Re: Has there been a change in US banking regulations recently?
On 2010-08-15 7:59 AM, Thor Lancelot Simon wrote: Indeed. The way forward would seem to be ECC, but show me a load balancer or even a dedicated SSL offload device which supports ECC. For sufficiently strong security, ECC beats factoring, but how strong is sufficiently strong? Do you have any data? At what point is ECC faster for the same security? - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: Has there been a change in US banking regulations recently?
On Aug 16, 2010, at 9:19 49PM, John Gilmore wrote: >> who's your enemy? The NSA? The SVR? Or garden-variety cybercrooks? > > "Enemy"? We don't have to be the enemy for someone to crack our > security. We merely have to be in the way of something they want; > or to be a convenient tool or foil in executing a strategy. > John, as you yourself have said, "cryptography is a matter of economics". Other than a few academics, people don't factor large numbers for fun; rather, they want the plaintext or the ability to forge signatures. Is factoring the best way to do that? Your own numbers suggest that it is not. You wrote "After they've built 50, which perhaps only take six months to crack a key, will YOUR key be one of the 100 keys that they crack this year?" 100 keys, perhaps multiplied by 10 for the number of countries that will share the effort, means 1000 keys/year. How many *banks* have SSL keys? If you want to attack one of those banks, which is *cheaper*, getting time on a rare factoring machine, or finding some other way in, such as hacking an endpoint? For that matter, don't forget Morris' "three Bs: burglary, bribery, and blackmail". (Aside: I was once discussing TWIRL with someone who has ties to the classified community. When I quoted solution speeds of the we're discussing, he chortled, saying that the political fight over whose solutions were more valuable would paralyze things.) If the threat is factoring, there are cheaper defenses than going to 1024-bit keys. For example, every one under a given CA can issue themselves subcertificates. For communication keys, use D-H; it's a separate solution effort for each session. (Yes, it's cheaper if the modulus is held constant.) Cracking the signing key won't do any good, because of perfect forward secrecy. You don't need long keys when they're used solely for short-lived authentication -- DNSSEC comes to mind. Now -- all that said, I agree that 2048-bit keys are a safer choice. However, defenders have to consider economics, too, and depending on what they're protecting it may not be a smart choice. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: Has there been a change in US banking regulations recently?
> who's your enemy? The NSA? The SVR? Or garden-variety cybercrooks? "Enemy"? We don't have to be the enemy for someone to crack our security. We merely have to be in the way of something they want; or to be a convenient tool or foil in executing a strategy. Given the prevalence of Chinese crypto researchers at the open crypto conferences, I suspect that China is as much of a threat as the US's National Security Agency, Russia's Sluzhba Vneshney Razvedki, India's Research and Analysis Wing, Japan's JÅhÅhonbu, Israel's Mossad, or Brazil's Agência Brasileira de Inteligênc. A small country with a good economy -- there are dozens more -- could also be such a threat, if they focused on this area. The big ones can crack RSA keys AND do all the other things big countries do. Many people on this list provide significant civilian or military infrastructures depended on by millions. When we know at least ten nations are grasping at having the power to take down arbitrary civilian infrastructures via cyberspace, we had better assume that somebody among them can spend tens of millions of dollars *per year* on key cracking. And how much work is it, really, for us to use longer keys? Not all of us are in the US. Those of us in the US perhaps have come to a complacency about being a superpower - we haven't fought a war on our own land, in which significant numbers of our own civilians died, in what, a century? The US government's idiotic response to 9/11 has made more enemies around the world every year, while simultaneously destroying the value of our currency. The best time for a foreign "enemy" to stop funding our $0.X trillion dollar a year debt would be right after taking down much of our civilian infrastructure. And perhaps it might be hard for Washington to raise a billion dollars a day in international bond sales, even from friendly countries, when the international financial networks had been subtly or completely compromised? Hell, half the people in this country would starve two days after their ATM cards stopped working. The whole point of the trillion dollar Bush and Obama bailouts (which were done by moving a few bits in a federal funds