On 2010 Sep 24, at 12:47 , Steven Bellovin wrote:
> Per
> http://news.softpedia.com/news/New-Trojan-Steals-Digital-Certificates-157442.shtml
> there's a new Trojan out there that looks for a steals Cert_*.p12 files --
> certificates with private keys. Since the private keys are
> password-pr
http://www.boingboing.net/2010/09/27/obama-administration.html
A good first point of interest clearinghouse site for the issue can be found
on Boing Boing.
It points to a Green Greenwald article on Salon and the ACLU.
There's also a nice piece at the Cato Institute
http://www.cato-at-liberty.org
http://www.spiegel.de/international/germany/0,1518,druck-719726,00.html
09/27/2010 11:23 AM
Recruited by West Germany
Former Stasi Cryptographers Now Develop Technology for NATO
By Marcel Rosenbach and Holger Stark
After the fall of the Berlin Wall, the West Germans were desperate to prevent
Peter Gutmann wrote:
> Tom Ritter writes:
>
>> What's weird is I find confusing literature about what *is* the default for
>> protecting the viewstate.
>
> I still haven't seen the paper/slides from the talk so it's a bit hard to
> comment on the specifics, but if you're using .NET's FormsAuthen
Per
http://news.softpedia.com/news/New-Trojan-Steals-Digital-Certificates-157442.shtml
there's a new Trojan out there that looks for a steals Cert_*.p12 files --
certificates with private keys. Since the private keys are password-protected,
it thoughtfully installs a keystroke logger as well..
ANNOUNCING Tahoe, the Least-Authority File System, v1.8.0
The Tahoe-LAFS team is pleased to announce the immediate
availability of version 1.8.0 of Tahoe-LAFS, an extremely
reliable distributed storage system. Get it here:
http://tahoe-lafs.org/source/tahoe/trunk/docs/quickstart.html
Tahoe-LAFS
--- Start of forwarded message ---
Date: Thu, 23 Sep 2010 13:00:27 -0400 (EDT)
From: Sven Dietrich
Subject: WECSR 2011 CFP - Deadline Oct 15, 2010 - please disseminate
Source is at: http://www.cs.stevens.edu/~spock/wecsr2011/cfp.html
Call for Papers
2nd Workshop on Ethics in Computer Se
Does anyone know of any ciphers where bits of keys modify the control path,
rather than just data operations? Yes, I know that that's a slippery concept,
since ultimately things like addition and multiplication can be implemented
with loops in the hardware or firmware. I also suspect that it's
* Adam Fields:
> I find it hard to believe that even the most uninformed dissidents
> would be using an untested, unaudited, _beta_, __foreign__ new service
> for anything. Is there any reason to believe otherwise?
I wouldn't be surprised if there are plenty such tools in circulation
which are us
I don't know anything beyond this this news story, but interesting...
http://www.praguemonitor.com/2010/09/14/mfd-bis-offers-tax-free-money-encryption-system
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryp
On Fri, 17 Sep 2010, Steven Bellovin wrote:
On Sep 17, 2010, at 4:53 51AM, Peter Gutmann wrote:
From the ukcrypto mailing list:
AIUI, and I may be wrong, the purpose of activation is to prevent lost-in-
the-post theft/fraud - so what do they need details which a thief who has
the card in his
On Wed, Sep 15, 2010 at 11:07 AM, Peter Gutmann
wrote:
> Tom Ritter writes:
>
>>What's weird is I find confusing literature about what *is* the default for
>>protecting the viewstate.
>
> I still haven't seen the paper/slides from the talk so it's a bit hard to
> comment on the specifics, but if
> I don't know how NZ banks do it; in the US, they use the phone
> number you're calling from. Yes, it's spoofable, but most folks (a)
> don't know it, and (b) don't know how.
No, they don't use the phone number to validate anything. I routinely
ignore the instructions to "call from your home ph
On 17 Sep 2010 at 20:53, Peter Gutmann wrote:
> >From the ukcrypto mailing list:
>
> Just had a new Lloyds credit card delivered, it had a sticker saying I have
> to call a number to activate it. I call, it's an automated system.
>
> It asks for the card number, fair enough. It asks for th
I said (something like) this when Haystack first appeared on this
list...
Words "dissidents" and "oppressive regimes" have no place in
serious discussions among cryptographers. Once we start assigning
ethical categorizations to those that protect and those that attack
(data files, communications
On 28/09/10 1:26 AM, Perry E. Metzger wrote:
> From the New York Times, word that the Obama administration wants to
> compel access to encrypted communications.
>
> http://www.nytimes.com/2010/09/27/us/27wiretap.html
Someone should beat up the FBI for using specious arguments:
> But as an examp
>From the New York Times, word that the Obama administration wants
>to compel access to encrypted communications.
>http://www.nytimes.com/2010/09/27/us/27wiretap.html
...
I expect this law to be, overall, counterproductive.
From the information given in the NYT article, I conclude that
the law
[Moderator's note: there are messages still in the queue that will go
out later today, but I felt this had to go out ASAP --Perry]
From the New York Times, word that the Obama administration wants to
compel access to encrypted communications.
http://www.nytimes.com/2010/09/27/us/27wiretap.html
18 matches
Mail list logo