InvisibleNet has formed the Invisible Internet Project (I2P) to support
the efforts of those trying to build a more free society by offering
them an uncensorable, anonymous, and secure communication system. I2P
is a development effort producing a variable latency, fully distributed,
autonomous,
u.
--
Best Regards,
Lance James
Secure Science Corporation
[Have Phishers stolen your customers' logins? Find out with DIA]
https://slam.securescience.com/signup.cgi - it's free!
-
The Cryptography Mailing List
Unsubscribe by
Phishers stolen your customers' logins? Find out with DIA]
| https://slam.securescience.com/signup.cgi - it's free!
|
--
Best Regards,
Lance James
Secure Science Corporation
[Have Phishers stolen your customers' logins? Find out with DIA]
https://slam.secur
security of a block cipher?
Lance James @ Secure Science Corporation writes:
We will be proposing 2 hashes as well.
Well, that is completely non-responsive to the point Adam made.
You used the term "provably". Where is your proof?
Did you understand the point Adam is making? In this field
Perry E. Metzger wrote:
At long last, the DES FIPSes are withdrawn:
http://cryptome.org/nist051905.txt
Any comments on the NSA SHA-2 patents?
--
Best Regards,
Lance James
Secure Science Corporation
www.securescience.com
Author of 'Phishing Exposed'
http://www.securescience.net/am
n solution, with no additional privacy and security risk.
Or is email becoming even more insecure, with our private information
being more and more disclosed by those who should actually guard it,
in the name of security?
Cheers,
Ed Gerck
--
Best Regards,
Lance James
Secure Science Corporation
w
is private and static. The ATM's last-four is private and static too
(unless
you want the burden to change your card often).
I agree on the privacy issue, your point is well taken there.
Lance James wrote:
But from your point, the codeword would be in the clear as well.
Respectively sp
Protected or not, AmericanExpress.com has multiple web vulnerabilities -
I wouldn't log into it with a ten-foot pole :)
-Lance
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Perry E. Metzger
Sent: Wednesday, June 08, 2005 12:16 PM
To: Jerrold Leichter
Cc
rrection: The secret service IS part of DHS.
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
--
Best Regards,
Lance James
Secure Science Corporation
www.se
quot;The Internet for
Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, Mayor
"I dropped the toothpaste", said Tom, crestfallenly.
-----
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PRO
s well, unfortunately what I can vouch for is
covered under NDA - but I can tell you they are very serious about
addressing security - mind you, no one is perfect.
--
Best Regards,
Lance James
Secure Science Corporation
www.securescience.net
Author of 'Phishing Exposed'
http://www.s
o one is the wiser without heavy inspection
of the source code.
Feature, or flaw?
--
Best Regards,
Lance James
Secure Science Corporation
www.securescience.net
Author of 'Phishing Exposed'
http://www.securescience.net/amazon/
Find out how malware is affecting your company: Get a
Amir Herzberg wrote:
Lance James wrote:
...
> https://slam.securescience.com/threats/mixed.html
This site is set so that there is a frame of https://www.bankone.com
inside my https://slam.securescience.com/threats/mixed.html site. The
imaginative part is that you may have to reverse
Florian Weimer wrote:
* Lance James:
Feature, or flaw?
Couldn't you just copy (or proxy all content) and get the same effect
without using frames at all?
How would you go about doing that and still get the SSL Lock to remain
as the banks? Can you give an example?
Mayb
Florian Weimer wrote:
* Lance James:
Couldn't you just copy (or proxy all content) and get the same effect
without using frames at all?
How would you go about doing that and still get the SSL Lock to remain
as the banks? Can you give an example?
In both cases, you
Amir Herzberg wrote:
Lance James wrote:
...
> https://slam.securescience.com/threats/mixed.html
This site is set so that there is a frame of https://www.bankone.com
inside my https://slam.securescience.com/threats/mixed.html site. The
imaginative part is that you may have to reverse
Florian Weimer wrote:
* Lance James:
And as stated above, reverse the effect and it would be the banks in
scenarios such as XSS.
