[Moderator's note: Top posting is considered untasteful. --Perry]
It doesn't need to be malicious. It depends on the situation.
For example, lots of corporations do SSL session inspection using
products like Bluecoat. The Bluecoat does a MiTM attack to expose the
plaintext for analysis, and exp
> The impressively well-engineered
> resistance of DES to differential cryptanalysis (apparently called the
> "tickle attack" on the inside years before Biham and Shamir's result)
That was IBM's name for DC; it wasn't the NSA's name.
In the late 90's I asked a DSD (Australian NSA) officer what th
I've been having this problem for years (my mother's maiden name is,
indeed, four characters long). It's often rejected as too short, yet
I'm forced to enter it. I do the workaround of entering it twice, but
then have to remember which sites I applied this hack for.
It's a typical dumb programme
In my experience of doing security evaluations for large financial
institutions in AsiaPac, I suspect the biggest problem you'll face in
doing this is hubris from the app developers. I don't know why, but
these guys so often have a problem taking advice, at least in my
experience (which now covers
When I looked at this circa 2001-2002, for another company, other 27MHz
keyboards didn't even bother to encrypt. Most of the data was sent in
the clear, with neither encryption nor robust authentication.
Exactly what makes this problem so difficult eludes me, although one
suspects that the savage
ROTFL.
When SGI's "stealth" DES Challenge project was underway in 1997, it's main
client ran on the host's (MIPS) CPU(s), implemented
with a variant of Eli Biham's bit-slice DES implementation. The 64-bit 195MHz
R1 could do 2.5M keys/sec. I was
peripherally involved in the project.
One of
> 2. E2E crypto on mobiles would require cross-vendor support, which would mean
> that it
> would have to go into the standard. Unfortunately, standards in the mobile
> world are
> heavily influenced by governmnets, and the four horsemen of the apocalypse
> (drug
> dealers, paedophiles, spies,
Dave Korn wrote:
> Ian Farquhar wrote:
>> Maybe I am showing my eternal optimist side here, but to me, this is
>> how TPM's should be used, as opposed to the way their backers
>> originally wanted them used. A removable module whose connection to a
>> device I
> It seems odd for the TPM of all devices to be put on a pluggable module as
> shown here. The whole point of the chip is to be bound tightly to the
> motherboard and to observe the boot and initial program load sequence.
Maybe I am showing my eternal optimist side here, but to me, this is how
I agree with Peter here. I also tried to procure a motherboard with a TPM chip
- to play with Bitlocker mostly - and came to
the same conclusion.
I did find a few MBs, mostly from Intel, and a couple of other vendors. All of
these were corporate-style MB's, as opposed to
the gamer/enthusiast s
On Thu, May 03, 2007 at 10:25:34AM -0700, Steve Schear wrote:
> Well, there's an idea: use different physical media formats for entertainment
> and non-
> entertainment content (meaning, content created by MPAA members vs. not) and
> don't sell
> writable media nor devices capable of writing it f
Some of the locks have special indicators which flag that a TSA key has opened
it, which marginally improves the idea, but not
by much. Whether those flags could represent a defence in the case of a
corrupt official in possession of TSA keys I do not
know.
Without such flags, it's an INCREDIBLY
The other problem for this technique is battery life.
Let's assume we can shove a firmware update/hack/whatever into the phone to
enable snooping, it's still transmitting when acting
as a bug. Even if this feature is only enabled when the phone is geolocated
somewhere "interesting", the reducti
At 09:30 PM 2/11/2004, Peter Gutmann wrote:
The JTAG interface is your (that is, the reverse engineer's) friend. This is
why some security devices let you disconnect it using a security-fuse type
mechanism before you ship your product. Of course that only works if (a) the
device allows it, (b) yo
At 05:43 AM 21/09/2004, Hal Finney wrote:
I believe this is a MAC, despite the name. It seems to be easier to
create secure MACs than secure hash functions, perhaps because there are
no secrets in a hash, while in a MAC there is a secret key that makes
the attacker's job harder.
Interestingly, a c
15 matches
Mail list logo
