and they don't realize that the state of the art
has already shifted under their feet.
Arshad Noor
StrongAuth, Inc.
- Original Message -
From: Steven M. Bellovin [EMAIL PROTECTED]
On Mon, 18 Jun 2007 22:57:36 -0700
Ali, Saqib [EMAIL PROTECTED] wrote:
US Government has select 9 security vendors
the area that matters most - the actual
applications that use sensitive data.
Arshad Noor
StrongAuth, Inc.
- Original Message -
From: Saqib Ali [EMAIL PROTECTED]
To: Arshad Noor [EMAIL PROTECTED]
Cc: Cryptography cryptography@metzdowd.com
Sent: Monday, October 8, 2007 11:52:28 AM (GMT
A reminder of the Enterise Key Management Infrastructure (EKMI)
Workshop on November 15th in San Francisco. Thanks.
Arshad Noor
StrongAuth, Inc.
Original Message
Subject: ISACA to Host an Enterprise Key Management Infrastructure Workshop
Date: Sun, 21 Oct 2007 21:49:40 -0700
) or contact me privately for an alternative solution.
Arshad Noor
StrongAuth, Inc.
[EMAIL PROTECTED] wrote:
So... supposing I was going to design a crypto library for use within
a financial organization, which mostly deals with credit card numbers
and bank accounts, and wanted to create an API
I think you would be doing the crypto community a huge public
service by publishing the ~4 page section, Ian. Personally,
I prefer your 3-sentence disclaimer. :-)
Arshad Noor
StrongAuth, Inc.
Ian Farquhar (ifarquha) wrote:
I personally have a boilerplate risk disclosure section
which
The usual excuse, Dan: ignorance.
Those of us who know how companies maintain the security
of their systems minimize the use of, or eschew, such
sites. We also always ask for an Absentee (paper) ballot
in places where electronic voting is the only choice at
the polling booth.
Arshad Noor
- going on just gut feel - resulting in situations
like at Societe' Generale.
Arshad Noor
StrongAuth, Inc.
Jon Callas wrote:
On Feb 4, 2008, at 1:55 PM, Arshad Noor wrote:
Do business people get it? Do security professionals get it?
Apparently not.
Arshad Noor
StrongAuth, Inc.
Huge losses
is scheduled to be held
in Baltimore, MD this fall, that should be of interest to
people in this forum:
http://www.keymanagementsummit.com/2008/
Arshad Noor
StrongAuth, Inc.
[EMAIL PROTECTED] wrote:
I've got two presentations I've given on encrypted storage technologies here:
http
the conference are available at:
http://middleware.internet2.edu/idtrust/2008/program.html
Arshad Noor
StrongAuth, Inc.
Philipp Gühring wrote:
Hi,
QUESTION: Does anybody knows about the existence of a
security research in area of grading the easiness to
steel biometric data.
There are several
Fascinating!
This may be the first phishing e-mail I've seen that uses
a message related to digital certificates for attacking the
client; I am not a customer of Comerica.
Has anyone else seen this before?
Arshad Noor
StrongAuth, Inc.
Original Message
Subject:Secure
Had to remove the link so it would get past the spam-filters;
apologies if you see multiple postings.
Arshad Noor wrote:
Fascinating!
This may be the first phishing e-mail I've seen that uses
a message related to digital certificates for attacking the
client; I am not a customer of Comerica
the Blackberry encryption protocol work like S/MIME?
Arshad Noor
StrongAuth, Inc.
- Original Message -
From: Derek Atkins [EMAIL PROTECTED]
To: Perry E. Metzger [EMAIL PROTECTED]
Cc: cryptography@metzdowd.com
Sent: Tuesday, May 27, 2008 8:54:12 AM (GMT-0800) America/Los_Angeles
Subject
FYI.
- Forwarded Message -
From: Matt Ball [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, May 28, 2008 1:37:18 PM (GMT-0800) America/Los_Angeles
Subject: [P1619-3] Last reminder: Call for Speakers and Sponsors for the 2008
Key Management Summit Ends This Friday
(Please forward
? (And, if they are, how are the 3DES keys
agreed upon? Doesn't that imply public/private key-pairs or a
master-key?)
Arshad Noor
StrongAuth, Inc.
- Original Message -
From: Victor Duchovni [EMAIL PROTECTED]
Cc: cryptography@metzdowd.com
Sent: Friday, May 30, 2008 10:41:10 AM (GMT-0800) America
David learned of the RC4 algorithm?
Arshad Noor
StrongAuth, Inc.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
understood by most people on this forum, until
we educate the gate-keepers, we have failed in our jobs to secure IT
infrastructure.