transfer network somewhere) was to avoid the specter of long lines around the block at bank branches, full of angry people failing to turn bits in bank accounting databases into paper or gold money. Such a spectre would be easy for a cracker to create -- and then how much confidence will people have in either the currency or the government? What keys secure that funds transfer network? Suppose an attacker merely multipled a random 10% of the transfers by 1000? Somebody wires you a thousand dollars, you have a 10% chance of it becoming a million. Wire a million, it might come through as a billion. Then you look at strategy: should they pay themselves back immediately for the cost of cracking the keys, then be quiet? Or should they just make everyone a billionaire and make the entire currency worthless? Did you think Adi Shamir's work on TWINKLE and TWIRL was theoretical? Israeli leadership is paranoid enough to regularly shoot their friends as well as their enemies, and usually in advance, on the theory of weakening them *before* they turn against Israel. And Israel would have a lot more geopolitical power in a world without superpowers. Did you think nobody else was designing or building such things? Thank Adi for publishing - but what he published might not have been his very best design. Why did this community wait until a DES cracker cost only $250,000 to build before thinking, duuh, maybe we should defend our infrastructure against DES crackers. How many countries had secret DES crackers before I built one publicly? To this day, no country has admitted having one -- yet I have been privately told that government experts were aware that the cost of building one was in the $250K range. Do you think they learned that merely by twirling a pencil at their desk, in agencies with budgets way over $100 million a year? (A private industry expert also told me that they'd been hoping the first public DES cracker would happen at least a year later than it did, to give them more time to secure their networks, e.g. before their bosses found out how vulnerable the previous design was.) In 2003, Shamir's estimate was that TWIRL could factor a 1024-bit number in a year at a cost of about $10M US dollars. More recent estimates are here: http://people.csail.mit.edu/tromer/cryptodev/ Either that page hasn't been updated since 2006-7 or there's been no published research since then. I encourage others to post more surveys of the cost of cracking RSA keys using dedicated hardware. A typical academic analysis, such as 1996's "Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Security" said things like: Because ASICs require a far greater engineering investment than FPGAs and must be fabricated in quantity before they are economic
Re: Has there been a change in US banking regulations recently?
On Aug 15, 2010, at 1:17 30PM, Peter Gutmann wrote: > Ray Dillinger writes: >> On Fri, 2010-08-13 at 14:55 -0500, eric.lengve...@wellsfargo.com wrote: >> >>> The big drawback is that those who want to follow NIST's recommendations >>> to migrate to 2048-bit keys will be returning to the 2005-era overhead. >>> Either way, that's back in line with the above stated 90-95% overhead. >>> Meaning, in Dan's words "2048 ain't happening." >> >> I'm under the impression that <2048 keys are now insecure mostly due to >> advances in factoring algorithms > > Insecure against what? Right -- who's your enemy? The NSA? The SVR? Or garden-variety cybercrooks? > Given the million [0] easier attack vectors against > web sites, which typically range from "trivial" all the way up to "relatively > easy", why would any rational attacker bother with factoring even a 1024-bit > key, with a difficulty level of "quite hard"? It's not as if these keys have > to remain secure for decades, since the 12-month CA billing cycle means that > you have to refresh them every year anyway. That depends on what you're protecting. If it's the 4-digit PIN to billion-zorkmid bank accounts, they key needs to remain secure for many years, given how seldom PINs are changed. > Given both the state of PKI and > the practical nonexistence of attacks on crypto of any strength because it's > not worth the bother, would the attackers even notice if you used a 32-bit RSA > key? How would an adversary effectively scale and monetise an attack based on > being able to break an RSA key, even if it was at close to zero cost? > > The unfortunate effect of such fashion-statement crypto recommendations as > "you must use 2K bit keys, regardless of the threat environment" is that what > it actually says is "you must not use SSL on your web site". "Le mieux est > l'ennemi du bien" strikes again. > > Yup. > > [0] Figure exaggerated slightly for effect. But only slightly exaggerated... --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: Has there been a change in US banking regulations recently?
