Travis H. wrote:
So I was reading this:
http://en.wikipedia.org/wiki/Merkle-Damgard
It seems to me the length-extension attack (given one collision, it's
easy to create others) is not the only one, though it's obviously a
big concern to those who rely on it.
This attack thanks to Schneier:
If
resent) in Columbia univ. this Friday and in IBM Watson on
next Tuesday - so if any of you are around, I'll love to see you.
--
Best regards,
Amir Herzberg
Associate Professor
Department of Computer Science
Bar Ilan University
http://AmirHerzberg.com
Try TrustBar - improved browser security U
stBar/index.html#download
Feedback will be most welcome!
--
Best regards,
Amir Herzberg
Associate Professor
Department of Computer Science
Bar Ilan University
http://AmirHerzberg.com
Try TrustBar - improved browser security UI:
http://AmirHerzberg.com/TrustBar
Visit my Hall Of Shame of Unprotected Login
x27;m currently working closely with my hosting company,
Sitelutions, to bring the site back online as soon as possible. More
news soon.
--
Best regards,
Amir Herzberg
Associate Professor
Department of Computer Science
Bar Ilan University
http://AmirHerzberg.com
Try TrustBar - improved browser securi
, Opera, KDE) where they agreed
to adopt these ideas
http://AmirHerzberg.com/TrustBar - my page for info and downloads of
TrustBar... TrustBar is a public domain, open source project.
--
Best regards,
Amir Herzberg
Associate Professor
Department of Computer Science
Bar Ilan University
http
warning of their unprotected login and
the fact I'm going to add them to `hall of shame`) by legal threats.
Typical case of `pay lawyers a lot, to avoid doing things right`.
4. One company sent me coupons for free trades. Rare example, I'm afraid...
--
Best regards,
Amir Herzberg
email. And Ross Anderson once had to
resort to asking Adi to call me on the phone to deliver a message, since
a crazy mail filter here (Bar Ilan Univ.) blocked his messages for
weeks... And more incidents. So believe me I'm well aware of this problem.
--
Best regards,
Amir Herzberg
problems are worse. I think our
community should try to be constructive. I definitely try myself, hence
TrustBar. Please help me: try it and give me feedback, if you are a good
programmer, lend a hand improving it; or find other ideas and implement
them.
Best, Amir Herzberg
Paul Hoffman wrote
- I hope
you won't consider me a spammer...
--
Best regards,
Amir Herzberg
Associate Professor
Department of Computer Science
Bar Ilan University
http://AmirHerzberg.com
Try TrustBar - improved browser security UI:
http://AmirHerzberg.com/TrustBar
Visit my Hall Of Shame of Unprotected
then http for web mailer.
However if you edit the URL after login to https, it appears to work
ok over SSL also.
cool, this may also be something we can do for users (essentially
requires us extending the auto-redirection features with wildcard
functionality).
--
Best regards,
Amir Herzberg
Associat
David Wagner wrote:
Amir Herzberg writes:
However, quite a few of these sites invoke SSL/TLS only _after_ user has
typed in her user name and pw, and clicked `submit`. This allows a MITM
adversary to send a modified login page to the user, which sends the pw
to the attacker (rather than
or this attack,
Mozilla would be a much better target... In fact, since `everybody` uses
Windows, any stupid program can redirect users to fake sites - and do
much worse...
Anyway - thanks for the feedback.
--
Best regards,
Amir Herzberg
Associate Professor
Department of Computer Scie
n our
research on secure usability. Thanks!
BTW, TrustBar is an open-source project, so if some of you want to
provide it to your customers, possibly customized (branded) etc., there
is no licensing required.
--
Best regards,
Amir Herzberg
Associate Professor
Department of Computer Science
Bar
glosses over dealing with failures, but this is not
difficult; I also don't discuss how to support users of `public` PCs and
changing PCs, solutions are possible.
