Re: Obama administration seeks warrantless access to email headers.
Perry, The administration wants to add just four words -- electronic communication transactional records -- to a list of items that the law says the FBI may demand without a judge's approval. Government Would that really make that much of a difference? In Germany, at least, the so-called judge's approval often isn't worth a penny, esp. wrt. phone surveillance. It simply is way too easy to get such an approval, even afterwards. Cheers, Stefan. -- Stefan Kelm sk...@bfk.de BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstrasse 100 Tel: +49-721-96201-1 D-76133 Karlsruhe Fax: +49-721-96201-99 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: A mighty fortress is our PKI, Part II
Peter, In any case though the whole thing is really a moot point given the sucking void that is revocation-handling, the Realtek certificate was revoked on the 16th but one of my spies has informed me that as of yesterday it was still regarded as valid by Windows. I can confirm that, at least for XP SP3: revocation just doesn't matter. What's even more worrying is the fact that one of the stuxnet/tmphider variants used the lnk exploit to install a dll signed w/ the (expired) Realtek key but w/ a *broken* signature in the first place. Still, it doesn't matter altough, as wireshark tells me, the host connects to microsoft.com in order to fetch certificates. When looking at the file properties, though, Windows tells you that this digital signature is not valid ... :-( Cheers, Stefan. -- Stefan Kelm sk...@bfk.de BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstrasse 100 Tel: +49-721-96201-1 D-76133 Karlsruhe Fax: +49-721-96201-99 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: A mighty fortress is our PKI, Part II
Perry, I think public key cryptography is a wonderful thing. I'm just not sure I believe at all in PKI -- that is, persistent certification via certificates, certificate revocation, etc. I'm sure you remember Peter Honeyman's PK-no-I talk from the '99 USENIX Security Symposium? :-) Cheers, Stefan. -- Stefan Kelm sk...@bfk.de BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstrasse 100 Tel: +49-721-96201-1 D-76133 Karlsruhe Fax: +49-721-96201-99 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: TLS break
Jonathan, Anyone care to give a layman's explanation of the attack? The I find this paper to be useful: http://www.g-sec.lu/practicaltls.pdf Cheers, Stefan. -- Stefan Kelm sk...@bfk.de BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstrasse 100 Tel: +49-721-96201-1 D-76133 Karlsruhe Fax: +49-721-96201-99 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: HSM outage causes root CA key loss
http://www.heise.de/security/E-Gesundheitskarte-Datenverlust-mit-Folgen--/news/meldung/141864 reports that the PKI for their electronic health card has just run into trouble: they were storing the root CA key in an HSM, which failed. They now have a PKI with no CA key for signing new certs or revoking existing ones. Actually, for a couple of days now they didn't stop pointing out that they were still running the PKI in a test environment and that only 'a few hundred test cards' are affected... Just stupid nonetheless... :-\ Cheers, Stefan. -- Stefan Kelm sk...@bfk.de BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstrasse 100 Tel: +49-721-96201-1 D-76133 Karlsruhe Fax: +49-721-96201-99 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
[heise online UK] Secure deletion: a single overwrite will do it
The myth that to delete data really securely from a hard disk you have to overwrite it many times, using different patterns, has persisted for decades, despite the fact that even firms specialising in data recovery, openly admit that if a hard disk is overwritten with zeros just once, all of its data is irretrievably lost. Craig Wright, a forensics expert, claims to have put this legend finally to rest. He and his colleagues ran a scientific study to take a close look at hard disks of various makes and different ages, overwriting their data under controlled conditions and then examining the magnetic surfaces with a magnetic-force microscope. They presented their paper at ICISS 2008 and it has been published by Springer AG in its Lecture Notes in Computer Science series (Craig Wright, Dave Kleiman, Shyaam Sundhar R. S.: Overwriting Hard Drive Data: The Great Wiping Controversy). They concluded that, after a single overwrite of the data on a drive, whether it be an old 1-gigabyte disk or a current model (at the time of the study), the likelihood of still being able to reconstruct anything is practically zero. Well, OK, not quite: a single bit whose precise location is known can in fact be correctly reconstructed with 56 per cent probability (in one of the quoted examples). To recover a byte, however, correct head positioning would have to be precisely repeated eight times, and the probability of that is only 0.97 per cent. Recovering anything beyond a single byte is even less likely. Nevertheless, that doesn't stop the vendors of data-wiping programs offering software that overwrites data up to 35 times, based on decades-old security standards that were developed for diskettes. Although this may give a data wiper the psychological satisfaction of having done a thorough