Re: On the orthogonality of anonymity to current market demand

Chris Palmer <[EMAIL PROTECTED]> writes: >James A. Donald writes: > >> Further, genuinely secure systems are now becoming available, notably >> Symbian. > >What does it mean for Symbian to be genuinely secure? How was this determined >and achieved? By executive fiat. Peter.

Re: Multiple passports?

Gregory Hicks <[EMAIL PROTECTED]> writes: >As for applying for one now, I think the deadline for the non-RFID passwords >is about 3 days away (31 Oct 2005), but I could be wrong. (In other words, if >your application is not in processing by 31 Oct, then you get the new, >improved, RFID passport.)

Any comments on BlueGem's LocalSSL?

http://www.bluegemsecurity.com/ claims that they can encrypt data from the keyboard to the web browser, bypassing trojans and sniffers, however the web pages are completely lacking in any detail on what they're actually doing. >From reports published by West Coast Labs, it's a purely software-only

TEMPEST PC for sale on ebay

http://cgi.ebay.com/SAIC-V2-Military-Portable-Computer-With-Accessories_W0QQitemZ8707782870QQcategoryZ177QQrdZ1QQcmdZViewItem May possibly run a very cut-down version of Linux, otherwise you'd be stuck with DOS. Peter.

Looking for crypto iButton specs

During a recent discussion about secure crypto device bootstrap and attestation capabilities, I realised that of the three devices for which this was implemented and for which documentation was available (Fortezza, IBM 4758, and Dallas Crypto iButton), I either don't have any documentation for the

Neat security quote

>From a private mailing list, therefore anonymised. A European visitor to the US is describing going through the US immigation procedure. His comment on the fingerprinting process: I waited at that moment for messages like "freedom is slavery" The response: "Ignorance is strength" already

Re: Intel Adds DRM to New Chips part 2

DiSToAGe <[EMAIL PROTECTED]> writes: >it seems now intel say there is no DRM in there chips. No, it's very careful to say that there is no *unannounced* DRM in their chips, in the same way that we have had no undetected penetrations of our security. Peter.

Checkbox security

http://news.yahoo.com/news?tmpl=story&u=/ap/20050607/ap_on_re_us/chain_saw_border Man With Chain Saw Allowed to Enter U.S. On April 25, Gregory Despres arrived at the U.S.-Canadian border crossing at Calais, Maine, carrying a homemade sword, a hatchet, a knife, brass knuckles and a chain

Re: SPKI Certs Usage

Jay Listo <[EMAIL PROTECTED]> writes: >I am also not aware of any products or PKIs that use SPKI certs. I would >really appreciate if someone could refer me to instances of actual usage of >SPKI certs. They were never really used. The great feature of SPKI is that it's not X.509 (so it's a desi

Re: I'll show you mine if you show me, er, mine

"R.A. Hettinga" <[EMAIL PROTECTED]> forwarded: >Briefly, it works like this: point A transmits an encrypted message to point >B. Point B can decrypt this, if it knows the password. The decrypted text is >then sent back to point A, which can verify the decryption, and confirm that >point B really d

Re: On the road to truth and madness

>We were somewhere around Barstow on the edge of the desert when the drugs >began to take hold. The following was my variant on this from a few years ago, representing the 56th IETF PKIX meeting minutes. Note that this is from the book form, not the film version of the text: -- Snip -- We were

Re: How to Stop Junk E-Mail: Charge for the Stamp

Barry Shein <[EMAIL PROTECTED]> writes: >Eventually email will just collapse (as it's doing) and the RBOCs et al will >inherit it and we'll all be paying 15c per message like their SMS services. And the spammers will be using everyone else's PC's to send out their spam, so the spam problem will s

RE: Dell to Add Security Chip to PCs

Erwann ABALEA <[EMAIL PROTECTED]> writes: >I've read your objections. Maybe I wasn't clear. What's wrong in installing a >cryptographic device by default on PC motherboards? I work for a PKI 'vendor', >and for me, software private keys is a nonsense. A simple crypto device controlled by the same

