I'd call this news announcement about Intel creating a run known good code
facility about as credible as the joke that Otellini told his minions to go
buy a copy of McAfee, and they didn't hear the copy of part.
Noone will tolerate an Intel-moderated walled garden. Only Apple has customers
Tom Ritter t...@ritter.vg writes:
What's weird is I find confusing literature about what *is* the default for
protecting the viewstate.
I still haven't seen the paper/slides from the talk so it's a bit hard to
comment on the specifics, but if you're using .NET's FormsAuthenticationTicket
(for
On Tue, 14 Sep 2010 17:01, h...@debian.org said:
I'd appreciate some input from this list about the Debian bias towards 4096
RSA main keys, instead of DSA2 (3072-bit) keys. Is it justified?
We have made RSA the default in GnuPG for three reasons: First, DSA
1024 is only supported by more
On 15/09/2010 00:26, Nicolas Williams wrote:
On Tue, Sep 14, 2010 at 03:16:18PM -0500, Marsh Ray wrote:
How do you deliver Javascript to the browser securely in the first
place? HTTP?
I'll note that Ben's proposal is in the same category as mine (which
was, to remind you, implement SCRAM in
On 14/09/2010 21:16, Marsh Ray wrote:
On 09/14/2010 09:13 AM, Ben Laurie wrote:
Demo here: https://webid.digitalbazaar.com/manage/
This Connection is Untrusted
So? It's a demo.
--
http://www.apache-ssl.org/ben.html http://www.links.org/
There is no limit to what a man can do or
On 09/14/2010 09:57 AM, Steve Weis wrote:
There have been significant developments around Haystack since the
last message on this thread. Jacob Applebaum obtained a copy and found
serious vulnerabilities that could put its users at risk. He convinced
Haystack to immediately suspend operations.
On Sep 15, 2010, at 6:16 AM, Jacob Appelbaum wrote:
An interesting unintended consequence of the original media storm is
that no one in the media enjoys being played; it seems that now most of
the original players are lining up to ask hard questions. It may be too
little and too late,
Some more amusing anecdotes from the world of PKI:
- A standard type of fraud that's been around for awhile is for scammers to
set up an online presence for a legit offline business, which appears to
check out when someone tries to verify it. A more recent variation on this
is to buy certs
On Wed, Sep 15, 2010 at 03:16:34AM -0700, Jacob Appelbaum wrote:
[...]
What Steve has written is mostly true - though I was not working alone,
we did it in an afternoon. It took quite a bit of effort to get Haystack
to take this seriously. Eventually, there was an internal mutiny because
of a
On Wed, Sep 15, 2010 at 8:39 AM, Peter Gutmann
pgut...@cs.auckland.ac.nz wrote:
Some more amusing anecdotes from the world of PKI:
Peter,
Not to be too contrary (though at least a little) - not all of these
are really PKI failures are they?
- There's malware out there that pokes fake Verisign
10 matches
Mail list logo