On Fri, Aug 13, 2010 at 02:55:32PM -0500, eric.lengve...@wellsfargo.com wrote: > There are some possibilities, my co-workers and I have discussed. For > purely internal systems TLS-PSK (RFC 4279) provides symmetric > encryption through pre-shared keys which provides us with whitelisting > as well as removing asymmetric crypto. [...] For purely internal systems Kerberos is really the way to go, mostly because it's so easy to deploy nowadays. TLS-PSK is not a useful way of building any but the smallest networks, and for two reasons: a) there's no agreed PBKDF and password salting mechanisms, so passwords are out, b) there's no enrolment mechanism, so PSK setup is completely ad-hoc. Nico -- - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
RE: Has there been a change in US banking regulations recently?
Ray Dillinger writes: >On Fri, 2010-08-13 at 14:55 -0500, eric.lengve...@wellsfargo.com wrote: > >> The big drawback is that those who want to follow NIST's recommendations >> to migrate to 2048-bit keys will be returning to the 2005-era overhead. >> Either way, that's back in line with the above stated 90-95% overhead. >> Meaning, in Dan's words "2048 ain't happening." > >I'm under the impression that <2048 keys are now insecure mostly due to >advances in factoring algorithms Insecure against what? Given the million [0] easier attack vectors against web sites, which typically range from "trivial" all the way up to "relatively easy", why would any rational attacker bother with factoring even a 1024-bit key, with a difficulty level of "quite hard"? It's not as if these keys have to remain secure for decades, since the 12-month CA billing cycle means that you have to refresh them every year anyway. Given both the state of PKI and the practical nonexistence of attacks on crypto of any strength because it's not worth the bother, would the attackers even notice if you used a 32-bit RSA key? How would an adversary effectively scale and monetise an attack based on being able to break an RSA key, even if it was at close to zero cost? The unfortunate effect of such fashion-statement crypto recommendations as "you must use 2K bit keys, regardless of the threat environment" is that what it actually says is "you must not use SSL on your web site". "Le mieux est l'ennemi du bien" strikes again. Peter. [0] Figure exaggerated slightly for effect. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
RE: Has there been a change in US banking regulations recently?
On Fri, 2010-08-13 at 14:55 -0500, eric.lengve...@wellsfargo.com wrote: > Moore's law helped immensely here. In the last 5 years systems have gotten > about 8 times faster, reducing the processing cost of crypto a lot. > The big drawback is that those who want to follow NIST's recommendations > to migrate to 2048-bit keys will be returning to the 2005-era overhead. > Either way, that's back in line with the above stated 90-95% overhead. > Meaning, in Dan's words "2048 ain't happening." I'm under the impression that <2048 keys are now insecure mostly due to advances in factoring algorithms that make the attack and the encryption effort closer to, but by no means identical to, scaling with the same function of key length. This makes the asymmetric cipher have a lower ratio of attack cost to encryption cost at any given key length, but larger key lengths still yield *much* higher ratios of attack cost to encryption cost. At 2048 bits, I think that with Moore's law over the next decade or two dropping attack costs and encryption costs by the same factor, attack costs should remain comfortably out of reach while encryption costs return to current levels now practical for shorter keys. Of course, this reckons without the potential for unforseen advances in factoring or Quantum computing. > There are some possibilities, my co-workers and I have discussed. For > purely internal systems TLS-PSK (RFC 4279) provides symmetric > encryption through pre-shared keys which provides us with whitelisting > as well as removing asymmetric crypto. That's probably a good idea. We've placed a lot of stock in public- key systems because of some neat mathematical properties that seemed to conform to someone's needs for an online business model involving the introduction of strangers who want to do business with each other. But if you can handle key distribution internally by walking down the hall or mailing a CD-ROM preloaded with keys instead of by trusting the network the keys are supposed to secure, you really don't need Public-key crypto's neat mathematical properties. Bear - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: Has there been a change in US banking regulations recently?