RE: Dell to Add Security Chip to PCs

"Tyler Durden" <[EMAIL PROTECTED]> writes: >That "chip"...is it likely to be an ASIC or is there already such a thing as >a security network processor? (ie, a cheaper network processor that only >handles security apps, etc...) > >Or could it be an FPGA? Neither. Currently they've typically bee

Re: Unintended Consequences

Steve Furlong <[EMAIL PROTECTED]> writes: >I tried, years before _UC_ came out, to get some friends to name their >daughter Chlamydia. They didn't know what the word meant, but for some reason >didn't trust my advice. Nor did they like Pudenda. One of the characters in Hercules Returns is called

Re: Anti-RFID outfit deflates Mexican VeriChip hype

"R.A. Hettinga" <[EMAIL PROTECTED]> forwarded: >"Promoting implanted RFID devices as a security measure is downright 'loco,'" >says Katherine Albrecht. "Advertising you've got a chip in your arm that >opens important doors is an invitation to kidnapping and mutilation." Since kidnapping is sort o

Re: Cell Phone Jammer?

"Tyler Durden" <[EMAIL PROTECTED]> writes: >Anyone know from first-hand experience about cellphone jammers? > >I need... > >1) A nice little portable, and Try the SH066PL, a nice portable that looks exactly like a cellphone, it's one of the few portables I know of. >2) A higher-powered one that

Re: This Memorable Day

ken <[EMAIL PROTECTED]> writes: >James A. Donald wrote: >> So far the Pentagon has >> shattered the enemy while suffering casualties of about a thousand, >> which is roughly the same number of casualties as the British empire >> suffered doing regime change on the Zulu empire - an empire of a >> q

Re: In a Sky Dark With Arrows, Death Rained Down

"James A. Donald" <[EMAIL PROTECTED]> writes: >Peter Gutmann wrote: >>Nobles expected to surrender to other nobles and be ransomed. >>Commoners didn't respect this, and almost never took prisoners. >>Henry's orders didn't make that much diffe

Re: In a Sky Dark With Arrows, Death Rained Down

"James A. Donald" <[EMAIL PROTECTED]> writes: >I find this very hard to believe. Post links, or give citations. Normally I'd dig up various refs, but since this topic has been beaten to death repeatedly in places like soc.history.medieval, and the debate could well go on endlessly in the manner

Re: This Memorable Day

[EMAIL PROTECTED] (=?iso-8859-1?Q?Tiarn=E1n_=D3_Corr=E1in?=) writes: >The Russians (for example) conquered Hitler's capital, Berlin. And I believe >the Russian zone in Germany was larger than any of the others, reflecting the >fact that Stalin bore most of entire burden of defeating Germany, >unco

Re: In a Sky Dark With Arrows, Death Rained Down

"R.A. Hettinga" <[EMAIL PROTECTED]> writes: >These were not the sort of sporting arrows skillfully shot toward gayly >colored targets by Victorian archery societies (charmingly described by Mr. >Soar in later chapters) but heavy "bodkin pointed battle shafts" that went >through the armor of man an

Re: This Memorable Day

"James A. Donald" <[EMAIL PROTECTED]> writes: >But it is hardly a matter of "holding out". So far the Pentagon has >shattered the enemy while suffering casualties of about a thousand, We're talking about different things, the War on Bogeymen vs. the War for Oil. In its war on bogeymen, the most

Re: This Memorable Day

"R.A. Hettinga" <[EMAIL PROTECTED]> writes: >Germany 1944 does not equal USA 2004, no matter how hard you twist the >kaleidoscope. Fighting an unwinnable war always seems to produce the same type of rhetoric, whether it's the war on some drugs, the war on anyone Bush doesn't like, or the war on a

Re: This Memorable Day

"R.A. Hettinga" <[EMAIL PROTECTED]> writes: >At 3:32 AM +1300 11/3/04, Peter Gutmann wrote: >>Eugen Leitl <[EMAIL PROTECTED]> writes: >>>On Tue, Nov 02, 2004 at 08:16:41AM -0500, R. A. Hettinga wrote: >>>><http://online.wsj.com/article_p

Re: This Memorable Day

Eugen Leitl <[EMAIL PROTECTED]> writes: >On Tue, Nov 02, 2004 at 08:16:41AM -0500, R. A. Hettinga wrote: >> >No cypherpunks content. Just local politics. And it's not even original, they've mostly just translated it into English,

