Dear All,
The call for papers deadline is 4th May 2013 for the workshop (Workshop of
ICAIL 2013: XIV International Conference on AI and Law/ Legal Open Data:
from Institutions to Crowd-sourcing on 10th June 2013 in Rome). This
worshop aims
to examine the relationships between Legal XML experiences
hard to divine the outlines of an actual legislative proposal here... not yet
sure if this would fine end-to-end software/services out if the US:
Crypto Stick (an open source USB key for encryption and secure
authentication)
has been accepted as a mentor organization for Google
Summer of Code (GSOC) 2013. If you are a student interested in working
on cool crypto stuff, developing a high security system, latest web
security or embedded
Hi,
I've long heard things about BlackBerry and RIM regarding BBIM. I was
unable to substantiate until this morning when a friend pointed me at this:
http://docs.blackberry.com/en/admin/deliverables/21760/PIN_encryption_keys_for_BBM_1840226_11.jsp
The relevant part is here:
The PIN encryption
From: Yvette Subramanian yvet...@berkeley.edu
This year, CITRIS awarded five student-led proposals a total of $30,000
in prize money for our annual competition---two proposals from UC
Berkeley, two from UC Santa Cruz, and one from UC Merced All of the
proposals that we received were outstanding,
Jacob Appelbaum ja...@appelbaum.net wrote:
When people ask how secure BBIM is - I suppose we can now cite RIM's
official documentation on the topic - without a BES server, it's
encrypted with a key that is embedded in all handsets.
This was critical in the London Riots case back in 2011.
Keep in mind this is just brute-force. It's pretty fast but this has always
been possible, if slower.
NK
On Mon, Apr 29, 2013 at 2:46 PM, Griffin Boyce griffinbo...@gmail.comwrote:
Hashkill can now determine the master password for Android's full-disk
encryption scheme.
image showing the
Griffin Boyce writes:
Hashkill can now determine the master password for Android's full-disk
encryption scheme.
image showing the process: http://i.imgur.com/bFUf7lR.png
script: https://github.com/gat3way/hashkill
Thoughts?
It seems like this is just a tool for doing dictionary and
Griffin Boyce:
Jacob Appelbaum ja...@appelbaum.net wrote:
When people ask how secure BBIM is - I suppose we can now cite RIM's
official documentation on the topic - without a BES server, it's
encrypted with a key that is embedded in all handsets.
This was critical in the London Riots
Seth David Schoen sch...@eff.org wrote:
Two ways to address this that come to mind would be using
tamper-resistant hardware (which apparently Apple is doing
for crypto in iOS devices) to store or generate the
decryption keys using cryptographic secrets kept inside
the particular device itself,
Griffin Boyce:
Jacob Appelbaum ja...@appelbaum.net wrote:
When people ask how secure BBIM is - I suppose we can now cite RIM's
official documentation on the topic - without a BES server, it's
encrypted with a key that is embedded in all handsets.
This was critical in the London Riots
To add to the list of issues here, crypto implementations on mobile devices
may be vulnerable to power analysis side-channel attacks. Attackers may be
able to measure RF signal strength to infer power consumption during crypto
operations, then derive key material. I think Cryptography Research
Andreas Bader andreas.ba...@nachtpult.de wrote:
Blackberry secures the connection if other firms want to get your data.
If the government wants it then you should better use open source
encrypted Hardware.
I have been a BB user for years, but there are some mail accounts that
are only used
On 04/29/2013 02:44 PM, Griffin Boyce wrote:
Andreas Bader andreas.ba...@nachtpult.de
mailto:andreas.ba...@nachtpult.de wrote:
Blackberry secures the connection if other firms want to get your data.
If the government wants it then you should better use open source
encrypted
We did some work on power analysis sidechannels. The NSA solution
is to physically isolate anything that does crypto from
anything else. Separate power supplies and Faraday cages are used.
This is effective, but not practical for mobile devices.