job, it's a pure waste of time. Something much more important, from a security point of view, is actually to overwrite all copies of the data that are to be deleted. If a sensitive document has been edited on a PC, overwriting the file is far from sufficient because, during editing, the data have been saved countless times to temporary files, back-ups, shadow copies, swap files ... and who knows where else? Really, to ensure that nothing more can be recovered from a hard disk, it has to be overwritten completely, sector by sector. Although this takes time, it costs nothing: the dd command in any Linux distribution will do the job perfectly. (djwm) http://www.heise-online.co.uk/news/Secure-deletion-a-single-overwrite-will-do-it--/112432 T.I.S.P. - Lassen Sie Ihre Qualifikation zertifizieren vom 09.-13.03.2009 - http://www.secorvo.de/college/tisp/ - Stefan Kelm Security Consulting Secorvo Security Consulting GmbH Ettlinger Strasse 12-14, D-76137 Karlsruhe Tel. +49 721 255171-304, Fax +49 721 255171-100 stefan.k...@secorvo.de, http://www.secorvo.de/ PGP: 87AE E858 CCBC C3A2 E633 D139 B0D9 212B Mannheim HRB 108319, Geschaeftsfuehrer: Dirk Fox - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: EV certs: Doing more of what we already know doesn't work
Cool! ;-) Verisign's CPS has been an inspiration for me for quite a few years now. E.g., this statement has been in there for a number of years: The Certificate, however, provides no proof of the identity of the Subscriber. Taken from page 12 of the current version, obviously (?) referring to so-called Class 3 certificates. Cheers, Stefan. - Stefan Kelm Security Consulting Secorvo Security Consulting GmbH Ettlinger Strasse 12-14, D-76137 Karlsruhe Tel. +49 721 255171-304, Fax +49 721 255171-100 [EMAIL PROTECTED], http://www.secorvo.de/ PGP: 87AE E858 CCBC C3A2 E633 D139 B0D9 212B Mannheim HRB 108319, Geschaeftsfuehrer: Dirk Fox - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: road toll transponder hacked
http://en.wikipedia.org/wiki/Toll_Collect is in operation in entire Germany. It does OCR on all license plates (also used for police purposes in realtime, despite initial vigorous denial) but currently is only used for truck toll. How well does that actually work? There were many articles in RISKS Digest about problems with the early deployment. That's true wrt to early deployment. Given that the Toll Collect system has been up and running since January 2005 it (technically) runs surprisingly well. They have improved tremendously and are likely to sell their technology to other european countries. Cheers, Stefan. Symposium Wirtschaftsspionage 03.09.2008 KA/Ettlingen http://www.symposium-wirtschaftsspionage.de/ - Stefan Kelm Security Consulting Secorvo Security Consulting GmbH Ettlinger Strasse 12-14, D-76137 Karlsruhe Tel. +49 721 255171-304, Fax +49 721 255171-100 [EMAIL PROTECTED], http://www.secorvo.de/ PGP: 87AE E858 CCBC C3A2 E633 D139 B0D9 212B Mannheim HRB 108319, Geschaeftsfuehrer: Dirk Fox - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: road toll transponder hacked
everything forever. With disk prices falling as they are, keeping everything is cheaper than careful selective deletion, that's for sure. I disagree. We've been helping the German Toll Collect system (as discussed in this thread as well) setting up and implementing their data privacy concept. This concept requires Toll Collect to delete almost any data after a certain (quite short, actually) amount of time. Even with disk prices falling they save lots and lots of money (even compared to what we charged them for telling them... :-) ). Cheers, Stefan. Symposium Wirtschaftsspionage 03.09.2008 KA/Ettlingen http://www.symposium-wirtschaftsspionage.de/ - Stefan Kelm Security Consulting Secorvo Security Consulting GmbH Ettlinger Strasse 12-14, D-76137 Karlsruhe Tel. +49 721 255171-304, Fax +49 721 255171-100 [EMAIL PROTECTED], http://www.secorvo.de/ PGP: 87AE E858 CCBC C3A2 E633 D139 B0D9 212B Mannheim HRB 108319, Geschaeftsfuehrer: Dirk Fox - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Kiwi expert cracks chip passport
Peter, Which card reader(s) did you use? Adam and I used the Omnikey Cardman 5321 Did the Golden Reader Tool (GRT) recognize the Cardman reader w/o any modifications? The most current version I have (GRT v2.9) says in the ePassport Reader List: - Integrated Engineering Smart-ID - NMDA Tx-PR-400 - Philips Pegoda Cheers, Stefan. Symposium Wirtschaftsspionage 03.09.2008 KA/Ettlingen http://www.symposium-wirtschaftsspionage.de/ - Stefan Kelm Security Consulting Secorvo Security Consulting GmbH Ettlinger Strasse 12-14, D-76137 Karlsruhe Tel. +49 721 255171-304, Fax +49 721 255171-100 [EMAIL PROTECTED], http://www.secorvo.de/ PGP: 87AE E858 CCBC C3A2 E633 D139 B0D9 212B Mannheim HRB 108319, Geschaeftsfuehrer: Dirk Fox - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Kiwi expert cracks chip passport
Peter, The original story was actually the coverage in the UK Times last week, Which card reader(s) did you use? Cheers, Stefan. Symposium Wirtschaftsspionage 03.09.2008 KA/Ettlingen http://www.symposium-wirtschaftsspionage.de/ - Stefan Kelm Security Consulting Secorvo Security Consulting GmbH Ettlinger Strasse 12-14, D-76137 Karlsruhe Tel. +49 721 255171-304, Fax +49 721 255171-100 [EMAIL PROTECTED], http://www.secorvo.de/ PGP: 87AE E858 CCBC C3A2 E633 D139 B0D9 212B Mannheim HRB 108319, Geschaeftsfuehrer: Dirk Fox - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: security questions
