Re: fyi: Storm Worm botnet numbers, via Microsoft

not a statistician) that if one could get a set of articles wrt Storm extent that say at least something to substantiate how they arrived at the numbers, and then do some back-of-the-envelope calcs, we'd have a better idea of what's going on, at least here in the public domain. I

Re: fyi: Storm Worm botnet numbers, via Microsoft

, > stats, and graphs will be presented. To the best of my knowledge, it will be > the first publicly released estimates of the size of the network with actual > supporting data and evidence. are your slides now available? =JeffH

fyi: Report on Workshop on Next Steps for XML Signature and XML Encryption

#x27;s xmldsig critique: <http://www.cs.auckland.ac.nz/~pgut001/pubs/xmlsec.txt>. As the report described below indicates, there's an effort emerging to charter a W3C working group to rev the xmldsig spec, which might be of interest to various folk. =JeffH Original

fyi: Colossus in action

"BP" being Bletchley Park of course. http://www.bletchleypark.org.uk/ =JeffH From: "David Hansen" <[EMAIL PROTECTED]> Subject: Colossus in action To: [EMAIL PROTECTED] Organization: Spidacom Limited Just in case anyone is as ill informed as me, I was

fyi: Adi Shamir's microprocessor bug attack

From: John Young <[EMAIL PROTECTED]> Subject: Adi Shamir's microprocessor bug attack To: [EMAIL PROTECTED] Date: Sat, 17 Nov 2007 09:50:31 -0500 (GMT-05:00) Adi Shamir's note on a microprocessor bug attack on public key cryptography featured in the NY Times today: http://cryptome.org/bug-attack

Ross Anderson: Searching For Evil

Of possible interest... =JeffH Ross Anderson: Searching For Evil http://youtube.com/watch?v=7WlHhZUayUw Google Tech Talks August 23, 2007 ABSTRACT Computer security has recently imported a lot of ideas from economics, psychology and sociology, leading to fresh insights and new tools. I will

2008: The year of hack the vote?

2008: The year of hack the vote? http://blogs.zdnet.com/security/?p=753 December 17th, 2007 Posted by Larry Dignan @ 2:12 am The state of Ohio has released a comprehensive study of voting machine security and the report will have you longing for paper. A 334-page PDF report http://www.sos.stat

Storm, Nugache lead dangerous new botnet barrage

Storm, Nugache lead dangerous new botnet barrage By Dennis Fisher, Executive Editor 19 Dec 2007 | SearchSecurity.com In early 2006, Dave Dittrich, a seni

Responsible Behavior [Key Signing]

Responsible Behavior [Key Signing] http://www.xkcd.com/364/ =JeffH - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Foibles of user "security" questions

of possible relevance... Mike Just. "Designing and Evaluating Challenge-Question Systems". IEEE SECURITY & PRIVACY, 1540-7993/04, SEPTEMBER/OCTOBER 2004. =JeffH - The Cryptography Mailing List Unsubscr

fyi: independent contactless card e-money scheme called sQuid (UK)

independent contactless card e-money scheme called sQuid (UK) squidcard.com From:Peter Tomlinson <[EMAIL PROTECTED]> Subject: Re: Fwd: ID Stronghold To: [EMAIL PROTECTED] Date:Mon, 28 Jan 2008 16:02:51 + Roland Perry wrote: > In article <[EMAIL PROTECTED]>, Peter Tomlinson > <[

questions on RFC2631 and DH key agreement

rify the correctness of { p, q, g, j } ("group parameter validation"), is there any reason to send q ? thanks, =JeffH - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: questions on RFC2631 and DH key agreement

ed in the tradition here, but it perhaps isn't to outsiders (i have a foot in both worlds). thanks, =JeffH - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: questions on RFC2631 and DH key agreement

Oh, yeah, sorry, your diagram (or whoever drew it) does in fact answer my second question wrt what one needs to send over the wire wrt a simplistic DH profile. Just g, p, and a public key (y). thanks again, =JeffH - The

Re: questions on RFC2631 and DH key agreement

ionally there's the previously noted issue with the values of static private keys slowly leaking. thanks again, =JeffH - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: questions on RFC2631 and DH key agreement

Ok thanks, I'm going to risk pedanticism in order to nail things down a bit more rigorously.. ' =JeffH ' <[EMAIL PROTECTED]> writes: >>[EMAIL PROTECTED] said: >> http://www.xml-dev.com/blog/index.php?action=viewtopic&id=196 >> >>thanks, but that d

Re: questions on RFC2631 and DH key agreement

ny number of viewable sets to determine the unknown private key. Are you saying here that if p (and g) are static, then one has some opportunity to brute-force guess the private key that some long-running instance is using, if it doesn't otherwise re-allocate said private key from time to time? thanks again, =JeffH - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: questions on RFC2631 and DH key agreement

saying that if p and g do not change, then there is no > additional leakage of the private key beyond what Eve can compute anyway. ok, gotcha. thanks again, =JeffH - The Cryptography Mailing List Unsubscribe by sending &quo

