fyi: Fingerprinting CPUs

2005-02-10 Thread Jeff . Hodges
of possible interest to denizens hereabouts... JeffH From: David Farber <[EMAIL PROTECTED]> Subject: [IP] Fingerprinting CPUs To: Ip Date: Thu, 10 Feb 2005 12:30:12 -0500 Maybe a software manufacturer could lock software (say an OS :-) ) to a spefic machine djf - -- Forwarded Message Fro

Blowsearch Secured Messanger

2005-02-10 Thread Aram Perez
BSM must be very secure! Quote from the web site: " Blowsearch Secured Messenger utilizes the OpenSSL library to provide encryption routines for your Instant Messages. We use a combination of randomly selected schemes and bit lengths, ranging up to 4096 bits, with additional algorithms added in

TLS session resume concurrency?

2005-02-10 Thread Victor Duchovni
If multiple processes (or threads) have access to a shared TLS session cache, does the cache need N sessions to serve N threads? Or can (I think unlikely if sessions resume stream-ciphers from internal state in the cache) the same session be used by multiple clients? Postfix only has one TLS sess

Re: A cool demo of how to spoof sites (also shows how TrustBar preventsthis...)

2005-02-10 Thread Steven M. Bellovin
In message <[EMAIL PROTECTED]>, Amir Herzberg writes: >Steve, my point was not the trivial fact that TrustBar would not display >the homograph; suppose it did... even then, the user is _asked_ about >the certificate, since it was signed by an unusual CA that the user did >not specify as `to be t

Vegas casino bets on RFID

2005-02-10 Thread R.A. Hettinga
Vegas casino bets on RFID By Alorie Gilbert Casino mogul Steve Wynn has pulled out all the stops for his new $2.7 billion mega-resort in Las Vegas: an 18-hole championship golf course, a private lake and mountain, and a bronze

Re: Desire safety on Net? (n) code has the solution

2005-02-10 Thread Dan Kaminsky
Digital certificates can be explained as digital passports, which help in authentication of the bearer on the Internet. This also helps maintain, privacy and integrity of Net-based transactions. Digital signatures are accorded the same value as paper-based signatures of the physical world by the I

Desire safety on Net? (n) code has the solution

2005-02-10 Thread R.A. Hettinga
I'm starting get the hang of this. I mean, fertilizer...crypto, crypto...fertilizer: They're both *munitions*, right? Right? :-) Cheers, RAH Express India Desire safety on Net? (n) code has the solution Express News Serv

Re: A cool demo of how to spoof sites (also shows how TrustBar preventsthis...)

2005-02-10 Thread Amir Herzberg
Taral wrote: On Wed, Feb 09, 2005 at 09:08:45PM +, Ian G wrote: The plugin is downloadable from a MozDev site, and presumably if enough attention warrants it, Amir can go to the extent of signing it with a cert in Mozilla's code signing regime. This, of course, is up to Mozilla, not to me... We

Re: A cool demo of how to spoof sites (also shows how TrustBar preventsthis...)

2005-02-10 Thread Amir Herzberg
Steve, my point was not the trivial fact that TrustBar would not display the homograph; suppose it did... even then, the user is _asked_ about the certificate, since it was signed by an unusual CA that the user did not specify as `to be trusted always`; this should certainly be a good warning f

Re: A cool demo of how to spoof sites (also shows how TrustBar preventsthis...)

2005-02-10 Thread Amir Herzberg
Taral wrote: On Wed, Feb 09, 2005 at 07:41:36PM +0200, Amir Herzberg wrote: Want to protect your Mozilla/FireFox from such attacks? Install our TrustBar: http://TrustBar.Mozdev.org (this was the first time that I had a real reason to click the `I don't trust this authority` button...) Opinions?

Re: A cool demo of how to spoof sites (also shows how TrustBar preventsthis...)

2005-02-10 Thread Amir Herzberg
Adam Shostack wrote: On Wed, Feb 09, 2005 at 07:41:36PM +0200, Amir Herzberg wrote: | Want to see a simple, working method to spoof sites, fooling | Mozilla/FireFox/... , even with an SSL certificate and `lock`? | | http://www.shmoo.com/idn/ | | See also: | | http://cgi.ebay.com/ws/eBayISAPI

Re: link-layer encryptors for Ethernet?

2005-02-10 Thread Steven M. Bellovin
In message <[EMAIL PROTECTED]>, Chris Kuethe writes: >http://www.gdds.com/company/portfolio.html#ias >http://www.gdc4s.com/Products/sectera.htm > >Maybe one of these nifty looking general dynamics widgets is what you're afte >r? > Anything beginning with "KG" or "KO" is government, and not what I

GNFC launches Indian Digital Certification services

2005-02-10 Thread R.A. Hettinga
Gujarat Narmada Valley Fertilizer Company??? ;-) Cheers, RAH --- deepikaglobal.com - Business News Detail Thursday, February 10, 2005 Good Evening to you Business News GNFC launches nationwide

Re: A cool demo of how to spoof sites (also shows how TrustBar preventsthis...)

2005-02-10 Thread Taral
On Wed, Feb 09, 2005 at 09:08:45PM +, Ian G wrote: > The plugin is downloadable from a MozDev site, > and presumably if enough attention warrants it, > Amir can go to the extent of signing it with a > cert in Mozilla's code signing regime. That only authenticates that Amir wrote the code, not