layout
I'm glad to know that you have managed
So I recently re-read Lawrence Wright's controversial piece in the
New Yorker profiling Director of National Intelligence Mike McConnell.
(http://www.newyorker.com/reporting/2008/01/21/080121fa_fact_wright)
While the piece's glimpse into the administration's attitudes toward
torture
and
I'm all for email encryption and signatures, but I don't see
how this would help against today's phishing attacks very much,
at least not without a much better trust management interface on
email clients (of a kind much better than currently exists
in web browsers).
Otherwise the phishers could
I was surprised to discover that one of James Randi's million dollar
paranormal challenges is protected by a surprisingly weak (dictionary-
based) commitment scheme that is easily reversed and that suffers from
collisions. For details, see my blog entry about it:
On Mar 26, 2006, at 22:07, Joseph Ashwood wrote:
- Original Message - From: J. Bruce Fields
[EMAIL PROTECTED]
Subject: Re: Creativity and security
On Fri, Mar 24, 2006 at 06:47:07PM -, Dave Korn wrote:
IOW, unless we're talking about a corrupt employee with a
photographic
Yes, it's not at all clear from these stories just what was
going on or how high tech the attack would have to be. What does
diverting to a prepaid mobile mean? Here's a possibility:
they social engineered or otherwise compromised the target account
to assigned it a new telephone number and
And for those who didn't catch this bit on the webcast (or in person):
The Bletchley park trust wants to sell off the building that houses the
Colossus rebuild and turn it in to housing.
Another group, the Bletchley Park Heritage (run by, among others,
the amazingly interesting Tony Sale) hopes
A group of computer scientists at Johns Hopkins and RSA Labs
is reporting practical attacks against the TI Digital Signature
Transponder RFID chip, which is used, among other things, to
secure many automotive transponder ignition keys and the
SpeedPass payment system. Their paper is available at
I've been thinking for a while about the relationship between the
human-scale security systems used to protect the physical world
the cryptologic and software systems that protect the electronic
world. I'm increasingly convinced that these areas have far more
in common that we might initially
On Jul 3, 2004, at 14:22, Dave Howe wrote:
Well if nothing else, it is impossible for my bank to send me anything
I would believe via email now
To take this even slightly more on-topic - does anyone here have a
bank capable of authenticating themselves to you when they ring you?
I have had
I wrote:
For some recent relevant papers, see the ACM-CCS '02 paper my colleagues
and I wrote on our JFK protocol (http://www.crypto.com/papers/jfk-ccs.ppt),
...
But of course I meant the url to be
http://www.crypto.com/papers/jfk-ccs.pdf
I don't know what I could have been thinking; I
I imagine the Plumbers Electricians Union must have used similar
arguments to enclose the business to themselves, and keep out unlicensed
newcomers. No longer acceptable indeed. Too much competition boys?
Rich,
Oh come on. Are you willfully misinterpreting what I wrote, or
did you
Perry writes:
Richard Schroeppel [EMAIL PROTECTED] writes:
(Responding to the chorus of protocol professionals saying please do
not roll your own)
I imagine the Plumbers Electricians Union must have used similar
arguments to enclose the business to themselves, and keep out unlicensed
EKR writes:
I'm trying to figure out why you want to invent a new authentication
protocol rather than just going back to the literature and ripping
off one of the many skeletons that already exist (STS, JFK, IKE,
SKEME, SIGMA, etc.). That would save people from the trouble
of having to
: 31 March 2004
Camera-Ready Papers Due: 18 May 2004
ORGANIZERS
Program Chair:
Matt Blaze, ATT / University of Pennsylvania
Program Committee:
Bill Aiello, ATT Labs - Research
Tina Bird, Stanford University
Drew Dean, SRI International
Carl Ellison, Microsoft
Eu-Jin Goh, Stanford University
Sotiris
25 matches
Mail list logo