On Fri, Aug 13, 2010 at 02:55:32PM -0500, eric.lengve...@wellsfargo.com wrote: > > The big drawback is that those who want to follow NIST's > recommendations to migrate to 2048-bit keys will be returning to > the 2005-era overhead. Dan Kaminsky provided some benchmarks in a > different thread on this list [1] that showed 2048-bit keys performing > at 1/9th of 1024-bit. My own internal benchmarks have been closer to > 1/7th to 1/8th. Either way, that's back in line with the above stated > 90-95% overhead. Meaning, in Dan's words "2048 ain't happening." Indeed. The way forward would seem to be ECC, but show me a load balancer or even a dedicated SSL offload device which supports ECC. I'm not even certain the popular clients, which are usually well ahead of everything else in terms of cryptography support, can cope with it. The only place it seems to be consistently used is in proprietary client/server software for mobile devices, as has been the case for years. Thor - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
RE: Has there been a change in US banking regulations recently?
>Ann & Lynn Wheeler wrote: > the original requirement for SSL deployment was that it was on from the > original URL entered by the user. The drop-back to using SSL for only small > subset ... was based on computational load caused by SSL cryptography in > the online merchant scenario, it cut thruput by 90-95%; alternative to handle > the online merchant scenario for total user interaction would have required > increasing the number of servers by factor of 10-20. > > One possibility is that the institution has increased the server capacity ... > and/or added specific hardware to handle the cryptographic load. Moore's law helped immensely here. In the last 5 years systems have gotten about 8 times faster, reducing the processing cost of crypto a lot. I'm familiar with one site that has 24 servers evenly divided across three geographical areas. To entirely SSL-enable their site required only one new server at each site. Meanwhile, load-balancing SSL terminator/accelerators have improved even faster due to improvements in load-balancing, network compression, etc. So putting one of them in front of a previously naïve load-balancing scheme, like basic round-robin would provide enough offloading to SSL-enable an entire site. The big drawback is that those who want to follow NIST's recommendations to migrate to 2048-bit keys will be returning to the 2005-era overhead. Dan Kaminsky provided some benchmarks in a different thread on this list [1] that showed 2048-bit keys performing at 1/9th of 1024-bit. My own internal benchmarks have been closer to 1/7th to 1/8th. Either way, that's back in line with the above stated 90-95% overhead. Meaning, in Dan's words "2048 ain't happening." There are some possibilities, my co-workers and I have discussed. For purely internal systems TLS-PSK (RFC 4279) provides symmetric encryption through pre-shared keys which provides us with whitelisting as well as removing asymmetric crypto. Or, possibly stepping up the key-size in accordance with Moore's law, which would take several years to reach 2048-bit, but each time a certificate expired the new certificate could be issued with the next higher keylength. Besides, I think we all know that NIST's 2010 algorithm transaction isn't going to happen on schedule. At the IEEE key management summit back in May (IIRC) Elaine Barker from NIST presented a back-off talk in which NIST only "strongly recommends" 110-bit security by 2011, and pushes the real deadline out to the end of 2013. That was subsequently released as a draft SP800-131; available for comments [2] Of course, the industry had five years to plan for this, and no major vendors seem to be ready. Most comments are essentially vendors sighing with relief. [1] http://www.mail-archive.com/cryptography@metzdowd.com/msg11245.html [2] http://csrc.nist.gov/publications/drafts/800-131/draft-sp800-131_spd-june2010.pdf Eric Lengvenis InfoSec Arch. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: Has there been a change in US banking regulations recently?
