Source for Skype Trojan released

It can “...intercept all audio data coming and going to the Skype process.” Proof of concept, but polished versions will surely follow. http://www.scmagazineus.com/Skype-snooping-trojan-detected/article/147537/ -- Jerry

Fwd: [Macgpg-users] GPGMail & Snow Leopard

...and now GPG. So, Snow Leopard is crypto-less? Cheers, RAH What? I shoulda said sans-crypto? --- Begin forwarded message: From: Benjamin Donnachie Date: August 28, 2009 7:44:09 PM GMT-04:00 To: "@lists.sourceforge.net macgpg-us...@lists.sourceforge.net" > Subject: Re: [Macgpg-user

Fwd: Important Information for PGP® Desktop Use rs Running Mac OS X

Heh... So, we gotta pay for the upgrade in order to use PGP on Snow Leopard? Whee. Cheers, RAH Begin forwarded message: From: "PGP Corporation" Date: August 28, 2009 6:18:09 PM GMT-04:00 To: r...@ibuc.com Subject: Important Information for PGP® Desktop Users Running Mac OS X Apple releas

"Defending Against Sensor-Sniffing Attacks on Mobile Phones"

http://conferences.sigcomm.org/sigcomm/2009/workshops/mobiheld/papers/p31.pdf ABSTRACT Modern mobile phones possess three types of capabilities: computing, communication, and sensing. While these capa- bilities enable a variety of novel applications, they also raise serious privacy concerns. We e

Practical attack on WPA?

http://jwis2009.nsysu.edu.tw/location/paper/A%20Practical%20Message%20Falsification%20Attack%20on%20WPA.pdf A Practical Message Falsification Attack on WPA Toshihiro Ohigashi and Masakatu Morii Abstract. In 2008, Beck and Tews have proposed a practical attack on WPA. Their attack (called the Beck

Re: [tahoe-dev] Bringing Tahoe ideas to HTTP

Michael Walsh wrote: > - Adding a HTTP header with this data but requires something like a > server module or output script. It also doesn't ugly up the URL (but > then again, we have url shortner services for manual typing). Ah, but see, that loses the security. If the URL doesn't contain the r

Re: [tahoe-dev] Bringing Tahoe ideas to HTTP

Hi Brian, all; I'm all for including merkle trees with HTTP GETs, two items that spring to mind: - Appending the location of the hash as you suggest in #hashtree=ROOTXYZ;http://otherplace which requires no changes to the webserver. - Adding a HTTP header with this data but requires something lik

Re: [tahoe-dev] a crypto puzzle about digital signatures and future compatibility

Zooko Wilcox-O'Hearn wrote: On Wednesday,2009-08-26, at 19:49 , Brian Warner wrote: Attack B is where Alice uploads a file, Bob gets the filecap and downloads it, Carol gets the same filecap and downloads it, and Carol desires to see the same file that Bob saw. ... The attackers (who may b

Cloud Security: Alice and Bob Go to Washington

Jon Callas, Tamzen Cannoy, Nicko van Someren Cloud Security: Alice and Bob Go to. Washington. Jon Callas, Tamzen Cannoy, Nicko van Someren. Tuesday, August 18, 2009 ...

Bringing Tahoe ideas to HTTP

[sent once to tahoe-dev, now copying to cryptography too, sorry for the duplicate] At lunch yesterday, Nathan mentioned that he is interested in seeing how Tahoe's ideas and techniques could trickle outwards and influence the design of other security systems. And I was complaining about how the F

Re: [tahoe-dev] a crypto puzzle about digital signatures and future compatibility

On Wednesday,2009-08-26, at 19:49 , Brian Warner wrote: Attack B is where Alice uploads a file, Bob gets the filecap and downloads it, Carol gets the same filecap and downloads it, and Carol desires to see the same file that Bob saw. ... The attackers (who may be Alice and/or other parties)

Re: SHA-1 and Git (was Re: [tahoe-dev] Tahoe-LAFS key management, part 2: Tahoe-LAFS is like encrypted git)

On Thu, Aug 27, 2009 at 11:30:08AM +1200, Peter Gutmann wrote: > > Thor Lancelot Simon writes: > > >the exercise of recovering from new horrible problems with SHA1 would be > >vastly simpler, easier, and far quicker > > What new horrible problems in SHA1 (as it's used in SSL/TLS)? What old > h

AES-GMAC as a hash

Ignoring performance for now what is the consensus on the suitabilty of using AES-GMAC not as MAC but as a hash ? Would it be safe ? The "key" input to AES-GMAC would be something well known to the data and/or software. The only reason I'm asking is assuming it can be made to perform on some