Wells Fargo is requiring their online banking customers to provide answers to security questions such as these: Does Wells Fargo really use the term security question here? Just wondering, Stefan. Symposium Wirtschaftsspionage 03.09.2008 KA/Ettlingen http://www.symposium-wirtschaftsspionage.de/ - Stefan Kelm Security Consultant Secorvo Security Consulting GmbH Ettlinger Strasse 12-14, D-76137 Karlsruhe Tel. +49 721 255171-304, Fax +49 721 255171-100 [EMAIL PROTECTED], http://www.secorvo.de/ PGP: 87AE E858 CCBC C3A2 E633 D139 B0D9 212B Mannheim HRB 108319, Geschaeftsfuehrer: Dirk Fox - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: the joy of enhanced certs
There's a nice short paper by Swiss Company keyon entitled Faking EV SSL in IE7: http://www.keyon.ch/de/News/Faking%20Extended%20Validation%20SSL%20Certificates%20in%20Internet%20Explorer%207%20V1.1b.pdf Cheers, Stefan. - Security Awareness Symposium 17.-18.06.2008 KA/Ettlingen http://www.security-awareness-symposium.de/ - Stefan Kelm Security Consultant Secorvo Security Consulting GmbH Ettlinger Strasse 12-14, D-76137 Karlsruhe Tel. +49 721 255171-304, Fax +49 721 255171-100 [EMAIL PROTECTED], http://www.secorvo.de/ PGP: 87AE E858 CCBC C3A2 E633 D139 B0D9 212B Mannheim HRB 108319, Geschaeftsfuehrer: Dirk Fox - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Want to drive a Jaguar?
Peter Gutmann wrote: http://eprint.iacr.org/2008/058 Physical Cryptanalysis of KeeLoq Code Hopping Applications Addition (http://www.heise-online.co.uk/security/news/print/110446): Scientists at the Ruhr-Universität Bochum[1] have defeated the Keeloq[2] immobiliser and door opener used in many cars. Attackers need only intercept two transmissions between the transmitter and receiver in order to clone the digital key and gain access to the car. Microchip Technology's RFID-based KeeLoq process, is used in automobiles manufactured by Chrysler, Daewoo, Fiat, General Motors, Honda, Toyota (Lexus), Volvo, Volkswagen and Jaguar. KeeLoq is also used in building access systems and garage door openers. Signal interception is possible at a range of 100 metres, according to Professor Christof Paar of the School of Electronics and Information Technology. In addition to gaining unauthorised access, the systems can be manipulated, denying the rightful owners access. Both the KeeLoq transmitter and receiver encrypt their signals. A proprietary, non-linear encryption algorithm is used which encrypts controller commands with a unique code before transmission to the vehicle. A 32 bit initialisation vector together with a 32 bit hopping code is used as a key. An ID unique to each electronic key is added to the calculation. But there is also a manufacturer's master key for all of the products in a series. This is precisely what Professor Paar's Bochum group was able to retrieve using a procedure known as side channel analysis. To obtain the master key the researchers used differential power analysis (DPA) and differential electromagnetic analysis (DEMA) at both the transmitter and receiver during the transmission. Once the master key is known, only two transmissions are needed in order to obtain the crypto key of a particular KeeLoq remote control. The vulnerability was tested on commercial systems, according the Bochum scientists. In early February the researchers presented a detailed description[3] of the attack that required them to intercept a number of activation procedures in order to obtain the manufacturer's key. At the CRYPTO 2007 cryptography conference, an international group of researchers presented a method by which the individual keys could be cracked[4] using distributed computing. Cheers, Stefan. [1] http://www.crypto.rub.de/en_news.html [2] http://www.microchip.com/stellent/idcplg?IdcService=SS_GET_PAGEnodeId=2074 [3] http://eprint.iacr.org/2008/058 [4] http://www.heise-online.co.uk/security/Computer-farm-cracks-car-key-code--/news/94874 - Identity Management Symposium 22.-23.04.2008 KA/Ettlingen http://www.identity-management-symposium.de/ - Stefan Kelm Security Consultant Secorvo Security Consulting GmbH Ettlinger Strasse 12-14, D-76137 Karlsruhe Tel. +49 721 255171-304, Fax +49 721 255171-100 [EMAIL PROTECTED], http://www.secorvo.de/ PGP: 87AE E858 CCBC C3A2 E633 D139 B0D9 212B Mannheim HRB 108319, Geschaeftsfuehrer: Dirk Fox - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Fwd: Study on the standardisation aspects of eSignatures
