Opinion on Israeli espionage plot

2005-06-04 Thread Hagai Bar-El
List, In the following link is an opinion about the espionage act discovered in Israel a week ago. In short: This case is probably one of dozens, but the only one that was discovered probably due to three non-typical mistakes that were done. http://www.hbarel.com/Blog/entry0004.html Hagai.

Re: Papers about Algorithm hiding ?

2005-06-04 Thread Ian G
On Thursday 02 June 2005 13:50, Steve Furlong wrote: On 5/31/05, Ian G [EMAIL PROTECTED] wrote: I don't agree with your conclusion that hiding algorithms is a requirement. I think there is a much better direction: spread more algorithms. If everyone is using crypto then how can that be

Re: Bluetooth cracked further

2005-06-04 Thread Dan Riley
Matt Crawford [EMAIL PROTECTED] writes: On Jun 3, 2005, at 11:55, Perry E. Metzger wrote: 2) They also have a way of forcing pairing to happen, by impersonating one of the devices and saying oops! I need to pair again! to the other. Do the devices then pair again without user

Re: [Clips] Paying Extra for Faster Airport Security

2005-06-04 Thread Anne Lynn Wheeler
one of the articles from a couple months ago about what happens if too many people shift into a priority queue. note that it is somewhat cheaper to let a few people to pay to go to the head of the screening line ... so that their queueing wait is reduced. It is a lot more expensive to install

Re: What happened with the session fixation bug?

2005-06-04 Thread Ben Laurie
James A. Donald wrote: -- James A. Donald: PKI was designed to defeat man in the middle attacks based on network sniffing, or DNS hijacking, which turned out to be less of a threat than expected. However, the session fixation bugs http://www.acros.si/papers/session_fixation.pdf make

Re: What happened with the session fixation bug?

2005-06-04 Thread James A. Donald
-- James A. Donald wrote: The way to beat session fixation is to issue a privileged and impossible to predict session ID in response to a correct login. If, however, you grant privileges to a session ID on the basis of a successful login, which is in fact the usual practice,

Re: Bluetooth cracked further

2005-06-04 Thread Thomas Lakofski
Perry E. Metzger wrote: Matt Crawford [EMAIL PROTECTED] writes: On Jun 3, 2005, at 11:55, Perry E. Metzger wrote: 2) They also have a way of forcing pairing to happen, by impersonating one of the devices and saying oops! I need to pair again! to the other. Do the devices then pair again

Re: Bluetooth cracked further

2005-06-04 Thread Olle Mulmo
On Jun 4, 2005, at 14:12, Thomas Lakofski wrote: Finally, the PIN length ranges from 8 to 128 bits. Most manufacturers use a 4 digit PIN and supply it with the device. Obviously, customers should demand the ability to use longer PINs. Correction: Most manufacturers hardcode the 4-digit PIN

Re: Bluetooth cracked further

2005-06-04 Thread Thomas Lakofski
Olle Mulmo wrote: On Jun 4, 2005, at 14:12, Thomas Lakofski wrote: Wrote? Well, quoted... Finally, the PIN length ranges from 8 to 128 bits. Most manufacturers use a 4 digit PIN and supply it with the device. Obviously, customers should demand the ability to use longer PINs. Correction: