Re: spyware targets bank customers. news at 11.
* Perry E. Metzger: A major identity theft ring has been discovered that affects up to 50 banks, according to Sunbelt Software, the security company that says it uncovered the operation. The operation, which is being investigated by the FBI, is gathering personal data from thousands of machines using keystroke-logging software, Sunbelt said Monday. http://news.com.com/ID+theft+ring+hits+50+banks%2C+firm+says/2100-7349_3-5823591.html I should point out that most players in the field don't rush to the press with their findings, in order not to impact a pending law enforcement investigation. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: solving the wrong problem
'chindogu' seems almost appropriate but maybe not exact http://www.designboom.com/history/useless.html http://www.pitt.edu/~ctnst3/chindogu.html --Anton - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: spyware targets bank customers. news at 11.
On Wed, Aug 10, 2005 at 04:11:31PM +0200, Florian Weimer wrote: * Perry E. Metzger: A major identity theft ring has been discovered that affects up to 50 banks, according to Sunbelt Software, the security company that says it uncovered the operation. The operation, which is being investigated by the FBI, is gathering personal data from thousands of machines using keystroke-logging software, Sunbelt said Monday. http://news.com.com/ID+theft+ring+hits+50+banks%2C+firm+says/2100-7349_3-5823591.html I should point out that most players in the field don't rush to the press with their findings, in order not to impact a pending law enforcement investigation. They stated on their blog that they only did so because they couldn't get anyone's attention in law enforcement, and now that the FBI is involved, they're not saying anything else (and yes, their actions are being questioned in the comments). http://sunbeltblog.blogspot.com/2005/08/massive-identity-theft-ring.html http://sunbeltblog.blogspot.com/2005/08/more-on-identity-theft-ring.html Except that while I've written the above I've noticed a followup which has more details and says they're going to have a fix today: http://sunbeltblog.blogspot.com/2005/08/keylogger-from-hell.html -- - Adam ** I can fix your database problems: http://www.everylastounce.com/mysql.html ** Blog... [ http://www.aquick.org/blog ] Links.. [ http://del.icio.us/fields ] Photos. [ http://www.flickr.com/photos/fields ] Experience. [ http://www.adamfields.com/resume.html ] Product Reviews: .. [ http://www.buyadam.com/blog ] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
NY Times article on biometrics and border control
Thought this would be of some interest. Unfortunately, the article will not be visible after a few days, thanks to the NY Times' policies, and can only be viewed if you register. :( WASHINGTON | August 10, 2005 Hurdles for High-Tech Efforts to Track Who Crosses Borders By ERIC LIPTON The government's effort to collect biometric data to track foreigners visiting the U.S. has fallen far short of its goals. http://www.nytimes.com/2005/08/10/politics/10biometrics.html - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: NY Times article on biometrics and border control
On Wed, Aug 10, 2005 at 01:24:07PM -0400, Perry E. Metzger wrote: Thought this would be of some interest. Unfortunately, the article will not be visible after a few days, thanks to the NY Times' policies, and can only be viewed if you register. :( WASHINGTON | August 10, 2005 Hurdles for High-Tech Efforts to Track Who Crosses Borders By ERIC LIPTON The government's effort to collect biometric data to track foreigners visiting the U.S. has fallen far short of its goals. http://www.nytimes.com/2005/08/10/politics/10biometrics.html This link will continue to work: http://www.nytimes.com/2005/08/10/politics/10biometrics.html?ex=1281326400en=42aa99a66a58b368ei=5090partner=rssuserlandemc=rss (From the NYT link generator: http://nytimes.blogspace.com/genlink ) -- - Adam ** I can fix your database problems: http://www.everylastounce.com/mysql.html ** Blog... [ http://www.aquick.org/blog ] Links.. [ http://del.icio.us/fields ] Photos. [ http://www.flickr.com/photos/fields ] Experience. [ http://www.adamfields.com/resume.html ] Product Reviews: .. [ http://www.buyadam.com/blog ] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: spyware targets bank customers. news at 11.
* Adam Fields: They stated on their blog that they only did so because they couldn't get anyone's attention in law enforcement, You mean this part? | We have notified the FBI, but no response just yet. We have notified a | few of the parties involved. (Update: It looks like they were working | on the case when after we sent originally sent the data in, but we | didn't get any response from them at the time indicating they had | received our data.) AFAIK, the FBI is a bit like a black hole, so it's a bit hard to work with them. On the other hand, not disclosing the details of an ongoing criminal investigation to non-trusted individuals (and these people are apparently new to the field) is usually a good idea. Filing a complaint doesn't mean you are trustworthy. (However, this has little to do with cryptography. 8-) - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Motorist wins case after maths whizzes break speed camera code
The facts are very scrambled but I like it. The brief TV reports from lawyers were more factual. Motorist wins case after maths whizzes break speed camera code Sydney Morning Herald By Andrew Clark August 11, 2005 A team of Chinese maths enthusiasts have thrown NSW's speed cameras system into disarray by cracking the technology used to store data about errant motorists. The NRMA has called for a full audit of the way the state's 110 enforcement cameras are used after a motorist escaped a conviction by claiming that data was vulnerable to hackers. A Sydney magistrate, Laurence Lawson, threw out the case because the Roads and Traffic Authority failed to find an expert to testify that its speed camera images were secure. The motorist's defence lawyer, Denis Mirabilis, argued successfully that an algorithm known as MD5, which is used to store the time, date, place, numberplate and speed of cars caught on camera, was a discredited piece of technology. Mr Mirabilis yesterday said he had received more than 100 inquiries from motorists anxious to use the same defence. People have shown it [the algorithm] has been hacked and it's open to viruses. Designed in the early 1990s by an American academic, MD5 safeguards against tampering by turning information into a 128-bit sequence of digits. However, researchers from China's Shandong University have proved it is possible to store conflicting pieces of information as the same MD5 sequence. Nick Ellsmore, an encryption expert at the consultancy SIFT, said this theoretically meant the RTA could change the speed at which a car was recorded and retain the same code. Since the research came out, we've been recommending that clients move away from MD5 and we've certainly recommended that people don't use it for new applications, he said. The NRMA said it was crucial the public had confidence in convictions. Its policy specialist, Lisa McGill, said: We want a full audit and a review of the system to ensure that it is working appropriately. The RTA's spokesman, Paul Willoughby, rejected the decision as a one-off: No one, in relation to court cases, can be a hundred per cent sure they're going to win a hundred per cent of the time. NSW's weekly take from the cameras is more than $1 million. Meanwhile, the RTA denied reports that cameras catching toll evaders in the Harbour Tunnel are routinely turned off. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]