Re: Cyclotrimethylene trinitramine

John Young <[EMAIL PROTECTED]> writes: >Generously, the US government offers a complete set of photos, >drawings, process diagrams and descriptions for an RDX manufacturing >plant. Library of Congress has the info in its Historic American >Engineering Record. It's not all too hard to make from

Vote-counting glitch in NZ local elections

Looks like you can mess up voting even if there is a paper trail. These are paper votes that are electronically counted, so the problem was in the electronic processing, not the actual voting procedure. http://www.nzherald.co.nz/storydisplay.cfm?storyID=3600391&thesection=news&thesubsection=gener

At least there's some (attempt at) common sense in airline security

http://www.nzherald.co.nz/storydisplay.cfm?storyID=3600794&thesection=news&thesubsection=general Ease off says air security boss 15.10.2004 Security on domestic flights is too strict and should be downgraded, says the head of the Aviation Security Service. General manager Mark Everitt, a former

Re: Cash, Credit -- or Prints?

Alan Barrett <[EMAIL PROTECTED]> writes: >On Tue, 12 Oct 2004, John Kelsey wrote: >>but there doesn't seem to be a clean process for determining how >>skilled an attacker needs to be to, say, scan my finger once, and >>produce either a fake finger or a machine for projecting a fake >>fingerprint i

Re: Foreign Travelers Face Fingerprints and Jet Lag

Steve Furlong <[EMAIL PROTECTED]> writes: >On Sun, 2004-10-03 at 05:18, Peter Gutmann wrote: >>The US now has the dubious distinction of being more obnoxious to get through >>the borders than the former East Germany (actually even without this measure, >>the checks had b

Re: Foreign Travelers Face Fingerprints and Jet Lag

"R. A. Hettinga" <[EMAIL PROTECTED]> writes: >NEWARK, Sept. 30 - Laetitia Bohn walked into Newark Liberty International >Airport on Thursday, dazed and sleepy after an eight-hour flight from Paris, >and was jolted from her reverie when an immigration officer asked for her >photograph and fingerpri

Re: "Forest Fire" responsible for a 2.5mi *mushroom cloud*?

"Major Variola (ret)" <[EMAIL PROTECTED]> writes: >AN is extremely deliquescent; perhaps the sulphate was for that? No, it was specifically required as a desensitiser by the European nitrogen cartel, since they felt the pure nitrate was too dangerous for processing into fertiliser. >Removing chu

Re: "Forest Fire" responsible for a 2.5mi *mushroom cloud*?

"J.A. Terranson" <[EMAIL PROTECTED]> writes: >Wow! I had no idea ammonium nitrate (ANFO for all intents and purposes, >yes?) could produce that kind of result! How much was there? 4,500 tons, of which only 10% detonated. (The nitrate was desensitised with ammonium sulfate and stored outside, w

Re: "Forest Fire" responsible for a 2.5mi *mushroom cloud*?

Eugen Leitl <[EMAIL PROTECTED]> writes: >About 4.5 kT of 50:50 ammonium nitrate/ammonium sulfate mix. One of the >largest, if not *the* largest nonnuclear explosions ever. The largest man-made explosion is usually claimed to be Halifax (about 3000 tons of assorted HE's), but there are a pile of o

Cheesecloth security for hard drives

Globalwin has just introduced an external hard drive enclosure (http://www.htpcnews.com/main.php?id=dorri_1) with built-in 40-bit DES encryption (and if it's the HW I think it is, that's 40-bit DES in ECB mode, and the vendor generates the key for you). Peter.

Re: TERRORISTS ARE AMONG US! (Was: A close look at John Kerry's *real* tech agenda )

>The threats on New York, New Jersey and Washington DC serve as a reminder >that the terrorists are among us here at home. He went on to remind citizens to stay alert, trust no-one, and keep their lasers handy. Peter.