--
Best regards,
Amir Herzberg
Associate Professor
Department of Computer Science
Bar Ilan University
http://AmirHerzberg.com
T
.
Nice oracle to find last 5 digits... making it quite easy to find the
full number.
Not that anybody would bother. Still, I find it funny.
--
Best regards,
Amir Herzberg
Associate Professor
Department of Computer Science
Bar Ilan University
http://AmirHerzberg.com
Try TrustBar - improved
Ian G wrote:
Amir Herzberg wrote:
For a stationary user, the extension compares _Iterations_ and confirm
it is at most one less than previous value of _Iterations_ used with
this site.
(Minor point - if relying on incrementing
Iterations, this may impact password sharing
scenarios. Whether
ion on these machines... so
I like the previous solution better.
Ok, enough for now; now tell me what's wrong, etc It is definitely
too simple to be any good.
--
Best regards,
Amir Herzberg
Associate Professor
Department of Computer Science
Bar Ilan University
http://AmirHerzberg.com
Try
#x27;ll
be happy to cooperate in testing with other bars (e.g. petname, of
course). It is quite easy.
I will really appreciate if you test it - yourselves, of course, but
also if you try to find one non-expert e-banking user and have him try
it for two weeks...
--
Best regards,
Amir Herzberg
like the other proposals. I may be wrong
about the CyberCash role, though, it was a while, and I don't think it
matters so much...
--
Best regards,
Amir Herzberg
Associate Professor
Department of Computer Science
Bar Ilan University
http://AmirHerzberg.com
Try TrustBar - improved brows
en to such attacks.
But... crypto and authentication, imho, are the best tools to prevent
such malware from being installed. Yes, I know, this is far from the
current situation, with corrupted PCs (Zombies) being a very large
fraction (around a third?)...
--
Best regards,
Amir Herzberg
Associate
Lance James wrote:
Amir Herzberg wrote:
Lance James wrote:
...
> https://slam.securescience.com/threats/mixed.html
This site is set so that there is a frame of https://www.bankone.com
inside my https://slam.securescience.com/threats/mixed.html site. The
imaginative part is that you
mailman/listinfo/anti-fraud
--
Best regards,
Amir Herzberg
Associate Professor
Department of Computer Science
Bar Ilan University
http://AmirHerzberg.com
Try TrustBar - improved browser security UI:
http://AmirHerzberg.com/TrustBar
Visit my Hall Of Shame of Unprotected Login pages:
http://A
Eric Rescorla wrote:
There's an interesting paper up on eprint now:
http://eprint.iacr.org/2005/205
Another look at HMQV
Alfred Menezes
...
In this paper we demonstrate that HMQV is insecure by presenting
realistic attacks in the Canetti-Krawczyk model that reco
Ole Kasper Olsen wrote:
...
Amir Herzberg asked the question of "should login pages be SSL encrypted".
The flurry of discussion can be summerized as "Yes"...
...
2. Most people believe that a login page *should* be encrypted
for web sites carrying important data. (e.g., f
(somehow!) eavesdrop on the (encrypted) communication on the
Net but _not_ on the (plaintext) communication on the intranet, to
decipher the communication of a pair of honest employees, Alice in A and
Bob in B?
If so, what's the best defense?
--
Best regards,
Amir Herzberg
Associate Prof
above, can protect reasonably well even
naive or unsuspecting users.
--
Best regards,
Amir Herzberg
Associate Professor
Department of Computer Science
Bar Ilan University
http://AmirHerzberg.com
New: see my Hall Of Shame of Unprotected Login pages:
http://AmirHerzberg.com/shame
this does not prevent you from also blocking in
a proxy any CAs you don't trust. Let the user decide among these you
can't rule out.
--
Best regards,
Amir Herzberg
Associate Professor
Department of Computer Science
Bar Ilan University
http://AmirHerzberg.com
New: see my Hall O
better to make the CA visible to the user
(but in a way users can understand - I believe we have that with TrustBar).
