Olle Mulmo wrote:
> On Jun 4, 2005, at 14:12, Thomas Lakofski wrote:
Wrote? Well, quoted...
>> Finally, the PIN length ranges from 8 to 128 bits. Most manufacturers
>> use a 4 digit PIN and supply it with the device. Obviously, customers
>> should demand the ability to use longer PINs.
>
> Corre
On Jun 4, 2005, at 14:12, Thomas Lakofski wrote:
Finally, the PIN length ranges from 8 to 128 bits. Most manufacturers
use a 4 digit PIN and supply it with the device. Obviously, customers
should demand the ability to use longer PINs.
Correction: Most manufacturers hardcode the 4-digit PIN t
Perry E. Metzger wrote:
> Matt Crawford <[EMAIL PROTECTED]> writes:
>
>>On Jun 3, 2005, at 11:55, Perry E. Metzger wrote:
>>
>>>2) They also have a way of forcing pairing to happen, by impersonating
>>> one of the devices and saying "oops! I need to pair again!" to the
>>> other.
>>
>>Do the d
--
James A. Donald wrote:
> > The way to beat session fixation is to issue a
> > privileged and impossible to predict session ID in
> > response to a correct login.
> >
> > If, however, you grant privileges to a session ID on
> > the basis of a successful login, which is in fact
> > the usu
one of the articles from a couple months ago about what happens if too
many people shift into a priority queue. note that it is somewhat
cheaper to let a few people to pay to go to the head of the screening
line ... so that their queueing wait is reduced. It is a lot more
expensive to install s
Matt Crawford <[EMAIL PROTECTED]> writes:
> On Jun 3, 2005, at 11:55, Perry E. Metzger wrote:
> > 2) They also have a way of forcing pairing to happen, by impersonating
> >one of the devices and saying "oops! I need to pair again!" to the
> >other.
>
> Do the devices then pair again withou
On Thursday 02 June 2005 13:50, Steve Furlong wrote:
> On 5/31/05, Ian G <[EMAIL PROTECTED]> wrote:
> > I don't agree with your conclusion that hiding algorithms
> > is a requirement. I think there is a much better direction:
> > spread more algorithms. If everyone is using crypto then
> > how ca
James A. Donald wrote:
--
James A. Donald:
PKI was designed to defeat man in the middle attacks
based on network sniffing, or DNS hijacking, which
turned out to be less of a threat than expected.
However, the session fixation bugs
http://www.acros.si/papers/session_fixation.pdf make
ht
List,
In the following link is an opinion about the espionage act discovered in
Israel a week ago.
In short: This case is probably one of dozens, but the only one that was
discovered probably due to three non-typical mistakes that were done.
http://www.hbarel.com/Blog/entry0004.html
Hagai.