from the 'yet another study on signatures of the month' list: Von: isss-forum - CENORM created 6 March 98 [mailto:[EMAIL PROTECTED] Im Auftrag von Van den Berghe Luc Gesendet: Freitag, 18. Mai 2007 09:00 An: [EMAIL PROTECTED] Betreff: Re: Study on the standardisation aspects of eSignatures Dear Forum member, Please be informed that: For the European Commission, SEALED, DLA Piper and Across Communications are currently conducting a Public Survey on eSignatures standardisation aspects. This online survey aims to establish objective findings reflecting the market needs in this area. We urge you not to miss this opportunity to make your own contribution to a revamped eSignatures standardisation scheme for Europe. www.esstandardisation.eu http://www.esstandardisation.eu/ ___ CEN - European Committee for Standardization Luc Van den Berghe Unit Manager, Pre-Standards Rue de Stassart, 36 B-1050 Brussels tel: +32 2 550 09 57 fax: +32 2 550 08 19 E-mail: mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] Website: http://www.cen.eu www.cen.eu -- Security Awareness Symposium 12.-13.06.2007 KA/Ettlingen http://www.security-awareness-symposium.de/ Stefan Kelm Security Consultant Secorvo Security Consulting GmbH Ettlinger Strasse 12-14, D-76137 Karlsruhe Tel. +49 721 255171-304, Fax +49 721 255171-100 [EMAIL PROTECTED], http://www.secorvo.de/ PGP: 87AE E858 CCBC C3A2 E633 D139 B0D9 212B Mannheim HRB 108319, Geschaeftsfuehrer: Dirk Fox - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: crypto component services - is there a market?
Ian, Stefan is talking about Germany which has issued a plethora of recommendations, laws and what-not to cause ecommerce to leap into life. Unfortunately, they did not understand, and electronic documents are much much harder to do in these environments, with no general added benefit and lots of downside. Moreoever, some other countries blindly copied what the Germans did, thinking that would be a good idea. The Austrians made some of the exact same mistakes but seem to have learned faster than the Germans. The German rules have defied, there is no easy way to get into them ... at least, the Germans have sworn to me it is impossible... Sad but true. This year'll mark the 10th anniversary of our signature law. I reckon nobody will be celebrating that event... Qualified certificates are defined in the European Digital Signature Directive, which is an over-arching design for all the EU countries to pass into local law. Yes, this has already happened and has even been evaluated by the European Commission in 2003: http://www.law.kuleuven.ac.be/icri/itl/elsig.php http://www.secorvo.de/publikationen/electronic-sig-report.pdf It's only under the German code where they try and define it all, as far as I can see. We are talking about a country where they tried to tax servers so as to pay for their TV... Yeah, bloody Germans... :-) Cheers, Stefan. T.I.S.P. - Lassen Sie Ihre Qualifikation zertifizieren vom 25.-30.06.2007 - http://www.secorvo.de/college/tisp/ Stefan Kelm Security Consultant Secorvo Security Consulting GmbH Ettlinger Strasse 12-14, D-76137 Karlsruhe Tel. +49 721 255171-304, Fax +49 721 255171-100 [EMAIL PROTECTED], http://www.secorvo.de/ PGP: 87AE E858 CCBC C3A2 E633 D139 B0D9 212B Mannheim HRB 108319, Geschaeftsfuehrer: Dirk Fox - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: crypto component services - is there a market?
Nicholas, Stefan is talking about Germany I realise that, but he said Europe, so I felt a UK counter-example was in order! Point taken. :) However, there are other countries w/ similar rules. Qualified certificates are defined in the European Digital Signature Directive, which is an over-arching design for all the EU countries to pass into local law. Basically, they are personal smart cards operating under (harsh and uneconomic) secure conditions, because they really tried hard to make the results like human signatures. As I read it, the cards are the so-called secure signature creation devices, while the certificates are, well, just certificates. Yep. I received and continue to receive electronic invoices from time to time, but none appear to be digitally signed, nor have I seen evidence of time-stamping in operation. UK probably ignored the whole thing. More power to them. Under Anglo common law this is not an issue, as long as there is a lightweight digsig model shall not be denied legal standing solely on the basis that it is a digsig. Well, we implemented the Directive, which didn't require much change to the law, as you note. But there has been little take-up for a solution in search of a problem. There's another EU Diretive on simplifying, modernising and harmonising the conditions laid down for invoicing in respect of value added tax. Invoices sent by electronic means shall be accepted by Member States provided that the authenticity of the origin and integrity of the contents are guaranteed: - by means of an advanced electronic signature within the meaning of Article 2(2) of Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures; Member States may however ask for the advanced electronic signature to be based on a qualified certificate and created by a secure-signature- creation device, within the meaning of Article 2(6) and (10) of the aforementioned Directive; That's the one I was talking about earlier. eInvoicing slowly seems to take off in a few european countries. I have no idea as to how this Directive has been transposed into UK law, though. Cheers, Stefan. T.I.S.P. - Lassen Sie Ihre Qualifikation zertifizieren vom 25.-30.06.2007 - http://www.secorvo.de/college/tisp/ Stefan Kelm Security Consultant Secorvo Security Consulting GmbH Ettlinger Strasse 12-14, D-76137 Karlsruhe Tel. +49 721 255171-304, Fax +49 721 255171-100 [EMAIL PROTECTED], http://www.secorvo.de/ PGP: 87AE E858 CCBC C3A2 E633 D139 B0D9 212B Mannheim HRB 108319, Geschaeftsfuehrer: Dirk Fox - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: crypto component services - is there a market?
