Re: A cool demo of how to spoof sites (also shows how TrustBar preventsthis...)

2005-02-10 Thread Taral
On Wed, Feb 09, 2005 at 09:08:45PM +, Ian G wrote: The plugin is downloadable from a MozDev site, and presumably if enough attention warrants it, Amir can go to the extent of signing it with a cert in Mozilla's code signing regime. That only authenticates that Amir wrote the code, not

GNFC launches Indian Digital Certification services

2005-02-10 Thread R.A. Hettinga
Gujarat Narmada Valley Fertilizer Company??? ;-) Cheers, RAH --- http://www.deepikaglobal.com/ENG5_sub.asp?newscode=92273catcode=ENG5subcatcode= deepikaglobal.com - Business News Detail Thursday, February 10, 2005 Good Evening to you Business News GNFC launches nationwide

Re: link-layer encryptors for Ethernet?

2005-02-10 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Chris Kuethe writes: http://www.gdds.com/company/portfolio.html#ias http://www.gdc4s.com/Products/sectera.htm Maybe one of these nifty looking general dynamics widgets is what you're afte r? Anything beginning with KG or KO is government, and not what I'm looking

Re: A cool demo of how to spoof sites (also shows how TrustBar preventsthis...)

2005-02-10 Thread Amir Herzberg
Taral wrote: On Wed, Feb 09, 2005 at 07:41:36PM +0200, Amir Herzberg wrote: Want to protect your Mozilla/FireFox from such attacks? Install our TrustBar: http://TrustBar.Mozdev.org (this was the first time that I had a real reason to click the `I don't trust this authority` button...) Opinions?

Re: A cool demo of how to spoof sites (also shows how TrustBar preventsthis...)

2005-02-10 Thread Amir Herzberg
Steve, my point was not the trivial fact that TrustBar would not display the homograph; suppose it did... even then, the user is _asked_ about the certificate, since it was signed by an unusual CA that the user did not specify as `to be trusted always`; this should certainly be a good warning

Re: A cool demo of how to spoof sites (also shows how TrustBar preventsthis...)

2005-02-10 Thread Amir Herzberg
Taral wrote: On Wed, Feb 09, 2005 at 09:08:45PM +, Ian G wrote: The plugin is downloadable from a MozDev site, and presumably if enough attention warrants it, Amir can go to the extent of signing it with a cert in Mozilla's code signing regime. This, of course, is up to Mozilla, not to me...

Desire safety on Net? (n) code has the solution

2005-02-10 Thread R.A. Hettinga
I'm starting get the hang of this. I mean, fertilizer...crypto, crypto...fertilizer: They're both *munitions*, right? Right? :-) Cheers, RAH http://cities.expressindia.com/fullstory.php?newsid=117201# Express India Desire safety on Net? (n) code has the solution Express News

Re: Desire safety on Net? (n) code has the solution

2005-02-10 Thread Dan Kaminsky
Digital certificates can be explained as digital passports, which help in authentication of the bearer on the Internet. This also helps maintain, privacy and integrity of Net-based transactions. Digital signatures are accorded the same value as paper-based signatures of the physical world by the

Vegas casino bets on RFID

2005-02-10 Thread R.A. Hettinga
http://news.com.com/2102-7355_3-5568288.html?tag=st.util.print Vegas casino bets on RFID By Alorie Gilbert Casino mogul Steve Wynn has pulled out all the stops for his new $2.7 billion mega-resort in Las Vegas: an 18-hole championship golf course, a private lake and mountain, and a bronze

Re: A cool demo of how to spoof sites (also shows how TrustBar preventsthis...)

2005-02-10 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Amir Herzberg writes: Steve, my point was not the trivial fact that TrustBar would not display the homograph; suppose it did... even then, the user is _asked_ about the certificate, since it was signed by an unusual CA that the user did not specify as `to be

TLS session resume concurrency?

2005-02-10 Thread Victor Duchovni
If multiple processes (or threads) have access to a shared TLS session cache, does the cache need N sessions to serve N threads? Or can (I think unlikely if sessions resume stream-ciphers from internal state in the cache) the same session be used by multiple clients? Postfix only has one TLS

Blowsearch Secured Messanger

2005-02-10 Thread Aram Perez
sarcasmBSM must be very secure!/sarcasm Quote from the web site: Blowsearch Secured Messenger utilizes the OpenSSL library to provide encryption routines for your Instant Messages. We use a combination of randomly selected schemes and bit lengths, ranging up to 4096 bits, with additional