--
Best regards,
Amir Herzberg
Associate Professor
Department of Computer Science
Bar Ilan University
http://AmirHerzberg.com
New: see my Hall Of Shame of Unprotected Log
eal with, and I'd love not to have to pay my mortgage on time, and
I'd love a pony and a mountain of gold. I'm an adult, though, so I
accept that I can't have everything I want and I need to fulfill my
obligations. Are we to expect less of AMERICAN EXPRESS? Of VERIZON?
That'
is so
clueless as to send you corrupted scripts, it may as well publish your
password directly...
Best, Amir Herzberg
Ken Ballou wrote:
> Unless I misunderstand, the problem is that I can not determine where my
login information will go without examining the source of the login
page. Sure,
do with "ease of use" or tools that default "safe". The
problem is that they don't know there is anything to fix at a level
of the firm that is capable of taking the decision to fix it.
--
Best regards,
Amir Herzberg
Associate Professor
Department of Computer Science
Bar I
phishing and spoofing, at
http://www.cs.biu.ac.il/~herzbea/shame/FAQ.htm
--
Best regards,
Amir Herzberg
Associate Professor
Department of Computer Science
Bar Ilan University
http://AmirHerzberg.com
New: see my Hall Of Shame of Unprotected Login pages:
http://AmirHerzberg.com/shame.html
eli IT managers
and developers, and hence improve the security of their systems.
--
Best regards,
Amir Herzberg
Associate Professor
Department of Computer Science
Bar Ilan University
http://AmirHerzberg.com
New: see my Hall Of Shame of Unprotected Login pages:
http://AmirHer
that even naive users
understand quite the TrustBar UI for SSL protected sites. We display
something like identified by . I'll
appreciate your thoughts/feedback, try it at http://TrustBar.MozDev.org.
--
Best regards,
Amir Herzberg
Associate Professor
Department of Computer Science
Bar
05.30 15:34 +0200 ) Amir Herzberg:
See more info e.g. at http://www.haaretz.com/hasen/spages/581790.html
an excellent tale [still unfolding]- no doubt coming to a bookstore or
movie theatre near you real soon.
of course, it was never mentioned in the article, but they *had* to be
running wi
problems. This couple were
apparently targeted by the Trojan for personal reasons; the programmer
is their ex-son-in-law...
See more info e.g. at http://www.haaretz.com/hasen/spages/581790.html
--
Best regards,
Amir Herzberg
Associate Professor
Department of Computer Science
Bar Ilan University
-aware mail agents (MTA-MTA, MTA-MUA)); so that's
what we are developing in SICS. I believe these efforts are
complementary to providing encryption services.
Best, Amir Herzberg
-
The Cryptography Mailing List
Unsubscri
ling to provide feedback...]
Best, Amir Herzberg
James A. Donald wrote:
--
In my blog http://blog.jim.com/ I post "how email
encryption should work"
I would appreciate some analysis of this proposal, which
I think summarizes a great deal of discussion that I
have read.
* The
sufficiently to identify
sites, and to _know_ which CA is identifying the (protected) site they use.
This is easy to do, and of course you can add this to your
Mozilla/FireFox browser by installing our TrustBar (from
http://TrustBar.mozdev.org).
Best, Amir Herzberg
John Levine wrote:
Does
's wrong with sending the device encryption of a random number
(using the public key of the device), and the device sending back the
number as proof of possession of the corresponding secret key?
Best, Amir Herzberg
-
y posting on this list I am exactly encouraging
people to review the code (it is all script so you can just download
TrustBar and read it), write their own better code, etc...
Best, Amir Herzberg
-
The Cryptography Mailing List
arm.
Best, Amir Herzberg
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Taral wrote:
On Wed, Feb 09, 2005 at 07:41:36PM +0200, Amir Herzberg wrote:
Want to protect your Mozilla/FireFox from such attacks? Install our
TrustBar: http://TrustBar.Mozdev.org
(this was the first time that I had a real reason to click the `I don't
trust this authority` button...)