Ian, Hmmm... last I heard, qualified certificates can only be issued to individuals, and invoicing (of the e-form that the regulations speak) can only be done by VAT-registered companies. True. Is that not the case? How is Germany resolving the contradictions? By using pseudonyms within the certificate's common name. This is not only done in Germany but in other countries as well. Even CAs (and, at least in Germany, the root CA) are being issued qualified certificates, thus they need to use pseudonyms. The timestamping service by Deutsche Post, e.g., has a qualified certificate with the following DN: Subject DN : CN = TSS DP Com 31:PN OU = Signtrust O = Deutsche Post Com GmbH C = DE Since electronic invoices need to be archived in most countries some vendors apply time-stamps and recommend to re-apply time-stamps from time to time. Easier to invoice with paper! potentially much more expensive, though. Cheers, Stefan. T.I.S.P. - Lassen Sie Ihre Qualifikation zertifizieren vom 25.-30.06.2007 - http://www.secorvo.de/college/tisp/ Stefan Kelm Security Consultant Secorvo Security Consulting GmbH Ettlinger Strasse 12-14, D-76137 Karlsruhe Tel. +49 721 255171-304, Fax +49 721 255171-100 [EMAIL PROTECTED], http://www.secorvo.de/ PGP: 87AE E858 CCBC C3A2 E633 D139 B0D9 212B Mannheim HRB 108319, Geschaeftsfuehrer: Dirk Fox - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: crypto component services - is there a market?
Same with digital timestamping. Here in Europe, e-invoicing very slowly seems to be becoming a (or should I say the?) long-awaited application for (qualified) electronic signatures. Since electronic invoices need to be archived in most countries some vendors apply time-stamps and recommend to re-apply time-stamps from time to time. Cheers, Stefan. T.I.S.P. - Lassen Sie Ihre Qualifikation zertifizieren vom 25.-30.06.2007 - http://www.secorvo.de/college/tisp/ Stefan Kelm Security Consultant Secorvo Security Consulting GmbH Ettlinger Strasse 12-14, D-76137 Karlsruhe Tel. +49 721 255171-304, Fax +49 721 255171-100 [EMAIL PROTECTED], http://www.secorvo.de/ PGP: 87AE E858 CCBC C3A2 E633 D139 B0D9 212B Mannheim HRB 108319, Geschaeftsfuehrer: Dirk Fox - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Voice phishing
Hi-tech fraudsters have begun using recorded telephone messages in a bid to trick users into handing over confidential account information. The tactic has been adopted as a variant of recently detected phishing attacks targeting customers of the Santa Barbara Bank Trust. Cloudmark had a similar press release a while ago: http://www.cloudmark.com/press/releases/?release=2006-04-25-2 Cheers, Stefan. Stefan Kelm Security Consultant Secorvo Security Consulting GmbH Ettlinger Strasse 12-14, D-76137 Karlsruhe Tel. +49 721 255171-304, Fax +49 721 255171-100 [EMAIL PROTECTED], http://www.secorvo.de/ --- PGP Fingerprint 87AE E858 CCBC C3A2 E633 D139 B0D9 212B - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Deal on EU data retention law
[http://www.europarl.eu.int/news/expert/infopress_page/019-3536-348-12-50-902-20051206IPR03225-14-12-2005-2005--false/default_en.htm] Deal on EU data retention law The European Parliament adopted today by 378 votes in favour, 197 against and 30 abstentions a directive on data retention in first reading. The final text negotiated beforehand with the Council aims to facilitate judicial co-operation in criminal matters by approximating Member States' legislation on the retention of data processed by telecommunications companies. The directive covers traffic and location data generated by telephony, SMS and internet, but not the content of the information communicated. The new EU law will help national authorities to track down possible criminals and terrorists by granting them access to a list of all telephone calls, SMS or Internet connections made by suspects during the previous few months. The amendments finally adopted were a compromise between the PES and EPP groups with the Council and differed in some key points to the draft directive adopted initially by the Civil Liberties Committee. The GUE, Greens and UEN groups and some members from the ALDE group voted against the directive in the final vote. Alexander Nuno ALVARO (ALDE, DE) was unhappy with the result of the compromise adopted and withdrew his name as rapporteur. Limited access to data In the final text adopted, Parliament is proposing a number of amendments to the Commission text to restrict the use of retained data and ensure that the future law fully respects the privacy of the telephone and internet users. On the aim of the directive, MEPs agree with the need to retain data for the detection, investigation and prosecution of crime, but only for “specified forms” of serious criminal offences (terrorism and organised crime), and not for the mere “prevention” of all kinds of crime. MEPs feel that the concept of prevention is too vague and could lead to abuse of the system from national authorities. The directive will provide for data to be retained by the telecommunications companies for a minimum of six months and a maximum of 24. MEPs also added a provision for “effective, proportionate and dissuasive” penal sanctions for companies who fail to store the data or misuse the retained