Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-06 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Jonathan Thor
nburg writes:
I would never use online banking, and I advise all my friends and
colleagues (particularly those who _aren't_ computer-security-geeks)
to avoid it.


I do use it -- but never from a Windows machine.  The OS I use is 
probably better, but it's *definitely* a much less attractive target 
for malware writers.

Problems?  I did have my credit card number stolen, but almost 
certainly not that way.  The bank believes it was a random card number 
generator.

--Steven M. Bellovin, http://www.cs.columbia.edu/~smb



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-06 Thread Florian Weimer
* Nicholas Bohm:

 [EMAIL PROTECTED] wrote:
 You know, I'd wonder how many people on this
 list use or have used online banking.  
 
 To start the ball rolling, I have not and won't.
 
 --dan

 I do.

 My bank provides an RSA SecureId, so I feel reasonably safe against
 anyone other than the bank.

But it's just a token measure.  You should be afraid of your own
computer, your own network.  SecureID does not authenticate the server
you're going to send your data to.  It does not detect if your
computer is compromised.

Sure, right now, it might help you personally, but once these simple
tokens gain market share, attackers will adjust.  It's not a general
solution.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-06 Thread mis
please, can people tell us about what their country's liability
framework is, as they understand it, and where the onus of proof is
for what sorts of transactions?

this is one of the few areas where consumers have some actual
protection in the us.

due to ross anderson, i have heard about the uk.   has this been harmonized
in the eu?

many other countries are a mystery to me.

it would seem to me even in countries with pro-bank/anti-consumer stances
the risk could be limited by putting few eggs in that basket, rather than
giving up on using baskets entirely.

as an offering from left field, here's an pretty good paper about
fraud and identity in .au and .nz
http://www.aic.gov.au/conferences/other/smith_russell/2003-09-identity.html


On Mon, Dec 05, 2005 at 07:09:33PM +0100, Jonathan Thornburg wrote:
 I would never use online banking, and I advise all my friends and
 colleagues (particularly those who _aren't_ computer-security-geeks)
 to avoid it.
 
 
 On Sun, Dec 04, 2005 at 05:51:11PM -0500, [EMAIL PROTECTED] wrote:
 I've been using online banking for many years, both US and Germany.
 The German PIN/TAN system is reasonably secure,
 being an effective one-time pad distributed through out of band channel
 
 Ahh, but how do you know that the transaction actually sent to the
 bank is the same as the one you thought you authorized with that OTP?
 If your computer (or web browser) has been cracked, you can't trust
 _anything_ it displays.  There are already viruses in the wild
 attacking German online banking this way:
   http://www.bsi.bund.de/av/vb/pwsteal_e.htm
 
 
 I also don't trust RSAsafe or other such 2-factor authentication
 gadgets, for the same reason.
 
 [I don't particularly trust buying things online with a credit card,
 either, but there my liability is limited to 50 Euros or so, and the
 credit card companies actually put a modicum of effort into watching
 for suspicious transactions, so I'm willing to buy (a few) things online.]
 
 ciao,
 
 -- 
 -- Jonathan Thornburg [EMAIL PROTECTED]
Max-Planck-Institut fuer Gravitationsphysik (Albert-Einstein-Institut),
Golm, Germany, Old Europe http://www.aei.mpg.de/~jthorn/home.html
Washing one's hands of the conflict between the powerful and the
 powerless means to side with the powerful, not to be neutral.
   -- quote by Freire / poster by Oxfam
 
 
 -
 The Cryptography Mailing List
 Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-06 Thread Florian Weimer
 You know, I'd wonder how many people on this
 list use or have used online banking.  

 To start the ball rolling, I have not and won't.

Why?  Repudiating transactions is easier than ever.  As a consumer, I
fear technology which is completely secure according to experts, but
which can be broken nevertheless.  The current situation is very
different.  Everybody agrees that online banking is insecure, and in
most markets, it's the banks who swallow the losses, not the consumer
(even those who were very stupid).

For those of you who haven't rolled out a national ID scheme in time,
there's still the general identity theft problem, but this affects you
even if you don't use online banking.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-06 Thread Florian Weimer
* Eugen Leitl:

 The German PIN/TAN system is reasonably secure, being an effective
 one-time pad distributed through out of band channel (mailed dead
 tree in a tamperproof envelope).

Some banks have optimized away the special envelope. 8-(

 It is of course not immune to phishing (PIN/TAN harvesting), which
 has become quite rampant recently.

And we face quite advanced attack technology, mainly compromised end
systems.  We are well beyond the point where simple tokens (like RSA
SecureID) would help.