Re: Giesecke & Devrient

Eugen Leitl <[EMAIL PROTECTED]> writes: >I have no smart card background, unfortunately. I've heard G&D ignores >requests from open source developer people, though. Yup. It's standard banking-industry stuff, unless you're a large bank/government/whatever and are prepared to sign over your firstb

Re: Giesecke & Devrient

Eugen Leitl <[EMAIL PROTECTED]> writes: >Assuming I generate a key on a RSA smart card made by G&D, what kind of >prestige track do these people have? > >They seem to be pretty secretive, that's not a good sign. G&D produce (or help produce) things like banknotes and passports (and have been doin

Re: Texas oil refineries, a White Van, and Al Qaeda

"Tyler Durden" <[EMAIL PROTECTED]> writes: >*: A year or two ago someone posted about the blow up of Texas City back in >the early 1950s. 1947. >Apparently, some kind of tanker hit something else and set of a chain >reaction killing thousands and wiping out the town After several earlier event

Re: Texas oil refineries, a White Van, and Al Qaeda

Justin <[EMAIL PROTECTED]> writes: >HOUSTON (Reuters) - Law enforcement officials said on Monday they are looking >for a man seen taking pictures of two refineries in Texas City, Texas. At Usenix Security a few years back, we [a bunch of random security people, most of whom were foreign nationals

Re: vacuum-safe laptops ?

Thomas Shaddack <[EMAIL PROTECTED]> writes: >There are many various embedded computers available on the market, eg. the >one from . (Question for the crowd: anybody knows >other comparable or better Linux-ready affordable embedded computer >solutions?) When I investigated

Re: UBL is George Washington

"Tyler Durden" <[EMAIL PROTECTED]> writes: >If they took out a few key COs downtown one morning the effect on the economy >would be significant. It depends on what your goal is. As someone else on this list pointed out, terrorism is just another form of PR. If OBL took out (say) that huge AT&T

Re: UBL is George Washington

Anonymous <[EMAIL PROTECTED]> writes: >But asymm warfare has to accomplish its goal. It's not being very >successful. It's been extraordinarily successful. The US is driving itself (and a lot of the rest of the world) nuts with terrorists-under-the-beds paranoia. I recently saw a replay of som

Re: [IP] When police ask your name,

>At 01:53 AM 6/25/2004, Eugen Leitl wrote: >>The transcription rules for furriner names are strict, too. >>No Phn'glui M'gl wna'f, Cthulhu R'lyeh Wgha Nagl Ftaghn for you. > >Just as well. They'd probably make you fill the form out in triplicate, In his house at R'lyeh, dead Cthulhu waits knitti

Re: crypto on *really* cheap hardware

>I presume most people have by now read Cringely's piece on hacked Linux for >Linksys WRT54G (and clones): > >[...] > >It does VoIP, prioritizes traffic, has currently VPN pass-through and will do >IPsec on future mesh-supporting firmware. You forgot to mention "sometimes it'll stay up for as long

Re: Breaking Iranian Codes (Re: CRYPTO-GRAM, June 15, 2003)

"R. A. Hettinga" <[EMAIL PROTECTED]> forwarded: >So now the NSA's secret is out. The Iranians have undoubtedly changed >their encryption machines, and the NSA has lost its source of Iranian >secrets. But little else is known. Who told Chalabi? Only a few >people would know this important U.S.

The life of a Kiwi contractor in Iraq

There's an interesting look at the situation in Iraq from the point of view of a third-party contractor, in an article in the Sunday Star Times, http://www.stuff.co.nz/stuff/sundaystartimes/0,2106,2908644a6442,00.html. Most quotable quote: The thing that pisses us off is the Yanks had no idea wh

Re: Fortress America mans the ramparts

"Major Variola (ret)" <[EMAIL PROTECTED]> writes: >PS: what happens if your passport's chip doesn't work? Do you get sent back >and the airline fined $10K? Do you wait extra time while the still-readable >passport number indexes your record online? How much extra time? (Anyone >have experience

Re: Earthlink to Test Caller ID for E-Mail

Eugen Leitl <[EMAIL PROTECTED]> writes: >"A way that works" would involve passphrase-locked keyrings, and forgetful >MUAs (this mutt only caches the passphrase for a preset time). "A way that works *in theory* would involve ...". The chances of any vendor of mass-market software shipping an MUA