Another alternative is to use dual rail
Griffin Boyce:
Andreas Bader andreas.ba...@nachtpult.de wrote:
Blackberry secures the connection if other firms want to get your data.
If the government wants it then you should better use open source
encrypted Hardware.
I have been a BB user for years, but there are some mail accounts
Nathan of Guardian writes:
Yubikey combined with a short user password is a potential option for the
second idea, with devices that have USB Host mode:
https://guardianproject.info/2012/01/04/strong-mobile-passwords-with-yubikey-usb-token/
That's pretty awesome, and very creative.
I
Hi Richard. Your grad student's experience corroborates what I've heard
from other researchers. Simple power analysis attacks are easy to conduct
against mobile devices in a lab environment.
On Mon, Apr 29, 2013 at 12:56 PM, Richard Brooks r...@acm.org wrote:
The power analysis
Are there truly secure solutions? I don't think so.. especially not when
we add the qualifier of mass consumption
On Apr 29, 2013 2:44 PM, Griffin Boyce griffinbo...@gmail.com wrote:
Andreas Bader andreas.ba...@nachtpult.de wrote:
Blackberry secures the connection if other firms want to get
Jacob Appelbaum ja...@appelbaum.net wrote:
Griffin Boyce:
I disagree. Blackberry isn't openly selling your data or otherwise
gifting it to third parties, but I don't think that's really enough.
That is exactly what they're doing. They have a key that is static and
from what I've heard,
On 04/29/2013 10:49 PM, Andrés Leopoldo Pacheco Sanfuentes wrote:
Are there truly secure solutions? I don't think so.. especially not
when we add the qualifier of mass consumption
I'm not sure. But I've given it a try. I call it eccentric
authentication. See [1], [2], [3].
In short:
It
Griffin Boyce:
Jacob Appelbaum ja...@appelbaum.net wrote:
Griffin Boyce:
I disagree. Blackberry isn't openly selling your data or
otherwise gifting it to third parties, but I don't think that's
really enough.
That is exactly what they're doing. They have a key that is static
and from
Creating the World Parliament: Seven Challenges for Interactions Designers
I’m sending this note to several mailing lists so please excuse me if you
receive more than one.
My article, Creating the World Parliament: Seven Challenges for Interactions
Designers, is in the latest ACM Interactions
Jacob Appelbaum ja...@appelbaum.net wrote:
You already know this, but for the benefit of the list snip
Unless these are on a BES server - it's all insecure - if it is on a BES
server, it may still be insecure depending on a few factors.
Depends on whether they enable SMS logging, but
Griffin Boyce:
Jacob Appelbaum ja...@appelbaum.net wrote:
You already know this, but for the benefit of the list snip
Unless these are on a BES server - it's all insecure - if it is on a BES
server, it may still be insecure depending on a few factors.
Depends on whether they enable
NK
On Mon, Apr 29, 2013 at 9:23 PM, Jacob Appelbaum ja...@appelbaum.netwrote:
Griffin Boyce:
Jacob Appelbaum ja...@appelbaum.net wrote:
You already know this, but for the benefit of the list snip
Unless these are on a BES server - it's all insecure - if it is on a BES
server, it
Jacob Appelbaum ja...@appelbaum.net wrote:
Spoofing? I mean, I suspect impersonating a phone requires knowledge of
secret keys on the telephone. So to own the phone as you suggest, I
think you'd have to have the phone already or control the BES.
Probably.
Maybe. I'd wager it's much
Why is there this rhetoric as if all of the bugs in JS crypto are unique to
JS crypto? These breaks happen in other platforms too, but simply occur in
different forms. However, overwhelmingly, the frequency and severity do
compare.
There are specific bugs in the JS crypto library and as a
While defending against side channel attacks like power analysis is
desirable, and key stretching can be used to slow down cracking...
there's a much simpler win that can be done right now, much more
easily that using a Yubikey.
Android *NEEDS* to allow a user to have a separate unlock screen
29 matches
Mail list logo