Re: questions on RFC2631 and DH key agreement

5CEA7 4B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F0 5BDFF16F2FB22C583AB =JeffH - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: questions on RFC2631 and DH key agreement

sooner. And if a public effort can accomplish it > in a few years, conservatively we should assume that well funded secret > efforts could already succeed today. Yep. thanks again, =JeffH - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: questions on RFC2631 and DH key agreement

door open compliance-wise, but that's a different issue] thanks, =JeffH - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

fyi: Encrypted laptop poses legal dilemma

From:[EMAIL PROTECTED] (Dewayne Hendricks) Subject: [Dewayne-Net] Encrypted laptop poses legal dilemma To: Dewayne-Net Technology List <[EMAIL PROTECTED]> Date:Thu, 07 Feb 2008 15:38:22 -0800 [Note: This item comes from reader Randall. DLH] From: Randall <[EMAIL PROTECTED]> Date:

Re: questions on RFC2631 and DH key agreement

nvolve the use of random > numbers. An appropriate entropy source should be used to generate > these numbers (see [RFC4086]). > > Not all that different in thrust than the spec you are looking at. agreed, thanks again. =JeffH - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

wrt Cold Boot Attacks on Disk Encryption

From:David Farber <[EMAIL PROTECTED]> Subject: [IP] Cold Boot Attacks on Disk Encryption -- report on To: "ip" <[EMAIL PROTECTED]> Date:Thu, 21 Feb 2008 16:25:43 -0500 Begin forwarded message: From: Declan McCullagh <[EMAIL PROTECTED]> Date: February 21, 2008 3:57:43 PM EST To:

fyi: Traitor Tracing for Anonymous Attack in AACS Content Protection

From:"Adam Barth" <[EMAIL PROTECTED]> Subject: TOMORROW 3 Jun - Hongxia Jin - Traitor Tracing for Anonymous Attack in AACS Content Protection To: [EMAIL PROTECTED] Date:Mon, 02 Jun 2008 18:48:48 -0700 Title: Traitor Tracing for Anonymous Attack in AACS Content Protection

fyi: Researchers Hack Biometric Faces

apropos to the biometrics essay in the Jan 2009 crypto-gram: Researchers Hack Biometric Faces slashdot.org/palm/18/09/02/17/216216_1.shtml from the face-off dept. posted by kdawson on 2009-02-18 01:35:00 yahoi sends in news from a week or so back: "Vietnamese researchers have cracked the facia

fyi: Accelerating computation with FPGAs

of possible (topical) interest... Stanford EE Computer Systems Colloquium 4:15PM, Wednesday, May 13, 2009 HP Auditorium, Gates Computer Science Building B01 http://ee380.stanford.edu[1] Topic:Accelerating computation with FPGAs

TLS/SSL Survey (Ristic/Qualsys) (was: Re: A mighty fortress is our PKI)

Internet SSL Survey 2010 is here! (blog post) http://blog.ivanristic.com/2010/07/internet-ssl-survey-2010-is-here.html Actual report: Qualys Internet SSL Survey 2010 v1.6 (PDF, 3.2 MB) http://blog.ivanristic.com/Qualys_SSL_Labs-State_of_SSL_2010-v1.6.pdf =JeffH

towards https everywhere and strict transport security (was: Has there been a change in US banking regulations recently?)

. Indeed. WRT to this plethora of web attack vectors, the present patchwork quilt of remedies, and thoughts on how to go about more holistically approaching the issues, please see.. The Need for Coherent Web Security Policy Framework(s) http://w2spconf.com/2010/papers/p11.pdf HTH, =JeffH

Re: towards https everywhere and strict transport security (was: Has there been a change in US banking regulations recently?)

.org/html/draft-agl-tls-snapstart Note that the motivation for draft-agl-tls-nextprotoneg is so-called websockets, which are being worked on in the IETF HYBI (hypertext bidirectional) WG http://datatracker.ietf.org/wg/hybi/ =JeffH --

Overclocking TLS/SSL (was: towards https everywhere and strict transport security)

r to have (yet) the experimental results you're curious about. =JeffH - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

'Padding Oracle' Crypto Attack Affects Millions of ASP.NET Apps

practical "Padding Oracle Attacks" (cf travis' msg "padding attack vs. PKCS7" of Thu, 11 Jun 2009 11:37:16 -0500)... 'Padding Oracle' Crypto Attack Affects Millions of ASP.NET Apps by Dennis Fisher Septem

Wrong Direction on Privacy - using NSLs to obtain communication transactional information

another facet of The Administration's "We Hear You" efforts.. Wrong Direction on Privacy Susan Landau 2-Aug-2010 http://www.huffingtonpost.com/susan-landau/wrong-direction-on-privac_b_666915.html The White House wants to make it easier for the FBI to get at your email and web browsing records