Re: Earthlink to Test Caller ID for E-Mail

"R. A. Hettinga" <[EMAIL PROTECTED]> writes: >If we really do get cryptographic signatures on email in a way that works, >expect 80% of all spam to be blown away as a matter of course. I think you mean: If we really do get cryptographic signatures on email in a way that works, expect 80% of

Re: Call to the Usual Suspects

"Trei, Peter" <[EMAIL PROTECTED]> writes: >I'll be in the SF/SJ area the week of the RSA conference. Anyone interested >in getting together for dinner one night? Do these things actually get organised? I thought you just bump into other Cpunks via the usual Brownian motion and at some point some

Re: FCC vs decentralization

Eugen Leitl <[EMAIL PROTECTED]> writes: >On Fri, Feb 13, 2004 at 04:36:56PM +0100, Thomas Shaddack wrote: >> FCC recently mandated fees for Internet radio "broadcasters", based on the > >You're hailing from .cz, me from .de. Of what relevance is FCC to us? The RIAA/MPAA and US govt.are working on

uATX motherboard with built-in crypto

I just noticed that ABIT have a nice uATX motherboard with a built-in Cavium crypto engine "capable of processing up to 400Mbps of IPSec traffic or 3,500 RSA operations per second". Details at http://www.abit-usa.com/products/servers/products.php?categories=4&model=69. Peter.

Re: U.S. in violation of Geneva convention?

Nomen Nescio <[EMAIL PROTECTED]> writes: >After WWI the "winners" humiliated the loosers badly. This is one of the main >reasons Hitler came to power and got support from the Germans for the >aggressions that started the war. He managed to use these feelings of being >treated as dogs and paying to

RE: [Asrg] Re: [Politech] Congress finally poised to vote on anti -spam bill [sp]

"Hallam-Baker, Phillip" <[EMAIL PROTECTED]> writes: >DNSSEC is not happening, blame Randy Bush and the IESG for refusing the >working group consensus and imposing their own idea that cannot be deployed. >An experimental protocol that increases the volume of data in the .com zone >by an order of ma

RE: C3 Nehemia C5P with better hardware RNG and AES support

coderman <[EMAIL PROTECTED]> >I have written some poor code and info regarding the C5XL (nehemiah) and >linux: > >http://peertech.org/hardware/viarng/ I've got code to use it under Windows in the latest cryptlib snapshots (soon to be the 3.1 release), which you can grab via the download link

Re: Partition Encryptor

"Stirling Westrup" <[EMAIL PROTECTED]> writes: >Does anyone know of a good partition encryptor for Windows? I know of an >accountant who would like to encrypt her client's financial data. She's stuck >with Windows until such time as a major company starts shipping yearly tax >software for linux. >

Re: Chaumian blinding & public voting?

Tim May <[EMAIL PROTECTED]> writes: >(I bought _one_ lottery ticket, for $1, just to see how the numbers were >done. Lotteries are of course a tax on the gullible and stupid.) A friend of mine likes to say that lotteries are a tax on stupidity: The dumber you are, the more tax you have to pay. P

Spelling corrections are now export-controlled

Looks like the USG is going to outdo its ITAR silliness of a few years ago with something even more ridiculous: Grammar and spelling corrections now require an export license. The following was forwarded to me by Clark Thomborson: -- Snip -- Dear colleagues, If I'm reading http://chronicle.com/

Re: NSA Turns To Commercial Software For Encryption (fwd from brian-slashdotnews@hyperreal.org)

"Dave Howe" <[EMAIL PROTECTED]> writes: >I was under the impression they had just licenced their *patent* Yup, and that's all they did. I've seen some downright bizarre interpretations of this particular portent on the web ( slashdot), but the simple fact is that the NSA, in its role as the agen

RE: RSA performance on Athlon64 vs. Itanium

"Lucky Green" <[EMAIL PROTECTED]> writes: >I since ran additional tests. All tests are for 1024-bit RSA signatures. Taking some guesses here at the code being used: >1) OpenSSL as shipping with the RedHat Taroon beta for Athlon 64: > >921 RSA signatures/second x86-32 hand-tuned asm optimised fo

