In Hong Kong a lot of people do little more than wave their bags at the
turnstile. Removing the wallet and revealing its size is unnecessary.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Ben Laurie
> Sent: Tuesday, 12 July 2005 8:14 PM
> To: Pe
On Tue, Jul 12, 2005 at 02:48:02PM -0700, Bill Stewart wrote:
| At 09:29 PM 7/9/2005, Perry E. Metzger wrote:
| >The Blue Card, so far as I can tell, was poorly thought out beyond its
| >marketing potential. I knew some folks at Amex involved in the
| >development of the system, and I did not get t
I am reminded of a passage from Buffy the Vampire Slayer.
In the episode "Lie to Me":
BILLY FORDHAM: I know who you are.
SPIKE: I know who I am, too. So what?
My point here is that knowing who I am shouldn't be a
crime, nor should it contribute to enabling any crime.
Suppose you k
At 09:29 PM 7/9/2005, Perry E. Metzger wrote:
The Blue Card, so far as I can tell, was poorly thought out beyond its
marketing potential. I knew some folks at Amex involved in the
development of the system, and I did not get the impression they had
much of a coherent idea of what the technologies
Perry Metzger wrote:
> So, the next time one of your friends in Germany asks why the crazy
> Americans think ID cards and such are a bad thing, remember my
> father, and remember all the people like him who fled to the US over
> the last couple hundred years and who left children that still
> remem
Ben Laurie <[EMAIL PROTECTED]> writes:
> Perry E. Metzger wrote:
>> Anonymity is a concern to me, too, but I suspect that it is hard to
>> get anonymity in a credit card transaction using current means, even
>> if the merchant isn't online. Pseudonymity, perhaps.
>
> Can we not aim higher than mer
Perry E. Metzger wrote:
> Ah, I see what you mean.
>
> Sadly, I don't think there is much to be done about that, but I think
> that (personally) I'd only end up with two of the things. If they can
> be made credit card sized, I don't see this as worse than what I have
> to carry now.
there are a
Perry E. Metzger wrote:
> By the way, I note as an aside that this also means (in my opinion)
> that certificates are no longer an interesting technology for
> payments protocols, because in a purely online environment, you
> never need a third party x.509 certificate in the course of the
> payment
>It appears to be a contactless smart card/RFID that uses the
>ISO 14443 standard for the RF interface. There is some documentation
>available, unfortunately most of it restricted to licensees.
ISO 14443 details can be found at http://www.jayacard.org/14443/
Note that a few of the files are MS
Perry E. Metzger wrote:
Anonymity is a concern to me, too, but I suspect that it is hard to
get anonymity in a credit card transaction using current means, even
if the merchant isn't online. Pseudonymity, perhaps.
Can we not aim higher than merely doing as badly as current systems do?
--
>>>Ap
Ben Laurie <[EMAIL PROTECTED]> writes:
>>>Not entirely clear what you mean by the "issuing bank" here, but I'm
>>>hoping you don't mean that the bank issues the device - that would be
>>>very tedious.
>>
>> Tedium is something that computers do very well. They don't care
>> about how much work the
Perry E. Metzger wrote:
Ben Laurie <[EMAIL PROTECTED]> writes:
That could be fixed. I think the right design for such a device has
it only respond to signed and encrypted requests from the issuing
bank directed at the specific device, and only make signed and
encrypted replies directed only at
In Brazil there's alot of trojans similar to the one Steven mentioned,
almost all of them targeted at diferent national banks.
A while back they worked as "external pop-ups" as we named them. That is
they appeared on top of the browser appearing visually like when you are
asked for your cred
Ben Laurie <[EMAIL PROTECTED]> writes:
>> That could be fixed. I think the right design for such a device has
>> it only respond to signed and encrypted requests from the issuing
>> bank directed at the specific device, and only make signed and
>> encrypted replies directed only at the specific is
Peter Fairbrother wrote:
Florian Weimer wrote:
* David Alexander Molnar:
Actually, smart cards are here today. My local movie theatre in Berkeley,
California is participating in a trial for "MasterCard PayPass." There is
a little antenna at the window; apparently you can just wave your card
Perry E. Metzger wrote:
Florian Weimer <[EMAIL PROTECTED]> writes:
* Perry E. Metzger:
Nick Owen <[EMAIL PROTECTED]> writes:
It would seem simple to thwart such a trojan with strong authentication
simply by requiring a second one-time passcode to validate the
transaction itself in addition
Jason Holt wrote:
On Mon, 11 Jul 2005, Lance James wrote:
[...]
place to fend off these attacks. Soon phishers will just use the site
itself to phish users, pushing away the dependency on tricking the
user with a "spoofed" or "mirrored" site.
[...]
You dismiss too much with your "just".
Eric Rescorla wrote, on July 1:
> There's an interesting paper up on eprint now:
> http://eprint.iacr.org/2005/205
>
> Another look at HMQV
> Alfred Menezes
...
> In this paper we demonstrate that HMQV is insecure by presenting
> realistic attacks in the Canetti-Krawczyk mo
Well, whether you like the cell phone as
the out-of-band second-factor, you can now
unlock your front door with it...
http://weblog.physorg.com/news2334.html
--dan
-
The Cryptography Mailing List
Unsubscribe by sending "unsubs
--
Adam Fields <[EMAIL PROTECTED]>
> But it's so much worse than that. Not only is there no
> standard behavior, the credit companies themselves
> have seemingly gone out of their way to make it
> impossible for there to be any potential for a
> standard.
Widely shared secrets are inherently
On Mon, 11 Jul 2005, Lance James wrote:
[...]
place to fend off these attacks. Soon phishers will just use the site itself
to phish users, pushing away the dependency on tricking the user with a
"spoofed" or "mirrored" site.
[...]
You dismiss too much with your "just". They already do attack
21 matches
Mail list logo