Public Peer Review requests!

InvisibleNet has formed the Invisible Internet Project (I2P) to support the efforts of those trying to build a more free society by offering them an uncensorable, anonymous, and secure communication system. I2P is a development effort producing a variable latency, fully distributed, autonomous,

Off-list request

u. -- Best Regards, Lance James Secure Science Corporation [Have Phishers stolen your customers' logins? Find out with DIA] https://slam.securescience.com/signup.cgi - it's free! - The Cryptography Mailing List Unsubscribe by

Re: Secure Science issues preview of their upcoming block cipher

Phishers stolen your customers' logins? Find out with DIA] | https://slam.securescience.com/signup.cgi - it's free! | -- Best Regards, Lance James Secure Science Corporation [Have Phishers stolen your customers' logins? Find out with DIA] https://slam.secur

Re: Secure Science issues preview of their upcoming block cipher

security of a block cipher? Lance James @ Secure Science Corporation writes: We will be proposing 2 hashes as well. Well, that is completely non-responsive to the point Adam made. You used the term "provably". Where is your proof? Did you understand the point Adam is making? In this field

Re: DES FIPS is finally withdrawn.

Perry E. Metzger wrote: At long last, the DES FIPSes are withdrawn: http://cryptome.org/nist051905.txt Any comments on the NSA SHA-2 patents? -- Best Regards, Lance James Secure Science Corporation www.securescience.com Author of 'Phishing Exposed' http://www.securescience.net/am

Re: Citibank discloses private information to improve security

n solution, with no additional privacy and security risk. Or is email becoming even more insecure, with our private information being more and more disclosed by those who should actually guard it, in the name of security? Cheers, Ed Gerck -- Best Regards, Lance James Secure Science Corporation w

Re: Citibank discloses private information to improve security

is private and static. The ATM's last-four is private and static too (unless you want the burden to change your card often). I agree on the privacy issue, your point is well taken there. Lance James wrote: But from your point, the codeword would be in the clear as well. Respectively sp

RE: AmEx unprotected login site

Protected or not, AmericanExpress.com has multiple web vulnerabilities - I wouldn't log into it with a ten-foot pole :) -Lance -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Perry E. Metzger Sent: Wednesday, June 08, 2005 12:16 PM To: Jerrold Leichter Cc

Re: WYTM - "but what if it was true?"

rrection: The secret service IS part of DHS. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] -- Best Regards, Lance James Secure Science Corporation www.se

Re: Some companies are just asking for it.

quot;The Internet for Dummies", Information Superhighwayman wanna-be, http://www.johnlevine.com, Mayor "I dropped the toothpaste", said Tom, crestfallenly. ----- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PRO

Re: Some companies are just asking for it.

s well, unfortunately what I can vouch for is covered under NDA - but I can tell you they are very serious about addressing security - mind you, no one is perfect. -- Best Regards, Lance James Secure Science Corporation www.securescience.net Author of 'Phishing Exposed' http://www.s

Feature or Flaw?

o one is the wiser without heavy inspection of the source code. Feature, or flaw? -- Best Regards, Lance James Secure Science Corporation www.securescience.net Author of 'Phishing Exposed' http://www.securescience.net/amazon/ Find out how malware is affecting your company: Get a

Re: Feature or Flaw?

Amir Herzberg wrote: Lance James wrote: ... > https://slam.securescience.com/threats/mixed.html This site is set so that there is a frame of https://www.bankone.com inside my https://slam.securescience.com/threats/mixed.html site. The imaginative part is that you may have to reverse

Re: Feature or Flaw?

Florian Weimer wrote: * Lance James: Feature, or flaw? Couldn't you just copy (or proxy all content) and get the same effect without using frames at all? How would you go about doing that and still get the SSL Lock to remain as the banks? Can you give an example? Mayb

Re: Feature or Flaw?

Florian Weimer wrote: * Lance James: Couldn't you just copy (or proxy all content) and get the same effect without using frames at all? How would you go about doing that and still get the SSL Lock to remain as the banks? Can you give an example? In both cases, you

Re: Feature or Flaw?

Amir Herzberg wrote: Lance James wrote: ... > https://slam.securescience.com/threats/mixed.html This site is set so that there is a frame of https://www.bankone.com inside my https://slam.securescience.com/threats/mixed.html site. The imaginative part is that you may have to reverse

Re: Feature or Flaw?