On Fri, Aug 13, 2010 at 09:32:57AM -0700, Jeff Simmons wrote: > It wouldn't surprise me if there's been some blowback from the > adoption of PCI-DSS (Payment Card Industry Data Security > Standards). As someone who has had to help several small to medium > size businesses comply with these 'voluntary' standards, the irony > of the fact that the big banks that require them often aren't in > compliance themselves hasn't escaped my notice. In the past month, we've had several customers at work suddenly insist that we make modifications to their firewalls and/or load balancers to redirect *all* incoming HTTP traffic to HTTPS (which of course isn't always entirely sane to do on proxying devices, but they apparently don't trust their server admins to maintain an HTTP redirect). Most of them cited requirements from their PCI-DSS auditors. One apparently was outright told that their redirects were "a security problem" because they presented an open socket on port 80, and they needed to be refusing all HTTP to their servers at the firewall. I think we gave them sufficient wording to convince their auditor that blocking access to the redirect itself wasn't going to do anyone any good. -- { IRL(Jeremy_Stanley); PGP(97AE496FC02DEC9FC353B2E748F9961143495829); SMTP(fu...@yuggoth.org); IRC(fu...@irc.yuggoth.org#ccl); ICQ(114362511); AIM(dreadazathoth); YAHOO(crawlingchaoslabs); FINGER(fu...@yuggoth.org); MUD(kin...@katarsis.mudpy.org:6669); WWW(http://fungi.yuggoth.org/); } - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: Has there been a change in US banking regulations recently?
On 08/13/2010 03:16 PM, Chris Palmer wrote: When was this *ever* true? Seriously. re: http://www.garlic.com/~lynn/2010m.html#50 ... original design/implementation. The very first commerce server implementation by the small client/server startup (that had also invented "SSL") ... was mall paradigm, development underwritten by large telco (they were looking at being major outsourcer of electronic commerce servers) ... then the individual store implementation was developed. we had previously worked with two people responsible for commerce server (at small client/server startup) on ha/cmp ... they are mentioned in this old posting about jan92 meeting in ellison's conference room http://www.garlic.com/~lynn/95.html#13 they then left to join the small client/server startup ... and we also leave what we had been doing. we then get brought in as consultants because they want to do payment transactions on their server ... wanting to use this technology called "SSL" that had been invented at the startup. We have to go thru the steps of mapping the technology to payment business processes ... including backend use involving the interaction between commerce servers and the payment gateway; the payment gateway sitting on the internet and interface to acquiring network backends ... misc. past posts mentioning payment gateway http://www.garlic.com/~lynn/subnetwork.html#gateway we also have to do walkthru/audits of several of these new businesses calling themselves Certification Authorities that were selling SSL domain name digital certificates ... some past posts http://www.garlic.com/~lynn/subpubkey.html#sslcerts approx. in the same era, but not exactly the same time (when webservers were seeing the ssl cryptographic load & dropping back to only using it for payment) ... some of the larger websites were starting to first see a "plain" tcp/ip scaleup issue ... having to do with tcp being originally designed as session protocol ... and was effectively being misused by HTTP. As a result most vendor implementations hadn't optimized session termination ... which was viewed as infrequent event (up until HTTP). There was six month period or so ... that the large websites saw their processors spending 90-95% of the cpu running the FINWAIT list (as part of session termination). The small client/server startup was also seeing (other) scaleup problems in their server platforms used for downloading products (especially browser product download activity) ... and in constant cycle of adding servers. This was before rotating front-ends ... so users were asked to manually specify URL of specific server. Their problem somewhat cleared up when they installed a large sequent box ... both because of the raw power of the sequent server ... and also because sequent claimed to have addressed the session terminal efficiency sometime previously (related to commercial unix accounts with 20,000 concurrent telnet sessions). For other topic drift ... I believe the first rotating, load-balancing front-ends was with custom modified software for routers at google. -- virtualization experience starting Jan1968, online at home since Mar1970 - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: Has there been a change in US banking regulations recently?