In case of XSS or CSRF, you have lost anyway. The web was not
designed as a presentation service for transaction processing,
especially if the
Amir Herzberg wrote:
Lance James wrote:
Amir Herzberg wrote:
Lance James wrote:
...
> https://slam.securescience.com/threats/mixed.html
This site is set so that there is a frame of
https://www.bankone.com inside my
https://slam.securescience.com/threats/mixed.html site.
st
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
--
Best Regards,
Lance James
Secure Science Corporation
www.securescience.net
Author of 'Phishing Exposed'
http://www.securescience.net/amazon/
Find out how malware is affecting your company: Get a DIA
se the name was the same on the visa card used.
-Lance
--
Best Regards,
Lance James
Secure Science Corporation
www.securescience.net
Author of 'Phishing Exposed'
http://www.securescience.net/amazon/
Find out how malware is affecting your company: Get a DIA account toda
so if you get a call that sounds fishy, just tell them you'll
call
them back at the number on your card.
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to
[EMAIL PROTECTED]
--
Best Regards,
Lance James
Sec
Jason Holt wrote:
On Mon, 11 Jul 2005, Lance James wrote:
[...]
place to fend off these attacks. Soon phishers will just use the site
itself to phish users, pushing away the dependency on tricking the
user with a "spoofed" or "mirrored" site.
[...]
You dismiss too
Hi all,
I don't know if this is appropriate on this list, but I know that
diebold voting systems have been an issue in the cryptography community
for a while now. Having said that, I'm pasting an article that I
received (from my parents actually) that might be of interest to this
group. If it
>
>
>-
>The Cryptography Mailing List
>Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
>
>
>
>
--
Best Regards,
Lance James
Secure Science Corporation
www.
uld be a weakness here because the user knows it, and in phishing,
if the user knows it, the user is vulnerable.
My 2 cents.
>
> -
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography&quo
Lance James wrote:
> James A. Donald wrote:
>
>> The obvious solution to the phishing crisis is the widespread
>> deployment of SRP, but this does not seem to happening. SASL-SRP was
>> recently dropped. What is the problem?
>>
>
>
I want to clarify
r SRP account to working order".
Surprisingly, many would fall for this.
My 2 cents.
-Lance
James A. Donald wrote:
> --
> James A. Donald wrote:
> > > The obvious solution to the phishing crisis is the
> > > widespread deployment of SRP
>
> Lance James
> &
Full article at http: // blog.washingtonpost.com / securityfix /
Citibank Phish Spoofs 2-Factor Authentication
Security experts have long touted the need for financial Web sites to move
beyond mere passwords and implement so-called "two-factor authentication" --
the second factor being something
http://blog.washingtonpost.com/securityfix/2006/07/citibank_phish_spoofs_2fa
ctor_1.html
Thought this might interest some.
-Lance James
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptograph
hers Defeat 2-Factor Auth
Lance James wrote:
> Full article at http: // blog.washingtonpost.com / securityfix /
happen to mention more than a year ago ... that it would be subject to
mitm-attacks ... recent comment on the subject
http://www.garlic.com/~lynn/aadsm24.htm#33 Threatwatch - 2-factor
ther weaker than
> each single one.
>
> regards
> Hadmut
>
> -----
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
>
--
Best Regards,
La
Hadmut Danisch wrote:
> Hi Lance,
>
> On Fri, Sep 08, 2006 at 10:26:45AM -0700, Lance James wrote:
>> Another problem from what I see with Malware that steals data is the
>> formgrabbing and "on event" logging of data. Malware can detect if
>> SecureID i
iermont.com
> ___
> The cryptography mailing list
> cryptography@metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
>
--
Lance James
http://soundcloud.com/lancejames
Office: 760-262-4141
l an...@gmail.com
_
33 matches
Mail list logo