Re: Java: Helping the world build bigger idiots

| It used to be that checking bounds on certain collections was less | efficient than waiting for the out of bounds exception. I think Joshua | Bloch discusses this in his book. | | I've also seen this in generated code where you aren't sure of the | nature of the object you're indexing and thus d

Re: [Clips] Contactless payments and the security challenges

Alexander Klimov wrote: > Since the phone has an LCD and a keyboard it is possible to display > ``Do you want to pay $2 to ABC, Inc. ?'' and authorize the transaction > only if the user presses OK (larger transactions may require the PIN). > An additional benefit is that it is your own card accepti

Re: ECC patents?

On Wed, Sep 14, 2005 at 12:18:14PM +0300, Alexander Klimov wrote: > http://www1.ietf.org/proceedings_new/04nov/slides/saag-2/sld9.htm: > > What is Really Covered > o The use of elliptic curves defined over GF(p) where p is a prime > number greater than 2^255 when the product satisfies t

Re: Defending users of unprotected login pages with TrustBar 0.4.9.93

David Wagner wrote: Amir Herzberg writes: However, quite a few of these sites invoke SSL/TLS only _after_ user has typed in her user name and pw, and clicked `submit`. This allows a MITM adversary to send a modified login page to the user, which sends the pw to the attacker (rather than encrypt

Re: Defending users of unprotected login pages with TrustBar 0.4.9.93

John Gilmore wrote: Perhaps the idea of "automatically" redirecting people to alternative pages goes a bit too far: Of course, users can turn this off for one page or for all, but that's not answering yet John's comments below - I respond following them... Also: I am not crazy about this solut

[EMAIL PROTECTED]: [IP] more on ARMSTRONG LECTURE on Quantum Crypto and Optical Networks (Forwarded)]]

- Forwarded message from David Farber <[EMAIL PROTECTED]> - From: David Farber <[EMAIL PROTECTED]> Date: Mon, 19 Sep 2005 20:30:36 -0400 To: Ip Ip Subject: [IP] more on ARMSTRONG LECTURE on Quantum Crypto and Optical Networks (Forwarded)] X-Mailer: Apple Mail (2.734) Reply-To: [EMAIL PR

Online fraud 'ahead' of credit-card companies-experts

http://news.yahoo.com/s/nm/20050919/wr_nm/financial_creditcard_fraud_dc;_ylt=AlItQtA0cAs1.5FbhmH_orX6VbIF;_ylu=X3oDMTBiMW04NW9mBHNlYwMlJVRPUCUl Online fraud 'ahead' of credit-card companies-experts Speaking at an conference here, John Shaughnessy, senior vice president for fraud prevention at Vis

Re: Java: Helping the world build bigger idiots

On 9/19/05, [EMAIL PROTECTED] (Peter Gutmann) wrote: >Found on the Daily WTF, http://www.thedailywtf.com/forums/43223/ShowPost.aspx: > > try { >int idx = 0; > >while (true) { > displayProductInfo(prodnums[idx]); > idx++; > } >} > catch (IndexOutOfBoundExcepti

Re: Defending users of unprotected login pages with TrustBar 0.4.9.93

Perhaps the idea of "automatically" redirecting people to alternative pages goes a bit too far: > 1. TrustBar will automatically download from our own server, > periodically, a list of all of the unprotected login sites, including > any alternate protected login pages we are aware of. By default,

Defending users of unprotected login pages with TrustBar 0.4.9.93

Amir Herzberg writes: >However, quite a few of these sites invoke SSL/TLS only _after_ user has >typed in her user name and pw, and clicked `submit`. This allows a MITM >adversary to send a modified login page to the user, which sends the pw >to the attacker (rather than encrypting it and sending t

Re: [Clips] Contactless payments and the security challenges

On Sun, 18 Sep 2005, John Gilmore wrote: > E.g. I can extract money from your RFID payment tag whenever you > walk past, whether you authorized the transaction or not. Since the phone has an LCD and a keyboard it is possible to display ``Do you want to pay $2 to ABC, Inc. ?'' and authorize the tr

[Clips] [MTNews] CRYPTOCard DEMONSTRATES CRYPTO-Server 6.3

--- begin forwarded text Delivered-To: [EMAIL PROTECTED] Date: Mon, 19 Sep 2005 15:04:54 -0400 To: "Philodox Clips List" <[EMAIL PROTECTED]> From: "R.A. Hettinga" <[EMAIL PROTECTED]> Subject: [Clips] [MTNews] CRYPTOCard DEMONSTRATES CRYPTO-Server 6.3 Reply-To: [EMAIL PROTECTED] Sender: [E

Guideline for Implementing Cryptography In the Federal Government

http://csrc.nist.gov/publications/drafts/800-21-Rev1_September2005.pdf --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [

RFID Payments

I've got Dave's updated article here, for them as wants it... Cheers, RAH --- begin forwarded text Subject: RFID Payments Date: Mon, 19 Sep 2005 17:21:14 +0100 From: "Dave Birch" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>, "Bob Het

Re: Java: Helping the world build bigger idiots

It used to be that checking bounds on certain collections was less efficient than waiting for the out of bounds exception. I think Joshua Bloch discusses this in his book. I've also seen this in generated code where you aren't sure of the nature of the object you're indexing and thus don't know th