Good writeup on UI spoofing attacks

[Peter Gutmann]

The Codinghorror blog has a good writeup on the level of sophistication of UI
spoofing being used in phishing attacks, specifically how a web search for
lilies leads to a pretty convincing social-engineering attack designed to get
users to install their malware:

  http://www.codinghorror.com/blog/archives/001164.html

  What I'm more concerned about here is how well the user interface was
  spoofed. The browser FUI [fake UI] was convincing enough to even make me --
  possibly the world's most jaded and cynical Windows user -- do a bit of a
  double- take. How do you protect naive users from cleverly designed FUI
  exploits like this one? Can you imagine your mother doing a web search on
  flowers -- flowers, for God's sake -- clicking on the search results to a
  totally legitimate website, and correctly navigating the resulting maze of
  fake UI, spurious javascript alerts, and download dialogs?

To pre-empt the inevitable discussions of Noscript and similar measures,
they're all well and good but the very people who need them the most are the
ones who're least likely to have them installed.

Peter.

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

5x speedup for AES using SSE5?

[Paul Crowley]

http://www.ddj.com/hpc-high-performance-computing/201803067

In the above Dr Dobb's article from a little over a year ago, AMD Senior 
Fellow Leendert vanDoorn states "the Advanced Encryption Standard (AES) 
algorithm gets a factor of 5 performance improvement by using the new 
SSE5 extension".  However, glancing through the SSE5 specification, I 
can't see at all how such a dramatic speedup might be achieved.  Does 
anyone know any more, or can anyone see more than I can in the spec?


http://developer.amd.com/cpu/SSE5/Pages/default.aspx
--
  __
\/ o\ Paul Crowley
/\__/ www.ciphergoth.org

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]