there is another issue here in the corporate world. The issue is
availability of corporate assets. One particular study that showed it up
had to do with budiness that had no backup of critical disk and that disk
had a failure 50 percent of such occurances resulted in the company
declaring
Eugene Leitl [EMAIL PROTECTED] writes:
-- Forwarded message --
Date: Sun, 27 Jan 2002 21:10:09 +0100 (CET)
From: Robert Harley [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: Cringely Gives KnowNow Some Unbelievable Free Press...
Adam Beberg wrote:
I'm preaty sure
the straight-forward mapping of credit card payment to the internet used
MOTO business process (mail order/telephone order, aka existing
non-face-to-face operation) to handle poorly authenticated transactions.
http://www.garlic.com/~lynn/aadsm5.htm#asrn2
On Sat, 26 Jan 2002, [EMAIL PROTECTED] wrote:
At 05:46 PM 1/26/02 -0500, P.J. Ponder wrote:
. . . .
Without think about it some more, I don't know whether to place the entire
notion of security controls based on biometric telemetry in with _pure_
bullshit like copy protection, watermarking,
http://online.wsj.com/article_print/0,4287,SB10119952661000,00.html
January 25, 2002
Shares of RSA Security Plunge
On News of SEC Investigation
CEO Says He Doesn't Expect
Any Restatement of Financials
By WILLIAM M. BULKELEY
Staff Reporter of THE WALL STREET JOURNAL
COMPANIES
Dow Jones,
At 10:17 PM 01/26/2002 -0800, Bill Frantz wrote:
At 7:42 PM -0800 1/25/02, R. A. Hettinga quoted Schneier and Shostack:
Here's one example: Originally, e-mail was text only, and e-mail viruses
were impossible. ...
Well, the line between code and data is fuzzier than that. That 7 bit
ASCII
A small PS to my last message.
In 1978 I was lent an Apple II running the ABBS software (Apple
Bulletin Board System), and it ran in a corner of my bedroom for some
years as the PCnet ABBS in San Francisco. This was a machine with an
8-bit 1 MHz processor, 48K of RAM, and a custom floppy that
http://news.ft.com/ft/gx.cgi/ftc?pagename=Viewc=Articlecid=FT3ISGYEZWClive=truetagid=IXLI0L9Z1BC
RSA Security shares take a hit on SEC probe
By Paul Abrahams in San Francisco
Published: January 27 2002 22:05 | Last Updated: January 27 2002 23:59
Shares in RSA Security tumbled 28 per cent on
At 02:27 AM 1/28/02 -0800, John Gilmore wrote:
I have done enough years of chip testing AND architectural
validation to know how few of the infinitely many combinations of
instructions or bus cycles are actually tested to make sure that
somebody didn't intentionally make *one* combination do
P.J. Ponder wrote:
Without think about it some more, I don't know whether to place the entire
notion of security controls based on biometric telemetry in with _pure_
bullshit like copy protection, watermarking, non-repudiation, tamper
proofing, or trusted third parties. Admittedly, there is
David Honig wrote:
At 12:07 PM 1/27/02 -0500, Arnold G. Reinhold wrote:
if
an attacker had an agent working inside the organization that
produced the package, the agent could simply insert the Trojan
software patch in the original package. However such an insertion is
very risky. A
And what happens when I am unable to press my thumb against the reader
because it is bandaged; or when my thumb ID fails because it was
sliced with a knife.
lets say you are replacing pin'ed magstripe card with a chip card needing
biometric ... say fingerprint (in place of a PIN) along
There are other problems with using IPsec for VoIP.. In many cases
you are sending a large number of rather small packets of data. In
this case, the extra overhead of ESP can potentially double the size
of your data. In certain cases (such as cablemodem networks) this
implies that using IPsec
On Sun, 2002-01-27 at 14:07, [EMAIL PROTECTED] wrote:
The issue then is that biometric represents a particularly
difficult shared-secret that doesn't have to be memorized
Shared secret? People don't leave a copy of their PIN on every water
glass they use.
-- sidney
X9.84 biometric standard some other work means that you could actually
record all ten fingers in the card and any one would be acceptable. I
believe just plain dirty fingers are much more of a problem than a cut.
Simple cut can be read-around ... massive cut affecting the whole finger
is
Last week I had to go to my local INS office to get fingerprinted
(part of the green card process is getting your fingerprints OK'ed by
the FBI (and also presumably stored for future reference)). The
process is computerised, with a low-res scan of all the fingers taken
once, and then each finger
again, the issue is cost/benefit trade-off.
The current implementation of pin/magstripe allows evesdropping
other techniques to efficiently electronically collect everything need
across a potentially extremely large number of different accounts
sufficient to perform multiple
I believe NIST published something about FBI needing 40 minutia standard
for registration in their database.
On tv you see these things about lifting partial prints and then sending
them off to FBI to try and find who the partial print matches with, aka the
FBI better have rather detailed
JI,
Keep in mind that this is the _creation_ of the database entry. Yes,
you want the data in the database to be as completely accurate as
possible. Later, when they only have partial prints, they can perform
a lookups of partial data using the complete database. I think the
same would be
There are other problems with using IPsec for VoIP.. In many cases
you are sending a large number of rather small packets of data. In
this case, the extra overhead of ESP can potentially double the size
of your data.
HOW small? You'd already be adding IP+UDP+RTP headers (20 [or 40] +
8 +
Matt Crawford [EMAIL PROTECTED] writes:
There are other problems with using IPsec for VoIP.. In many cases
you are sending a large number of rather small packets of data. In
this case, the extra overhead of ESP can potentially double the size
of your data.
HOW small? You'd already
The essential problem I've always seen with biometrics (and one that
Dorothy Denning acknowledged in her recent op ed piece without seriously
examining) is the question of whether it's as efficient to deploy and
manage biometrics safely as it is to deploy and manage some keyed
alternative
At 02:46 PM 1/28/2002, [EMAIL PROTECTED] wrote:
The process took about 20-30 minutes;
Have you been fingerprinted before? Did it take that long in that case? In
my own experience, it only takes a few minutes to be fingerprinted on a
standard card and, in theory, they should be able to build a
On Mon, Jan 28, 2002 at 02:54:57PM -0700, [EMAIL PROTECTED] wrote:
I believe NIST published something about FBI needing 40 minutia standard
for registration in their database.
[reasons why the FBI wants so many minutae deleted]
As an example of the real world, a couple years ago I put
There is some interesting information at http://www.finger-scan.com/
They make the point that finger scanning differs from finger printing
in that what is stored is a set of recognition parameters much
smaller than a complete fingerprint image. So there is no need for a
lengthily process to
- Original Message -
From: Eric Rescorla [EMAIL PROTECTED]
To: Eugene Leitl [EMAIL PROTECTED]
Sent: Monday, 28 January, 2002 6:33 AM
[...]
If you want to see EC used you need to describe a specific algorithm
which has the following three properties:
(1) widely agreed to be
Enzo Michelangeli [EMAIL PROTECTED] writes:
- Original Message -
From: Eric Rescorla [EMAIL PROTECTED]
To: Eugene Leitl [EMAIL PROTECTED]
Sent: Monday, 28 January, 2002 6:33 AM
[...]
If you want to see EC used you need to describe a specific algorithm
which has the following
27 matches
Mail list logo