Re: [Clips] Contactless payments and the security challenges

2005-09-19 Thread Anne Lynn Wheeler
related ref: http://www.garlic.com/~lynn/aadsm21.htm#11 Payment Tokens http://www.garlic.com/~lynn/aadsm21.htm#21 Payment Tokens there is an interesting side light involving x.509 identity certificate and the non-repudiation bit ... in the context of point of sale terminals for financial

Re: [Clips] Contactless payments and the security challenges

2005-09-19 Thread John Gilmore
http://www.nccmembership.co.uk/pooled/articles/BF_WEBART/view.asp?Q=BF_WEBART_171100 Interesting article, but despite the title, there seems to be no mention of any of the actual security (or privacy) challenges involved in deploying massive RFID payment systems. E.g. I can extract money

Defending users of unprotected login pages with TrustBar 0.4.9.93

2005-09-19 Thread Amir Herzberg
Most financial and other sensitive web sites use SSL/TLS to authenticate the server and protect data from eavesdropping and from modification by a Man In The Middle (MITM) adversary. However, quite a few of these sites invoke SSL/TLS only _after_ user has typed in her user name and pw, and

Java: Helping the world build bigger idiots

2005-09-19 Thread Peter Gutmann
Found on the Daily WTF, http://www.thedailywtf.com/forums/43223/ShowPost.aspx: try { int idx = 0; while (true) { displayProductInfo(prodnums[idx]); idx++; } } catch (IndexOutOfBoundException ex) { // nil } The editor also comments that when

Re: Java: Helping the world build bigger idiots

2005-09-19 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Peter Gutmann writes : Found on the Daily WTF, http://www.thedailywtf.com/forums/43223/ShowPost.aspx: try { int idx = 0; while (true) { displayProductInfo(prodnums[idx]); idx++; } } catch (IndexOutOfBoundException ex) {

[Clips] RUXCON 2005 Update

2005-09-19 Thread R.A. Hettinga
--- begin forwarded text Delivered-To: [EMAIL PROTECTED] Date: Mon, 19 Sep 2005 10:56:52 -0400 To: Philodox Clips List [EMAIL PROTECTED] From: R.A. Hettinga [EMAIL PROTECTED] Subject: [Clips] RUXCON 2005 Update Reply-To: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] --- begin forwarded

Re: Defending users of unprotected login pages with TrustBar 0.4.9.93

2005-09-19 Thread Victor Duchovni
On Mon, Sep 19, 2005 at 02:54:14PM +0200, Amir Herzberg wrote: We now added a mechanism computes a hash of every unprotected site for which the user has assigned name/logo. TrustBar compares this hash on subsequent accesses to the same site. If the site is not modified in five subsequent