Re: EZ Pass and the fast lane ....

2004-07-09 Thread Ian Grigg
Date: Fri, 2 Jul 2004 21:34:20 -0400 From: Dave Emery [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: EZ Pass and the fast lane No mention is made of encryption or challenge response authentication but I guess that may or may not be part of the design (one would think it had better

Can crypto help against Phishing, Spoofing and Spamming...

2004-07-09 Thread Amir Herzberg
Reminder: following lots of discussion on this list, I wrote proposals on how crypto can help solve phishing, spoofing and spamming problems. Apparently few had problems downloading the PDF files from our (BIU) site. so I've put both papers in ecrypt (which I believe is more reliable), and

Re: Question on the state of the security industry (second half not necessarily on topic)

2004-07-09 Thread Matt Blaze
On Jul 3, 2004, at 14:22, Dave Howe wrote: Well if nothing else, it is impossible for my bank to send me anything I would believe via email now To take this even slightly more on-topic - does anyone here have a bank capable of authenticating themselves to you when they ring you? I have had

Re: Using crypto against Phishing, Spoofing and Spamming...

2004-07-09 Thread Anne Lynn Wheeler
At 10:40 AM 7/7/2004, Hal Finney wrote: SET failed due to the complexity of distributing the software and setting up the credentials. I think another reason was the go-fast atmosphere of the late 90s, where no one wanted to slow down the growth of ecommerce. The path of least resistance was

Mark Shuttleworth On Open Source

2004-07-09 Thread Ian Grigg
Security Theatre: From the man who made hundreds of millions selling signatures on your keys: -- It is your data, why do you have to pay a licence fee for the application needed to access the data? -- Mark Shuttleworth http://www.tectonic.co.za/default.php?action=viewid=309topic=Open%20Source

RE: identification + Re: authentication and authorization

2004-07-09 Thread Anton Stiglic
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ed Gerck Sent: 7 juillet 2004 14:46 To: [EMAIL PROTECTED] Subject: identification + Re: authentication and authorization I believe that a significant part of the problems discussed here is that the three

Re: identification + Re: authentication and authorization

2004-07-09 Thread Aram Perez
Hi Ed and others, Like usual, you present some very interesting ideas and thoughts. The problem is that while we techies can discuss the identity theft definition until we are blue in the face, the general public doesn't understand all the fine subtleties. Witness the (quite amusing) TV ads by

Re: Using crypto against Phishing, Spoofing and Spamming...

2004-07-09 Thread Anne Lynn Wheeler
At 10:40 AM 7/7/2004, Hal Finney wrote: SET failed due to the complexity of distributing the software and setting up the credentials. I think another reason was the go-fast atmosphere of the late 90s, where no one wanted to slow down the growth of ecommerce. The path of least resistance was

Re: EZ Pass and the fast lane ....

2004-07-09 Thread John Gilmore
It would be relatively easy to catch someone doing this - just cross-correlate with other information (address of home and work) and then photograph the car at the on-ramp. Am I missing something? It seems to me that EZ Pass spoofing should become as popular as cellphone cloning, until they

Re: EZ Pass and the fast lane ....

2004-07-09 Thread Ian Grigg
John Gilmore wrote: It would be relatively easy to catch someone doing this - just cross-correlate with other information (address of home and work) and then photograph the car at the on-ramp. Am I missing something? It seems to me that EZ Pass spoofing should become as popular as cellphone

Re: EZ Pass and the fast lane ....

2004-07-09 Thread John Gilmore
[By the way, [EMAIL PROTECTED] is being left out of this conversation, by his own configuration, because his site censors all emails from me. --gnu] Well, I am presuming that ... the EZ Pass does have an account number, right? And then, the car does have a licence place? So, just correlate

Re: identification + Re: authentication and authorization

2004-07-09 Thread Ed Gerck
Aram Perez wrote: Hi Ed and others, Like usual, you present some very interesting ideas and thoughts. The problem is that while we techies can discuss the identity theft definition until we are blue in the face, the general public doesn't understand all the fine subtleties. Witness the (quite