On Friday 13 August 2010 11:33, eric.lengve...@wellsfargo.com wrote: > I'd like to clarify a bit. PCI-DSS wasn't developed by the big banks. It > isn't usually enforced by big banks except insofar as they are liable for > PCI-DSS compliance when outsourcing to or partnering with other companies. > So they may be forcing it on the SMBs you've worked with because they're > liable in some way. > > PCI-DSS was the brainchild of Visa. I'm a member of X9F (X9F6 is the > payment card security standards committee) and we wrote an open letter back > in 2005 to Visa and Mastercard asking them not to set new, separate > standards for the financial sector but to work from within X9F. They > ignored us. Even though you clearly indicate that they aren't truly > voluntary via your use of quotes, when the PCI group (VISA et al.) can > unilaterally level huge fines and/or penalties for non-compliance they > really are compulsory. Also, PCI certification requires that all of your partners (anyone you exchange payment card information with) be PCI compliant. At the level I work at, it's compulsory. Presently, it seems to apply to anyone taking payment cards over the web, and seems to be working its way down the food chain to brick and mortar vendors. For me, it's the equivalent of a congressional full employment act, so I'm not complaining a lot. > Luckily, PCI-DSS compliance != security. Or is that unluckily because of > how much money is wasted complying that could be better spent securing. The latter. And for many, many, many other reasons than just the financial hit. -- Jeff Simmons jsimm...@goblin.punk.net Simmons Consulting - Network Engineering, Administration, Security "You guys, I don't hear any noise. Are you sure you're doing it right?" -- My Life With The Thrill Kill Kult - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: Has there been a change in US banking regulations recently?
Anne & Lynn Wheeler writes: > subset ... was based on computational load caused by SSL cryptography > in the online merchant scenario, it cut thruput by 90-95%; alternative to > handle the online merchant scenario for total user interaction would have > required increasing the number of servers by factor of 10-20. When was this *ever* true? Seriously. N-tier applications are I/O-bound in at least N ways. Common development practice leads to excessive message sizes in most of the N tiers. Rare is the web site with a low N and small message sizes. Fire up your HTTP proxy and/or packet sniffer and compare Google to, well, just about everyone else. Now that your packet sniffer and/or proxy is started up, it is also a fun drinking game to play Spot The SSL Server Misconfiguration. When you see HTTP persistence turned off, take a shot. When you see TLS session resumption turned off or sessions destroyed after a short period of time, take a shot. When you see a new TLS session for each new HTTP request, take three shots (in addition to the shot you probably took when noticing HTTP persistence turned off, because let's face it probably was). If the misconfiguration is at a CDN, take three shots and smash your face with a frying pan. The game is usually played with Jaegermeister, but if you are testing a bank site, you can afford good scotch. The adjudicating committee rarely disqualifies a contestant on the basis of liquor, although I'd still advise against the use of vodka. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: Has there been a change in US banking regulations recently?
On 08/13/2010 02:12 PM, Jon Callas wrote: What on earth happened? Was there a change in banking regulations in the last few months? Possibly it's related to PCI DSS and other work that BITS has been doing. Also, if one major player cleans up their act and sings about how cool they are, then that can cause the ice to break. Another possibility is that a number of people in financials have been able to get security funding despite the banking disasters because the risk managers know that the last thing they need is a security brouhaha while they are partially owned by government and thus voters. I bet on synergies between both. If I were a CSO at a bank, I might encourage a colleague to make a presentation about how their security cleanups position them to get an advantage at getting out from under the thumb of the feds over their competitors. Then I would make sure the finance guys got a leaked copy. Jon the original requirement for SSL deployment was that it was on from the original URL entered by the user. The drop-back to using SSL for only small subset ... was based on computational load caused by SSL cryptography in the online merchant scenario, it cut thruput by 90-95%; alternative to handle the online merchant scenario for total user interaction would have required increasing the number of servers by factor of 10-20. One possibility is that the institution has increased the server capacity ... and/or added specific hardware to handle the cryptographic load. A lot of banking websites are not RYO (roll-your-own), internally developed ... but stuff they by from vendor and/or have the website wholly outsourced. Also some number of large institutions have their websites outsourced to vendors with large replicated sites at multiple places in the world ... and users interaction gets redirected to the closest server farm. I've noticed this periodically when the server farm domain name and/or server farm SSL certificate bleeds thru ... because of some sort of configuration and/or operational problems (rather than seeing the institution SSL certificate that I thot I was talking to). Another possibility is that the vendor product that they may be using for the website and/or the outsourcer that is being used ... has somehow been upgraded (software &/or hardware). -- virtualization experience starting Jan1968, online at home since Mar1970 - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
RE: Has there been a change in US banking regulations recently?