 I do have a HBCI smartcard setup with my private account but don't use it
 since it's locked in a proprietary software jail.

The way the current attacks are carried out, smartcard-based HBCI is
less secure than the PIN/TAN model because with HBCI, you don't need
to authorize each transaction separately.  At this stage, few people
recognize this problem, and German banks put high hopes on
smartcard-based online banking, despite its high costs in terms of
consumer devices and support calls.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Fermat's primality test vs. Miller-Rabin

2005-12-06 Thread Sidney Markowitz
Joseph Ashwood wrote:
 Apparently, they are, I'm ran a sample, but even with the added second 
 sanity check, every one of them that passes a single round comes up prime.
 
 I then proceeded to move it to 2048-bit numbers. It takes longer and the 
 gaps between primes is averaging around 700 right now, but once again if it 
 passes a single test it passes all 128+128

Ok, I did misunderstand you. If that failed 120-130 times is talking about
the number of trials between primes, then you are getting within the range of
expected results.

According to the prime number theorem, the probability of selecting a prime
number at random from odd numbers is about 2/ln(n) which for a 512 bit number
is about 1 in 177, which means you have about a 50% chance of 120 tries before
finding a prime.

According to the results that Anton quoted there is a 2^56 chance that a 512
bit odd number that passes one round of Miller-Rabin is actually prime.

So all of your results do make sense.

 -- sidney

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-06 Thread Florian Weimer
* Jonathan Thornburg:

 Ahh, but how do you know that the transaction actually sent to the
 bank is the same as the one you thought you authorized with that OTP?
 If your computer (or web browser) has been cracked, you can't trust
 _anything_ it displays.  There are already viruses in the wild
 attacking German online banking this way:
   http://www.bsi.bund.de/av/vb/pwsteal_e.htm

Of course you don't.  In some sense, the next-generation security
technology which U.S. banks plan to roll out (either voluntarily, or
due to regulation) has already been broken in Germany.

If you bring the topic up in discussions, the usual answer is don't
MITM me! (meaning: Don't mention man-in-the-middle attacks,
including compromised customer systems, because you know we can't
defend against them! This is not fair!).  But this is not a valid
response when experience shows that the relevant attacks *are* MITM
attacks.

 I also don't trust RSAsafe or other such 2-factor authentication
 gadgets, for the same reason.

I'm always glad to read someone who agrees with me on this matter. 8-)

I don't understand why almost everyone is in a frenzy to deploy them.
If you can somehow weasel through the next 6 months or so, it will be
completely non-repudiatable that transactions covered by two-factor
authentication are fully repudiatable.  You can save a lot of money
(including your customers' money) if you manage to skip this
technology cycle.  The only problem could be that the media and
security experts smack you if you don't deploy the same, broken
countermeasures everyone else does.

By the way, one interesting aspect of the online banking problem is
its implications for threat modelling, attack trees, and similar
approaches.  It would be interesting to compare a few models and why
they fail to adequately describe the situation.  My hunch is that
these models do not take two factors into account: Attacks aren't
targeted by the cost/revenue alone, tradition plays a major role, too,
as does sheer luck.  And you are caught in a feedback loop; the
attacks change as you deploy new countermeasures, and the changes are
mostly unpredictable.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


[Clips] RSA buys Cyota for $145 million

2005-12-06 Thread R. A. Hettinga

--- begin forwarded text


 Delivered-To: [EMAIL PROTECTED]
 Date: Mon, 5 Dec 2005 14:38:43 -0500
 To: Philodox Clips List [EMAIL PROTECTED]
 From: R. A. Hettinga [EMAIL PROTECTED]
 Subject: [Clips] RSA buys Cyota for $145 million
 Reply-To: [EMAIL PROTECTED]
 Sender: [EMAIL PROTECTED]

 
http://www.infoworld.com/article/05/12/05/HNrsacyota_1.html?source=NLC-SEC2005-12-05

 InfoWorld

 RSA buys Cyota for $145 million
 Acquisition gives RSA broader range of authentication techniques
  By Nancy Gohring, IDG News Service
 December 05, 2005
  Print this


 RSA Security (Profile, Products, Articles) on Monday said it plans to buy
 Cyota, the provider of online security and antifraud products, for $145
 million.

 The acquisition will allow RSA to offer customers a broader range of
 authentication techniques. RSA hopes to offer a risk-based  authentication
 approach, allowing customers to choose an authentication method to meet the
 specific risks they face. Customers  will be able to choose from a
 portfolio that includes watermarking, digital certificates, tokens, and
 smart cards.