Opi
Adam Shostack wrote:
On Wed, Feb 09, 2005 at 07:41:36PM +0200, Amir Herzberg wrote:
| Want to see a simple, working method to spoof sites, fooling
| Mozilla/FireFox/... , even with an SSL certificate and `lock`?
|
| http://www.shmoo.com/idn/
|
| See also:
|
| http://cgi.ebay.com/ws
our
TrustBar: http://TrustBar.Mozdev.org
(this was the first time that I had a real reason to click the `I don't
trust this authority` button...)
Opinions?
Best, Amir Herzberg
-
The Cryptography Mailing List
Unsubscribe b
n - as other info
displayed by browsers - can be spoofed in different ways, as explained
in our paper and in some of the previous works we cite.
Best, Amir Herzberg
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
y URL` which is too
complex for naive users).
Thanks (also for the URL)! Amir Herzberg
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
- which, imho, is a good thing.
I find it almost a professional insult, that people go for non-crypto
identification mechanisms to prevent spoofing and phishing. I mean, if
we can't sell crypto for this purpose, this - imho - is a real
fact, I wouldn't
object if some serious open-code developer assumed responsibility...
If people are interested, and want to discuss face to face, I'll be in
RSA on 15-18/February...
Best, Amir Herzberg
-
The Cryptograph
finding many collisions easily, including to messages with random
prefixes, this could be more worrying...
--
Best regards,
Amir Herzberg
Associate Professor, Computer Science Dept., Bar Ilan University
http://amirherzberg.com (information and lectures in cryptography &
security)
Mirror site:
...
--
Best regards,
Amir Herzberg
Associate Professor, Computer Science Dept., Bar Ilan University
http://amirherzberg.com (information and lectures in cryptography &
security)
Mirror site: http://www.mfn.org/~herzbea/
begin:vcard
fn:Amir Herzberg
n:Herzberg;Amir
org:Bar Ilan University;Comp
public key
signatures) that the signed documents are structured with a random field
before and after the `actual contract`, as long as the fields are well
defined.
--
Best regards,
Amir Herzberg
Associate Professor, Computer Science Dept., Bar Ilan University
http://amirherzberg.com (information an
t approach? Should we change something
before releasing (hoping in a week or two) or longer term? Can you do it
for IE or other browser?
(for the paper, see my homepage as below...)
--
Best regards,
Amir Herzberg
Associate Professor, Computer Science Dept., Bar Ilan University
http://amirherzberg.com
n't have any illusions that I'll convince you
and I have no desire to get involved in an endless debate.
Accordingly, I'll end my half of the conversation here. Feel
free to have the last word.
Eric, I think this was rude, and quite unlike you. Nobody forces you to
communicate. A
. Or if your partner
promised to use it, but forgot.
So while `SSL is harmful` sounds sexy, I think it is misleading. Maybe
`Stop SSL-Abuse!`
--
Best regards,
Amir Herzberg
Associate Professor, Computer Science Dept., Bar Ilan University
http://amirherzberg.com (information and lectur
ne the digital signature in a
(`regular`) contract between the parties. The contract defines what the
parties agree to be considered as equivalent to their (physical)
signature, with well defined interpretation and restrictions.
--
Best regards,
Amir Herzberg
Associate Professor, Computer
e briefly to a guy from the FDIC
at last year's antiphishing meeting who said they'd been thinking of
something like that.
Agree! We call this a credential, see in paper or just this screen shot
http://www.cs.biu.ac.il/~herzbea/Papers/ecommerce/spoofing_files/image006.gif
--
Best regards,
homepage or directly at
http://www.cs.biu.ac.il/~herzbea/Papers/ecommerce/spoofing.htm), I'll
love to hear their feedback..