> Jeff Simmons wrote: > It wouldn't surprise me if there's been some blowback from the adoption of > PCI-DSS (Payment Card Industry Data Security Standards). As someone who > has > had to help several small to medium size businesses comply with these > 'voluntary' standards, the irony of the fact that the big banks that require > them often aren't in compliance themselves hasn't escaped my notice. I'd like to clarify a bit. PCI-DSS wasn't developed by the big banks. It isn't usually enforced by big banks except insofar as they are liable for PCI-DSS compliance when outsourcing to or partnering with other companies. So they may be forcing it on the SMBs you've worked with because they're liable in some way. PCI-DSS was the brainchild of Visa. I'm a member of X9F (X9F6 is the payment card security standards committee) and we wrote an open letter back in 2005 to Visa and Mastercard asking them not to set new, separate standards for the financial sector but to work from within X9F. They ignored us. Even though you clearly indicate that they aren't truly voluntary via your use of quotes, when the PCI group (VISA et al.) can unilaterally level huge fines and/or penalties for non-compliance they really are compulsory. Luckily, PCI-DSS compliance != security. Or is that unluckily because of how much money is wasted complying that could be better spent securing. Eric Lengvenis InfoSec Arch - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
RE: Has there been a change in US banking regulations recently?
>Jon Callas wrote: > > Possibly it's related to PCI DSS and other work that BITS has been doing. > > > Another possibility is... the risk managers > know that the last thing they need is a security brouhaha while they are > partially owned by government and thus voters. > > I bet on synergies between both. > I agree. I think it is just the 100th monkey effect. Eric Lengvenis InfoSec Arch. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: Has there been a change in US banking regulations recently?
> What on earth happened? Was there a change in banking regulations in the last > few months? Possibly it's related to PCI DSS and other work that BITS has been doing. Also, if one major player cleans up their act and sings about how cool they are, then that can cause the ice to break. Another possibility is that a number of people in financials have been able to get security funding despite the banking disasters because the risk managers know that the last thing they need is a security brouhaha while they are partially owned by government and thus voters. I bet on synergies between both. If I were a CSO at a bank, I might encourage a colleague to make a presentation about how their security cleanups position them to get an advantage at getting out from under the thumb of the feds over their competitors. Then I would make sure the finance guys got a leaked copy. Jon - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: Has there been a change in US banking regulations recently?
>What on earth happened? Was there a change in banking regulations in >the last few months? No, but we know that banks move in herds, and they mostly talk to each other, not anyone with outside expertise. More likely someone noticed that computers are a lot faster than they were a decade ago, you can do all the crypto you want and your 8 core 3 GNz servers are still I/O bound, so the traditional folklore that SSL is so slow you use it only where absolutely mandatory no longer applies and you might as well use SSL on everything. Then he went to a meeting and told all his friends. I've been noticing something similar at abuse.net, a service I run where people can publish their domains' abuse contacts. The folklore in small credit unions is that you're supposed to hide your domain's registration details using a proxy service, I think due to a misreading of an old letter from the NCUA. Earlier this year someone at a meeting must have told them that it would be a good idea to register with abuse.net, so I've been getting a stream of attempted registrations from small credit unions with proxy registration, which I reject. About half of them get the hint, turn off the proxy, and try again, the other half give up. R's, John - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: Has there been a change in US banking regulations recently?