RE: C3 Nehemia C5P with better hardware RNG and AES support

"Lucky Green" <[EMAIL PROTECTED]> writes: >Peter wrote: >> In case anyone's interested, there's a cpu die photo at >> http://www.sandpile.org/impl/pics/centaur/c5xl/die_013_c5p.jpg >> showing the amount of real estate consumed by the crypto functions >> (it's the bottom centre, a bit hard to read t

Re: RSA performance on Athlon64 vs. Itanium

"J.A. Terranson" <[EMAIL PROTECTED]> writes: >On Sun, 12 Oct 2003, Lucky Green wrote: >> I just picked up an Athlon64 3200+, which runs at a 2 GHz clock speed. >> Using the Red Hat for AMD64 beta and the version of OpenSSL that ships >> with that beta, I get 922 1024-bit RSA signs per second. This

Re: C3 Nehemia C5P with better hardware RNG and AES support

In case anyone's interested, there's a cpu die photo at http://www.sandpile.org/impl/pics/centaur/c5xl/die_013_c5p.jpg showing the amount of real estate consumed by the crypto functions (it's the bottom centre, a bit hard to read the label). Peter.

Re: C3 Nehemia C5P with better hardware RNG and AES support

"Ralf-P. Weinmann" <[EMAIL PROTECTED]> writes: >Look at the PadLock ACE programming guide The security app note is also entertaining reading. For example it lists one of the motivations for getting security right as "your husband may find out ..". On why they didn't save a copy of the test data

Re: Walker: NAT means you are a consumer, not a peer

Thomas Shaddack <[EMAIL PROTECTED]> writes: >>Also Speak Freely maintenance is ending. > >Not really. The project is moved to Sourceforge. Isn't that synonymous with "Speak Freely maintenance is ending"? Peter :-).

Re: Fatherland Security agents above the law?

"Tyler Durden" <[EMAIL PROTECTED]> writes: >"The Fatherland Security troops are publicly embaressed and showing their >brown shirts." > >Well, I'm not convinced you guys have detected the right intended message >here. > >Basically, the real message may be: "it's impossible to protect Americans >th

Re: U.S. Drops 'E-Bomb' On Iraqi TV

"Kevin S. Van Horn" <[EMAIL PROTECTED]> writes: >I can think of several entirely ethical uses of nuclear weapons, with the >usage not motivated by hate but simple utility: > >1. You have a large invading fleet approaching your nation. A few nukes out >in the middle of the ocean could handily take

RE: U.S. Drops 'E-Bomb' On Iraqi TV

Steve Schear <[EMAIL PROTECTED]> writes: >At 01:46 AM 3/28/2003 +1200, Peter Gutmann wrote: >>John Young <[EMAIL PROTECTED]> writes: >> >>>Whether either of these work as bragged or are psyop mirages is worth betting >>>an WMD Indian nickle on. >>

RE: U.S. Drops 'E-Bomb' On Iraqi TV

John Young <[EMAIL PROTECTED]> writes: >Whether either of these work as bragged or are psyop mirages is worth betting >an WMD Indian nickle on. It's a cool toy, but I can't see someone using a $1M e-bomb when a $1000 Mk.82 will do the same thing, especially if there's any chance it'll be captured

Re: U.S. Drops 'E-Bomb' On Iraqi TV

Sarad AV <[EMAIL PROTECTED]> writes: >> The highly classified bomb creates a brief pulse of >> microwaves powerful enough to fry computers, blind >> radar, silence radios, trigger crippling power >> outages and disable the electronic ignitions in >> vehicles and aircraft. > >the existance of such a

Re: Things are looking better all the time

Bill Stewart <[EMAIL PROTECTED]> writes: >At 04:14 PM 03/26/2003 +1200, Peter Gutmann wrote: >>The RAF used an EFP in 1989 to assassinate the chairman of Deutsche Bank > >I assume that's some Italian or German group's acronym and not Britain's >Royal Air

Re: Things are looking better all the time

Steve Schear <[EMAIL PROTECTED]> writes: >I seem to recall that with sufficient knowledge and commonly available >detonators shaped explosive charges can be configured to hurl heavy >explosive payloads, much like a mortar, with fair accuracy, great distance >or very high velocity. I can't seem to