Florian Weimer wrote: * Lance James: And as stated above, reverse the effect and it would be the banks in scenarios such as XSS. In case of XSS or CSRF, you have lost anyway. The web was not designed as a presentation service for transaction processing, especially if the

Re: [Anti-fraud] Re: Feature or Flaw?

Amir Herzberg wrote: Lance James wrote: Amir Herzberg wrote: Lance James wrote: ... > https://slam.securescience.com/threats/mixed.html This site is set so that there is a frame of https://www.bankone.com inside my https://slam.securescience.com/threats/mixed.html site.

Re: the limits of crypto and authentication

st Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] -- Best Regards, Lance James Secure Science Corporation www.securescience.net Author of 'Phishing Exposed' http://www.securescience.net/amazon/ Find out how malware is affecting your company: Get a DIA

Re: Why Blockbuster looks at your ID.

se the name was the same on the visa card used. -Lance -- Best Regards, Lance James Secure Science Corporation www.securescience.net Author of 'Phishing Exposed' http://www.securescience.net/amazon/ Find out how malware is affecting your company: Get a DIA account toda

Re: New Credit Card Scam (fwd)

so if you get a call that sounds fishy, just tell them you'll call them back at the number on your card. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] -- Best Regards, Lance James Sec

Re: New Credit Card Scam (fwd)

Jason Holt wrote: On Mon, 11 Jul 2005, Lance James wrote: [...] place to fend off these attacks. Soon phishers will just use the site itself to phish users, pushing away the dependency on tricking the user with a "spoofed" or "mirrored" site. [...] You dismiss too

Diebold - might be of interest

Hi all, I don't know if this is appropriate on this list, but I know that diebold voting systems have been an issue in the cryptography community for a while now. Having said that, I'm pasting an article that I received (from my parents actually) that might be of interest to this group. If it

Re: Kama Sutra Spoofs Digital Certificates

> > >- >The Cryptography Mailing List >Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] > > > > -- Best Regards, Lance James Secure Science Corporation www.

Re: Status of SRP

uld be a weakness here because the user knows it, and in phishing, if the user knows it, the user is vulnerable. My 2 cents. > > - > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography&quo

Re: Status of SRP

Lance James wrote: > James A. Donald wrote: > >> The obvious solution to the phishing crisis is the widespread >> deployment of SRP, but this does not seem to happening. SASL-SRP was >> recently dropped. What is the problem? >> > > I want to clarify

Re: Status of SRP

r SRP account to working order". Surprisingly, many would fall for this. My 2 cents. -Lance James A. Donald wrote: > -- > James A. Donald wrote: > > > The obvious solution to the phishing crisis is the > > > widespread deployment of SRP > > Lance James > &

Phishers Defeat 2-Factor Auth

Full article at http: // blog.washingtonpost.com / securityfix / Citibank Phish Spoofs 2-Factor Authentication Security experts have long touted the need for financial Web sites to move beyond mere passwords and implement so-called "two-factor authentication" -- the second factor being something

Phishers Defeat 2-Factor Auth

http://blog.washingtonpost.com/securityfix/2006/07/citibank_phish_spoofs_2fa ctor_1.html Thought this might interest some. -Lance James - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptograph

RE: Phishers Defeat 2-Factor Auth

hers Defeat 2-Factor Auth Lance James wrote: > Full article at http: // blog.washingtonpost.com / securityfix / happen to mention more than a year ago ... that it would be subject to mitm-attacks ... recent comment on the subject http://www.garlic.com/~lynn/aadsm24.htm#33 Threatwatch - 2-factor

Re: RSA SecurID SID800 Token vulnerable by design

ther weaker than > each single one. > > regards > Hadmut > > ----- > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] > -- Best Regards, La

Re: RSA SecurID SID800 Token vulnerable by design

Hadmut Danisch wrote: > Hi Lance, > > On Fri, Sep 08, 2006 at 10:26:45AM -0700, Lance James wrote: >> Another problem from what I see with Malware that steals data is the >> formgrabbing and "on event" logging of data. Malware can detect if >> SecureID i

Re: [Cryptography] Opening Discussion: Speculation on "BULLRUN"

iermont.com > ___ > The cryptography mailing list > cryptography@metzdowd.com > http://www.metzdowd.com/mailman/listinfo/cryptography > -- Lance James http://soundcloud.com/lancejames Office: 760-262-4141 l an...@gmail.com _