On Friday 13 August 2010 04:59, Peter Gutmann wrote: > As part of a thread on another list, I noticed that Bank of America, who > until recently didn't bother protecting the page where users are expected > to enter their credentials with anything more substantial than a GIF of a > padlock, now finally use HTTPS on their home page, and redirect HTTP to > HTTPS (this only took them, what, about ten years to get right? Or is it > fifteen? When did BofA first get a web presence?). Wachovia now do it > too. And Citibank at least redirect you to an HTTPS page. And so does US > Bank, after asking for your ID. > > What on earth happened? Was there a change in banking regulations in the > last few months? > > Peter. It wouldn't surprise me if there's been some blowback from the adoption of PCI-DSS (Payment Card Industry Data Security Standards). As someone who has had to help several small to medium size businesses comply with these 'voluntary' standards, the irony of the fact that the big banks that require them often aren't in compliance themselves hasn't escaped my notice. -- Jeff Simmons jsimm...@goblin.punk.net Simmons Consulting - Network Engineering, Administration, Security "You guys, I don't hear any noise. Are you sure you're doing it right?" -- My Life With The Thrill Kill Kult - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
RE: Has there been a change in US banking regulations recently?
On Fri, 13 Aug 2010 23:59:18 +1200 Peter Gutmann wrote: > As part of a thread on another list, I noticed that Bank of America, > who until recently didn't bother protecting the page where users are > expected to enter their credentials with anything more substantial > than a GIF of a padlock, now finally use HTTPS on their home page, and > redirect HTTP to HTTPS (this only took them, what, about ten years to > get right? Or is it fifteen? When did BofA first get a web > presence?). Wachovia now do it too. And Citibank at least redirect > you to an HTTPS page. And so does US Bank, after asking for your ID. > > What on earth happened? Was there a change in banking regulations in > the last few months? I'm usually pretty up-to-date on these regulations and I'm not aware of any recent changes. As for Wachovia's changes, you'll notice that it now says "A Wells Fargo Company" in smaller print beneath the Wachovia logo. That's the reason for their switch; our name on their (our?) site. Unfortunately, it appears that not all is working right. If you go to http://wachovia.com it redirects to https://www.wachovia.com just fine, but if you type in https://wachovia.com it does not redirect you and your browser will throw a domain name mismatch error because the certificate is for www.wachovia.com (Confirmed on IE8, Firefox 3.5, and Chrome 5). The browser treat these as near apocalyptic errors with huge warnings. Firefox especially. I've notified the appropriate people. Eric Lengvenis Information Security Architect Enterprise Information Security Architecture (EISA) This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: Has there been a change in US banking regulations recently?
On Fri, 13 Aug 2010 23:59:18 +1200 Peter Gutmann wrote: > As part of a thread on another list, I noticed that Bank of > America, who until recently didn't bother protecting the page where > users are expected to enter their credentials with anything more > substantial than a GIF of a padlock, now finally use HTTPS on their > home page, and redirect HTTP to HTTPS (this only took them, what, > about ten years to get right? Or is it fifteen? When did BofA > first get a web presence?). Wachovia now do it too. And Citibank > at least redirect you to an HTTPS page. And so does US Bank, after > asking for your ID. > > What on earth happened? Was there a change in banking regulations > in the last few months? I don't know, but Chase, which years ago sent me a letter explaining exactly how crazy I was for complaining that their front page was sent in the clear, has also begun redirecting people to https. I'm unaware of a regulatory shift on this, but perhaps people have finally learned that doing otherwise is a bad idea. Perry -- Perry E. Metzgerpe...@piermont.com - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com