information. Only the competent authorities determined by Member States should have access to the retained data from phone or internet providers. Furthermore, each national government will designate an independent authority responsible for monitoring the use of the data. MEPs also establish that access to retained data should be limited to specific purpose and on a case by case basis (push system): each time, the authorities would need to request to the telecom company that the data related to a concrete suspect, instead of having granted access to the whole database. As for the type of data to be retained, MEPs finally supported the registration of location data on calls, SMS and internet use, including unsuccessful calls. This point was controversial due to the fact that telecom companies do not currently register lost calls for billing purposes and so to do this using new technologies would be expensive. Spanish MEPs strongly supported the Council position to include the retention of unsuccessful calls, since the terrorist attacks in Madrid were prosecuted thanks to the investigation of specific lost calls from mobile phones. Who foots the bill? Finally, MEPs decided to delete the paragraph in which it was mandatory for Member States to reimburse telecom companies for all additional costs of retention, storage and transmission of data. In the draft directive adopted by the Civil Liberties Committee, MEPs had initially called for the full reimbursement of costs. --- Stefan Kelm Security Consultant Secorvo Security Consulting GmbH Ettlinger Strasse 12-14, D-76137 Karlsruhe Tel. +49 721 255171-304, Fax +49 721 255171-100 [EMAIL PROTECTED], http://www.secorvo.de/ --- PGP Fingerprint 87AE E858 CCBC C3A2 E633 D139 B0D9 212B - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: [Clips] The summer of PKI love
On the token front, we're still unfortunately waiting for the ideal key storage device. USB tokens, smart cards, and cell phones are all candidates, and the pros and cons of these options form a complex matrix. Universities tend to prefer the USB approach because the tokens work with PCs and Macs that can't easily be outfitted with card readers. On that subject I highly recommend a report very recently published by DFN-CERT and SurfNET. http://www.dfn-pca.de/bibliothek/reports/pki-token/ : Abstract The usage of X.509 certificates and related PKI techniques is getting more and more common. It enables users to sign and encrypt messages, to use secure communication channels for internet communication and to authenticate themselves to all kind of network services. The overall level of security for the usage of public key cryptography depends heavily on that of the private key, which is usually installed on the local host of the user. This poses not only a security risk but it does also restrict the increasing user demand for mobility. A solution to these problems can be smart cards and USB-tokens, which store private keys in such a way that they cannot be retrieved from these. Instead data can be send to these devices and is being processed, decrypted or signed, by the device itself and only then the results are provided by these devices for further processing. These devices are very promising for the widespread usage of PKI. In a PC- dominated world the USB-tokens have the advantage, that no additional reader is necessary to use them even on foreign hosts. Both types of devices, smart cards and USB-tokens, still need support by the underlying operating systems and by the used applications. This makes it very difficult to decide which token may be successfully used in any given environment and will meet the demands of the applications and indented usage. This report tries to ease the decision process when selecting a token for a particular environment and platform. For this purpose a number of the available tokens were tested together with the most common applications on the most commonly used operating systems. A reproduceable test framework was established to ensure the comparability and re-usability of these tests. Overall it is safe to say in a homogenous environment with commonly used applications the tested tokens perform well. Nevertheless rolling out tokens on a large scale is still not something to be undertaken on a friday afternoon. [snip] Cheers, Stefan. --- Stefan Kelm Security Consultant Secorvo Security Consulting GmbH Ettlinger Straße 12-14, D-76137 Karlsruhe Tel. +49 721 255171-304, Fax +49 721 255171-100 [EMAIL PROTECTED], http://www.secorvo.de/ --- PGP Fingerprint 87AE E858 CCBC C3A2 E633 D139 B0D9 212B - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: NY Times article on biometrics and border control