Re: Brumley & Boneh timing attack on OpenSSL

Bill Stewart <[EMAIL PROTECTED]> writes: >Schmoo Group response on cryptonomicon.net >http://www.cryptonomicon.net/modules.php?name=News&file=article&sid=263&mode=&order=0&thold=0 >Apparently OpenSSL has code to prevent the timing attack, >but it's often not compiled in (I'm not sure how much that

Re: Who Owns the News

Eric Cordian <[EMAIL PROTECTED]> writes: >We've pretty much gotten to the point where the only places real news can be >found in America these days is on Indymedia and The Daily Show with Jon >Stewart. A sad situation for a country with an alleged "free press." There was an article in some UK pa

Re: Cavium Security Processor

Mike Rosing <[EMAIL PROTECTED]> writes: >From http://www.cavium.com/newsevents_Nitrox2PR.htm: "Product pricing at 1KU >lot quantities ranges from $295 for the CN2130 to $795 for the CN2560. The >NITROX II Software Development Kit is priced at $9995." > >Not priced for a huge number of implementors

Re: Ethnomathematics

John Bethencourt <[EMAIL PROTECTED]> writes: >On Wed, Feb 26, 2003 at 10:02:05PM +1300, Peter Gutmann wrote: >>Well, I made a start a few years ago with "Network Security: A Feminist >>Perspective" (done when "people ask me to do security talks for them without

Re: Ethnomathematics

Bill Stewart <[EMAIL PROTECTED]> writes: >Actually doing a female-oriented physics or teaching curriculum is fine, if >somebody can do a good job of it. Well, I made a start a few years ago with "Network Security: A Feminist Perspective" (done when "people ask me to do security talks for them wit

Re: Congressmen in need of composting: Manzanar fine with him

"Major Variola (ret)" <[EMAIL PROTECTED]> writes: >Why don't they stop pretending and call it Fatherland Security Agency? Because then the Russian translation of the name wouldn't be "KGB" any more (well, it'd be less close to KGB than it is now). Peter.

The Crypto Gardening Guide and Planting Tips

After much procrastination I recently put the Crypto Gardening Guide and Planting Tips online at http://www.cs.auckland.ac.nz/~pgut001/pubs/crypto_guide.txt, this may be of interest to readers. From the introduction: There has been a great deal of difficulty experienced in getting research pe

Re: Putting the "NSA Data Overwrite Standard" Legend to Death... (fwd)

Thomas Shaddack <[EMAIL PROTECTED]> writes: >Second, where did the number 7 really come from? >From the OSI 7-layer model, which took it from the fact that the number 7 is sacred to a certain tribe in Borneo (see "The Elements of Networking Style", by Mike Padlipsky). Peter.

Sovereignty issues and Palladium/TCPA

It looks like Palladium (or whatever it's called this week) is of concern not just to individuals but to governments as well (the following text forwarded from elsewhere): -- Snip -- Governments would want to explore the implications of the use and retention of government-held information and u

Re: Big Brotherish Laws

Bill Stewart <[EMAIL PROTECTED]> writes: >I have heard of one case where somebody was stopped in Nevada, and instead of >presenting his California driver's license, if any, he presented his >somewhere-in-the-Caribbean non-photo license and an international driver's >license, and that was just fine

Re: Dossiers and Customer Courtesy Cards

Tim May <[EMAIL PROTECTED]> writes: >On Tuesday, December 31, 2002, at 09:49 AM, Kevin Elliott wrote: >>At 12:12 -0500 on 12/31/02, Adam Shostack wrote: >>>Rummaging through my wallet...a grocery card in the name of Hughes, a >>>credit card with the name Shostack, and an expired membership card

Re: Dossiers and Customer Courtesy Cards

Tim May <[EMAIL PROTECTED]> writes: >Collecting valid name information costs a vendor money (both in labor, >computerization/records, and in driving some customers elsewhere). It also >deters some people from completing transactions. To see an example of data collection done on a grand scale, hav