Arshad Noor
StrongAuth, Inc.
Allen wrote:
Hi gang,
All quiet on the cryptography front lately, I see. However, that does
not prevent practices that *appear* like
preferred simpler - but strong - technical solutions, have my instincts
been wrong all along? TIA.
Arshad Noor
StrongAuth, Inc.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
- is that it is necessary to use a combination
of strong technology and procedures for effective security. Relying
on just one component alone can lead to a breakdown in security (as
my experience has shown me).
Arshad Noor
StrongAuth, Inc
the OASIS community that there be support for algorithms that are not
in XMLEnc, the Technical Committee will discuss and vote on it.
Arshad Noor
StrongAuth, Inc.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe
Florian Weimer wrote:
* Arshad Noor:
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=208800937
On a more serious note, I think the criticism probably refers to the
fact that SKSML does not cryptopgrahically enforce proper key
management. If a participant turns bad
Ben Laurie wrote:
Arshad Noor wrote:
I may be a little naive, but can a protocol itself enforce proper
key-management? I can certainly see it facilitating the required
discipline, but I can't see how a protocol alone can enforce it.
I find the question difficult to understand. Before I
technology components, polices and practices. But you still have to
make the choice.
Arshad Noor
StrongAuth, Inc.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
:
http://www.strongkey.org.
Looking forward to this groups' comments. Thank you.
Arshad Noor
StrongAuth, Inc.
- Forwarded Message -
From: Mary McRae [EMAIL PROTECTED]
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Cc: ekmi [EMAIL PROTECTED]
Sent: Thursday, July 24, 2008 7:04:49 PM (GMT-0800
the central key-management server.
Arshad Noor
StrongAuth, Inc.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
require that the Symmetric Key Client Library (SKCL) have connected
to the Symmetric Key Services (SKS) server at least once before it
can use this capability.
Arshad Noor
StrongAuth, Inc.
-
The Cryptography Mailing List
that I cannot please everyone in any
audience, and must therefore, do/say what what I believe is right for
my customers. Only time will tell if I got it right - temporarily.
Arshad Noor
StrongAuth, Inc.
-
The Cryptography Mailing
-management. Those
precise three groups of people - and now, including security and
compliance officers - are slowly starting to discover that for themselves.
Arshad Noor
StrongAuth, Inc.
-
The Cryptography Mailing List
Unsubscribe
, for 20+ years I've always seen
Kerberos as a network-authentication protocol and perhaps it is my
failing that I couldn't see the possibility of using a flat-head
screwdriver in a Philips-head screw.
Arshad Noor
StrongAuth, Inc
FYI.
Original Message
Subject:[P1619-3] Early Registration Deadline for KMS 2008 Extended to
August 31, 2008
Date: Sat, 16 Aug 2008 18:18:54 -0600
From: Matt Ball [EMAIL PROTECTED]
Reply-To: Matt Ball [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
To give
/pci_dss_download.html
http://www.owasp.org/index.php/Top_10_2007
Arshad Noor
StrongAuth, Inc.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Darren Lasko wrote:
Arshad Noor wrote:
6.5 Develop all web applications based on secure coding guidelines
such as the Open Web Application Security Project guidelines
Isn't this vulnerability already in the Top 10, specifically A7 - Broken
Authentication and Session Management (
http
Computer keyboards are often used to transmit sensitive information such as
username/password (e.g. to log into computers, to do e-banking money transfer,
etc.). A vulnerability on these devices will definitely kill the security of
any computer or ATM.
http://lasecwww.epfl.ch/keyboard/
Arshad
/irweblinkx/file.aspx?IID=4094417FID=7249269
Arshad Noor
StrongAuth, Inc.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
FYI.
Original Message
Subject: New W3C XML Security Specifications
Date: Fri, 27 Feb 2009 14:10:04 -0500
From: Sean Mullan sean.mul...@sun.com
Reply-To: security-...@xml.apache.org
To: security-...@xml.apache.org
The W3C XML Security Working Group has just released 7 first
and no possibility of someone writing out plaintext when comparing
decrypted objects.
Am I missing something?
Arshad Noor
StrongAuth, Inc.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord
(or anyone on this forum) know of technology that allows the
application to gain access to the crypto-hardware after an unattended
reboot - but can prevent an attacker from gaining access to those keys
after compromising a legitimate ID on the machine - I'd welcome hearing
about it. TIA.
Arshad Noor
are involved?
Arshad Noor
StrongAuth, Inc.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
.
http://www.legislation.gov.uk/ukpga/2000/23/section/53
Arshad Noor
StrongAuth, Inc.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
38 matches
Mail list logo