Hurdles for High-Tech Efforts to Track Who Crosses Borders By ERIC LIPTON The government's effort to collect biometric data to track foreigners visiting the U.S. has fallen far short of its goals. Well, this article is somewhat blurry. They start by Hoping to block the entry of criminals and terrorists whereas even immigration officers agree that that's not one of their goals. Fortunately, they then cite some politician: When it's all in place, there's still no real additional security or at least it's of marginal value which is, as we all know, correct. BTW, on some airports DHS does indeed take one's fingerprint and photos when leaving the country. They currently do so at Baltimore for example. What worries me is that all the information collected can be, and will be, misused eventually. What worries me even more is that the europeans now feel under pressure and happily will introduce the very same crap. Cheers, Stefan. --- Stefan Kelm Security Consultant Secorvo Security Consulting GmbH Ettlinger Straße 12-14, D-76137 Karlsruhe Tel. +49 721 255171-304, Fax +49 721 255171-100 [EMAIL PROTECTED], http://www.secorvo.de/ --- PGP Fingerprint 87AE E858 CCBC C3A2 E633 D139 B0D9 212B - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: UK EU presidency aims for Europe-wide biometric ID card
when we were called into help word-smith the cal. state and later the fed. electronic signature law ... a lot of effort went into making the wording technology agnostic as well as trying to avoid confusing authentication and identification. We've been discussing those very same topics within Europe for many years now. When some EU Member States (Germany, Austria, ...) already had very stringent signature laws the EU was kind of forced to act. They tried to enact a signature directive which they thought would be as technology neutral as possible. And although that approach seemed to be a good one they failed: they were overambitious wrt certain issues, what's more the implementation of the directive into national legislation lead to 20+ different EU signature laws: http://www.pki-page.info/eu/ In 2003 we wrote a report for the European Commission, trying to compare the situation throughout the Member States as well as focussing on practical applications: http://www.law.kuleuven.ac.be/icri/itl/elsig.php http://www.secorvo.de/publikationen/electronic-sig-report.pdf Cheers, Stefan. --- Stefan Kelm Security Consultant Secorvo Security Consulting GmbH Ettlinger Straße 12-14, D-76137 Karlsruhe Tel. +49 721 255171-304, Fax +49 721 255171-100 [EMAIL PROTECTED], http://www.secorvo.de/ --- PGP Fingerprint 87AE E858 CCBC C3A2 E633 D139 B0D9 212B - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: [Forwarded] RealID: How to become an unperson.
Isn't that ridiculous? In the USA where they allegedly don't have ID cards you are approx. more than 20 times as often asked for a picture ID than in Germany where we have ID cards officially. True. But funny, isn't it: I always enjoy looking at the most puzzled facial expression of some twenty-odd year old selling beer at a football game trying to understand my german passport. They give up eventually, selling me what I wanted... :-) (asking me for an ID is absolutely ludicrous in the first place since I've been looking older than 21 for decades now...) Cheers, Stefan. --- Stefan Kelm Security Consultant Secorvo Security Consulting GmbH Ettlinger Straße 12-14, D-76137 Karlsruhe Tel. +49 721 255171-304, Fax +49 721 255171-100 [EMAIL PROTECTED], http://www.secorvo.de/ --- PGP Fingerprint 87AE E858 CCBC C3A2 E633 D139 B0D9 212B - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Many Wireless Security Breaches Reported At (RSA) Security Conference
(As I've said many times, security breaches reported at conferences full of security people don't count as a predictor of what's out in the real world as a threat. But, it makes for interesting reading and establishes some metric on the ease of the attack. iang) I also recommend the brief discussion between Marcus Ranum and Bill Cheswick on the very same topic in the aftermath of the recent USENIX Security Symposium: http://www.usenix.org/publications/login/2004-12/openpdfs/wireless.pdf Cheers, Stefan. Unsere Anschrift und Telefonnummer haben sich geaendert! Stefan Kelm Security Consultant Secorvo Security Consulting GmbH Ettlinger Straße 12-14, D-76137 Karlsruhe Tel. +49 721 255171-304, Fax +49 721 255171-100 [EMAIL PROTECTED], http://www.secorvo.de/ --- PGP Fingerprint 87AE E858 CCBC C3A2 E633 D139 B0D9 212B - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
(Fwd) OpenPGP flaw prompts quick fix
http://www.pgp.com/library/ctocorner/openpgp.html 10 Feb 2005 Today, cryptographers Serge Mister and Robert Zuccherato from Entrust released a paper outlining an attack on the way OpenPGP does symmetric cryptography. They have been kind enough to give the OpenPGP community advance notice of their paper, and it is thus the subject of this CTO Corner article, which I'm writing in cooperation with David Shaw of Gnu Privacy Guard (GnuPG), Brian Smith of Hush Communications, Derek Atkins of the OpenPGP Working Group, and Phil Zimmermann. In it, we'll discuss: - What this discovery means to OpenPGP users - Details of the attack and how it works - What software and standards developers are doing about it We in the OpenPGP community feel strongly about the quality of our work and appreciate the trust the world places in us. OpenPGP is arguably the most used and most relied-upon cryptosystem for messages and files. Consequently, it is our obligation to describe any problems with the standard and proposed resolution of those problems. [...] Unsere Anschrift und Telefonnummer haben sich geaendert! Stefan Kelm Security Consultant Secorvo Security Consulting GmbH Ettlinger Straße 12-14, D-76137 Karlsruhe Tel. +49 721 255171-304, Fax +49 721 255171-100 [EMAIL PROTECTED], http://www.secorvo.de/ --- PGP Fingerprint 87AE E858 CCBC C3A2 E633 D139 B0D9 212B - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Non-repudiation (was RE: The PAIN mnemonic)