 In addition to the authentication offerings, RSA also plans to offer
 Cyota's services such as its antifraud service, which  includes fraudulent
 site shut-down, detection of phishing attacks as well as a
 transaction-protection service that authenticates  credit card users and
 identifies fraudulent activity in accounts.

 RSA expects the acquisition will add as much as $25 million in revenue in
2006.

 The price for the privately held company includes $136 million in cash for
 Cyota stock, $5.5 million in cash to fund a three-year  retention pool and
 $3.5 million for outstanding Cyota stock options. The deal is expected to
 close within 30 days.

 --
 -
 R. A. Hettinga mailto: [EMAIL PROTECTED]
 The Internet Bearer Underwriting Corporation http://www.ibuc.com/
 44 Farquhar Street, Boston, MA 02131 USA
 ... however it may deserve respect for its usefulness and antiquity,
 [predicting the end of the world] has not been found agreeable to
 experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
 ___
 Clips mailing list
 [EMAIL PROTECTED]
 http://www.philodox.com/mailman/listinfo/clips

--- end forwarded text


-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Fermat's primality test vs. Miller-Rabin

2005-12-06 Thread Joseph Ashwood
- Original Message - 
From: Anton Stiglic [EMAIL PROTECTED]

Subject: RE: Fermat's primality test vs. Miller-Rabin





Ok after making that change, and a few others. Selecting only odd numbers
(which acts as a small seive) I'm not getting much useful information. It
appears to be such that at 512 bits if it passes once it passes 128 times,
and it appears to fail on average about 120-130 times, so the sieve
amplifies the values more than expected. Granted this is only a test of 
the



generation of 128 numbers, but I got 128 primes (based on 128 MR rounds).



O.k., so if I read this right, your new results concord with the analysis 
of

Pomerance et al.   That would make much more sense.

When you say on average about 120-130 times the test fails, out of how
many is that?


I should've said that the the quantity of numbers that failed the first test 
between each success was about 120-130. Apparently, even sieving based 
solely on is it odd is enough to substantially influence the outcome.
   Joe 




-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-06 Thread Ian G

[EMAIL PROTECTED] wrote:

okay, i read this story from 7/2005 reporting an incident in 5/2005.  the short 
form of it is:


Not a bad summary.  I'd say that when one is
dealing with any such crime, there are always
unanswered questions, and issues of confusion
(probably as much for the attacker as the victim).


even more off-topic:
i'm surprised that the people on this list don't feel as if they have 
enough
personal connections that at least they could figure out what happened 
to them
as *some* financial institution.  doesn't anyone else ask, as a basis 
for imputing
	trust  exactly who did that {protocol, architecture, code} review as a basis for 
	imputing trust?  maybe i'm delusional, but i give fidelity some residual credit 
	for having adam shostack there, even some years ago, and there are some firms

i'd use because i've been there enough to see their level of care.


Well, even though phishing has been discussed
on this list for about 2 years, it is only in
the last 6 months or so that there has been a
wider acceptance in the subject.  I think your
specific question has been asked so many times
that people's eyes glaze over.

Only in the last few *weeks* did two of the browser
manufacturers acknowledge it publically.  So I
wouldn't expect too much from the banks, who have
to receive authoritive press, institution  regulatory
input before they will shift on matters of security.

iang

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-06 Thread Nicholas Bohm
Florian Weimer wrote:
 * Nicholas Bohm:
 
 
[EMAIL PROTECTED] wrote:

You know, I'd wonder how many people on this
list use or have used online banking.  

To start the ball rolling, I have not and won't.

--dan

I do.

My bank provides an RSA SecureId, so I feel reasonably safe against
anyone other than the bank.
 
 
 But it's just a token measure.  You should be afraid of your own
 computer, your own network.  SecureID does not authenticate the server
 you're going to send your data to.  It does not detect if your
 computer is compromised.
 
 Sure, right now, it might help you personally, but once these simple
 tokens gain market share, attackers will adjust.  It's not a general
 solution.

I accept all that.

I hope, not too confidently, that before the attackers adjust enough,
banks will start giving their customers FINREAD type
secure-signature-creation devices of decent provenance whose security
does not rely on non-compromise of my PC or network.

Nicholas Bohm
-- 
Salkyns, Great Canfield, Takeley,
Bishop's Stortford CM22 6SX, UK

Phone   01279 871272(+44 1279 871272)
Fax  020 7788 2198   (+44 20 7788 2198)
Mobile  07715 419728(+44 7715 419728)

PGP public key ID: 0x899DD7FF.  Fingerprint:
5248 1320 B42E 84FC 1E8B  A9E6 0912 AE66 899D D7FF

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]