Re: ACLU funds Total Awareness of State Abuse

[Apologies if you've seen this before, one of our machines has been quietly dropping outgoing mail...] "Major Variola (ret)" <[EMAIL PROTECTED]> writes: >It's a mirror image to the government's plan to empower some Americans to >check on their neighbors, under a program known as the Terrorism In

Re: sleep deprivation was Re: Torture done correctly is a terminal process

Steve Schear <[EMAIL PROTECTED]> writes: >I read some books in my youth on SH and found I could put myself in a self- >induced altered reality state from which I could not be easily awakened. I've had that too, listening to pre-election party political broadcasts. >physical abuse might be thwart

Digital signature legislation tutorial posted

I've recently revamped part 2 of my Godzilla security tutorial, splitting off the coverage of digital signature legislation and related issues into its own section. Part2a, consisting of a total of 79 slides, covers the question of why we need digital signature legislation, what is a signature, pa

RE: Did you *really* zeroize that key?

"James A. Donald" <[EMAIL PROTECTED]> writes: >If the optimizer ever optimizes away a write to volatile >memory, device drivers will fail. Most device drivers are >written in C. If anyone ever produces a C compiler in which >"volatile" does not do what we want, not only are they out of >spec, bu

Re: Did you *really* zeroize that key?

David Honig <[EMAIL PROTECTED]> writes: >Wouldn't a crypto coder be using paranoid-programming skills, like >*checking* that the memory is actually zeroed? (Ie, read it back..) >I suppose that caching could still deceive you though? You can't, in general, assume the compiler won't optimise this

Re: Did you *really* zeroize that key?

>[Moderator's note: FYI: no "pragma" is needed. This is what C's "volatile" > keyword is for. No it isn't. This was done to death on vuln-dev, see the list archives for the discussion. Peter.

Re: Warning.. Warning.. *bleep*

anonymous <[EMAIL PROTECTED]> writes: >"Officials said the warning, based on information obtained from al Qaeda >prisoners in mid-October, suggested that terrorists may try to destroy >bridges or key sections of tracks. Having experienced the US rail system in the past, would anyone even notice i

Re: Using mobile phone masts to track things

Scribe <[EMAIL PROTECTED]> writes: >"The technology 'sees' the shapes made when radio waves emitted by mobile >phone masts meet an obstruction. Signals bounced back by immobile objects, >such as walls or trees, are filtered out by the receiver. This allows >anything moving, such as cars or people

Interesting KPMG report on DRM

KPMG have a report "The Digital Challenge: Are You Prepared?" available at http://www.kpmg.com/news/index.asp?cid=660 in which they surveyed execs at media companies and conclude that they're focusing too much on (trying to) lock up content using encryption rather than how to do something useful w

Re: What email encryption is actually in use?

"David Howe" <[EMAIL PROTECTED]> writes: >at Wednesday, October 02, 2002 3:13 AM, Peter Gutmann ><[EMAIL PROTECTED]> was seen to say: >>As opposed to more conventional encryption, where you're protecting >>nothing at any point along the chain, because

Re: What email encryption is actually in use?

"David Howe" <[EMAIL PROTECTED]> writes: >at Tuesday, October 01, 2002 3:08 AM, Peter Gutmann ><[EMAIL PROTECTED]> was seen to say: >>For encryption, STARTTLS, which protects more mail than all other >>email encryption technology combined. See >

Re: What email encryption is actually in use?

"James A. Donald" <[EMAIL PROTECTED]> writes: >To the extent that real people are using digitally signed and or encrypted >messages for real purposes, what is the dominant technology, or is use so >sporadic that no network effect is functioning, so nothing can be said to be >dominant? For encryp

Real-world steganography

I recently came across a real-world use of steganography which hides extra data in the LSB of CD audio tracks to allow (according to the vendor) the equivalent of 20-bit samples instead of 16-bit and assorted other features. According to the vendors, "HDCD has been used in the recording of more th

Re: What good are smartcard readers for PCs

I wrote: >The FAQ handwaves the details, so it could be either 1 or 3. Can someone who >has one of these things try reading the ATR off it? He Who has No Shame [0] reports that it's a GemClub memory card, which is reasonably similar to the old SLE4428-style cards: 256 bytes of memory, some of i

  1   2   >