Let's just leave the term non-repudiation to be used by people who don't understand security, but rather mouth things they've read in books that others claim are authoritative. There are lots of those books listing non-repudiation as a feature of public key cryptography, for example, and many listing it as an essential security characteristic. All of that is wrong, of course, but it's a test for the reader to see through it. Ah. That's why they're trying to rename the corresponding keyUsage bit to contentCommitment then: http://www.pki-page.info/download/N12599.doc :-) Cheers, Stefan. --- Dipl.-Inform. Stefan Kelm Security Consultant Secorvo Security Consulting GmbH Albert-Nestler-Strasse 9, D-76131 Karlsruhe Tel. +49 721 6105-461, Fax +49 721 6105-455 E-Mail [EMAIL PROTECTED], http://www.secorvo.de --- PGP Fingerprint 87AE E858 CCBC C3A2 E633 D139 B0D9 212B - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
(Fwd) IPsec interoperability testing event
FYI ( from http://www.cenorm.be/isss/newsletter/ ): --- Forwarded message follows --- ETSI interoperability testing event for IPsec on 21-25 July 2003 The European Telecommunications Standards Institute's (ETSI) Plugtests service is mounting its first interoperability testing event for IPsec, the increasingly popular security protocol which aims to protect information exchanges at the Internet Protocol (IP) layer. Companies involved in IPsec implementation and providers of Public Key Infrastructures (PKI) will meet at ETSI headquarters in Sophia Antipolis in the South of France, from 21-25 July 2003, to improve interoperability between their implementations. By bringing together engineers from competing organizations in a multi-vendor environment, this event will provide an invaluable opportunity to identify and rectify any interoperability problems before products hit the market place. IPsec's potential contribution to the security of the information infrastructure is now widely recognized, and its development has recently been attracting considerable interest globally as the use of IP in company networks and for sensitive applications increases. Defined by the Internet Engineering Task Force (IETF), its various security services include the guarantee of authenticity and confidentiality of data. The deadline for registration is 6 July 2003. Further information about this event is available at: www.etsi.org/plugtests/home.htm --- End of forwarded message --- --- Dipl.-Inform. Stefan Kelm Security Consultant Secorvo Security Consulting GmbH Albert-Nestler-Strasse 9, D-76131 Karlsruhe Tel. +49 721 6105-461, Fax +49 721 6105-455 E-Mail [EMAIL PROTECTED], http://www.secorvo.de --- PGP Fingerprint 87AE E858 CCBC C3A2 E633 D139 B0D9 212B - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: The meat with multiple PGP subkeys
David, A reasonable question would be Why don't all the PKS operators replace their server with SKS or something else?. I don't have a good answer to that. It's certainly been asked.[3] ...and has been answered a number of times. The thing is (and most people seem to forget about this now and then) that most, if not all, of the pgp.net server operators do run their servers in their spare time. Since pksd has a long history of not being overly stable one is happy once the server is up and running. Thus, the never-change-a-running-system paradigm is being lived in this realm. Cheers, Stefan. Security Awareness Symposium - 24.-25.06.2003, Karlsruhe http://www.security-awareness-symposium.de/ Dipl.-Inform. Stefan Kelm Security Consultant Secorvo Security Consulting GmbH Albert-Nestler-Strasse 9, D-76131 Karlsruhe Tel. +49 721 6105-461, Fax +49 721 6105-455 E-Mail [EMAIL PROTECTED], http://www.secorvo.de/ --- PGP Fingerprint 87AE E858 CCBC C3A2 E633 D139 B0D9 212B - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Wildcard Certs
Martin, Are wildcard certficates good? secure? useful? There's a problem with wildcard certs wrt how URLs are being displayed in many of the browsers, esp. the older ones. If the host name is extremely long the browser will be unable to show the complete URL to the user, with some browsers even inserting ... into the address window. Now, suppose I buy a certificate for *.i-am-bad.com (assuming that I'm the owner of that domain). I could then set up an SSL server with a hostname of something like www.security-products.microsoft.com.order.registration.checkout.user- support.i-am-bad.com hoping that the browser will only display the more familiar looking parts of the URL to the user who in turn will happily accept the certificate. You get the idea. Cheers, Stefan. Security Awareness Symposium - 24.-25.06.2003, Karlsruhe http://www.security-awareness-symposium.de/ Dipl.-Inform. Stefan Kelm Security Consultant Secorvo Security Consulting GmbH Albert-Nestler-Strasse 9, D-76131 Karlsruhe Tel. +49 721 6105-461, Fax +49 721 6105-455 E-Mail [EMAIL PROTECTED], http://www.secorvo.de/ --- PGP Fingerprint 87AE E858 CCBC C3A2 E633 D139 B0D9 212B - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]