Full article at http: // blog.washingtonpost.com / securityfix /
Citibank Phish Spoofs 2-Factor Authentication
Security experts have long touted the need for financial Web sites to move
beyond mere passwords and implement so-called two-factor authentication --
the second factor being something
http://blog.washingtonpost.com/securityfix/2006/07/citibank_phish_spoofs_2fa
ctor_1.html
Thought this might interest some.
-Lance James
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL
Hal Finney wrote:
I had not heard that there had been an official
decision to hold a new competition for hash functions
similar to AES. That is very exciting! The AES
process was one of the most interesting events to have
occured in the last few years in our field.
Seemed like one of the
C A L L F O R P A P E R S
The 4th International Workshop for
Technology, Economy and Legal Aspects of
Virtual Goods
Organized by the GI Working Group ECOM
and in parallel with
Charlie Kaufman wrote:
I believe this has been known for a long time, though I have never seen the
proof. I could imagine constructing one based on quadratic sieve.
I believe that a proof that the discrete log problem is polynomially reducible
to the factorization problem is much harder and
...from a round-table discussion on identity theft in the current
Computerworld:
IDGNS: What are the new threats that people aren't thinking
about?
CEO Dean Drako, Sana Security Inc.: There has been a market
change over the last five-to-six years, primarily due to
Hal:
Thanks for the news about the planned NIST-sponsored hash function
competition. I'm glad to hear that it is in the works.
Yesterday I profiled my on-line data backup application [1] and
discovered that for certain operations one third of the time is spent in
SHA-1. For that reason,
Lance James wrote:
Full article at http: // blog.washingtonpost.com / securityfix /
happen to mention more than a year ago ... that it would be subject to
mitm-attacks ... recent comment on the subject
http://www.garlic.com/~lynn/aadsm24.htm#33 Threatwatch - 2-factor tokens
attacked by
Yep, the phishers finally started doing it. If it becomes a threat to them,
they will adapt.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Anne Lynn Wheeler
Sent: Tuesday, July 11, 2006 10:39 AM
To: cryptography@metzdowd.com
Subject: Re: Phishers
On Tue, Jul 11, 2006 at 01:02:27PM -0400, Leichter, Jerry wrote:
[...]
Business ultimately depends on trust. There's some study out there -
I don't recall a reference - that basically finds that the level of
trust is directly related to the level of economic success of an
economy. There are
Jerrold,
I can corroborate the quote in that much of SarbOx and
other recent regs very nearly have a guilty unless proven
innocent quality, that banks (especially) and others are
called upon to prove a negative: X {could,did} not happen.
California SB1386 roughly says the same thing: If you
Zooko writes:
By the way, the traditional practice of using a hash function as a
component of a MAC should, in my humble opinion, be retired in favor of
the Carter-Wegman alternative such as Poly-1305 AES [7].
This is a great topic where there are lots of pros and cons. The CW
MACs like
James Donald writes:
My understanding is that no actual vulnerabilities have
been found in Rijndael. What has been found are reasons
to suspect that vulnerabilities will be found.
Yes, I think that's correct on the theoretical side. I was also thinking
of some of the implementation issues
13 matches
Mail list logo