--
Best regards,
Amir Herzberg
Associate Professor, Computer Science Dept., Bar Ilan University
http://amirherzberg.com (information and lectures in cryptography &
s
, you simply have to validate the (regular) certificate
on the first time you get a public key from the server...
--
Best regards,
Amir Herzberg
Associate Professor, Computer Science Dept., Bar Ilan University
http://amirherzberg.com (information and lectures in cryptography &
security)
've seen, claim very high actual damages.
--
Best regards,
Amir Herzberg
Associate Professor, Computer Science Dept., Bar Ilan University
http://amirherzberg.com (information and lectures in cryptography &
security)
begin:vcard
fn:Amir Herzberg
n:Herzberg;Amir
org:Bar Ilan Univers
down (and
they definitely _don't_ slow down...).
So I think this observation about EZ Pass is probably true, but for some
time ago; with current technology, reading license plates is possible
(which, I guess, has some alarming privacy implications...).
Best regards,
Amir Herzberg
Asso
Web Sites, at
http://eprint.iacr.org/2004/155/ and
http://www.cs.biu.ac.il/~herzbea/Papers/ecommerce/Spam.htm
# Controlling Spam by Secure Internet Content Selection, at
http://eprint.iacr.org/2004/154/ and
http://www.cs.biu.ac.il/~herzbea/Papers/ecommerce/Spam.htm
--
Best regards,
Ami
Florian Weimer wrote:
* Amir Herzberg:
# Protecting (even) Naïve Web Users, or: Preventing Spoofing and
Establishing Credentials of Web Sites, at
http://www.cs.biu.ac.il/~herzbea/Papers/ecommerce/trusted%20credentials%20area.PDF
The trusted credentials area is an interesting concept.
Thanks
tials area) we developed for Mozilla, and it works great; I hope
we'll feel soon confident enough with the code so we'll be able to put
it in the public domain. Experienced Mozilla developers who will be
willing to help test and evaluate the code are invited to contact me.
--
Best re
d
send to the list. Important aspects include reliability, functionality,
performance, documentation, cost (for development system - no `per seat`
cost!), and licensing terms (in particular can it be used for commercial
products, and any restrictions).
Thanks a lot...
--
Best regards,
Ami
nably reliable and persistent.
In the meanwhile, if you find you cannot download the files, I guess I'll
have to send by e-mail... Unfortunately these are pretty large files.
Needless to say, technical comments and corrections are also (or:
especially) welcome.
Best regards,
Amir Herzberg
make it a bit more difficult
for e-mail viruses to propagate.
What's the bug in this simple solution? If anybody wants to implement I'm
willing to assist in developing/validating the protocols.
Best regards,
Amir Herzberg
Computer Science Department, Bar Ilan University
Home
At 04:20 30/12/2003, David Wagner wrote:
Ed Reed wrote:
>There are many business uses for such things, like checking to see
>if locked down kiosk computers have been modified (either hardware
>or software),
I'm a bit puzzled why you'd settle for detecting changes when you
can prevent them. Any cha
At 18:02 29/12/2003, Ben Laurie wrote:
Amir Herzberg wrote:
...
specifications, I use `non-repudiation` terms for some of the
requirements. For example, the intuitive phrasing of the Non-Repudiation
of Origin (NRO) requirement is: if any party outputs an evidence evid
s.t. valid(agreement, evid
ormal specifications.
> Best regards,
>
> Amir Herzberg
> Computer Science Department, Bar Ilan University
> Lectures: http://www.cs.biu.ac.il/~herzbea/book.html
> Homepage: http://amir.herzberg.name
>
> -
&g
at: do you really object and if so why? What of
applications/scenarios that seem to require non-repudiation, e.g. certified
mail, payments, contract signing,...?
Best regards,
Amir Herzberg
Computer Science Department, Bar Ilan University
Lectures: http://www.cs.biu.ac.il/~herzbea/book.html
Home
pudiation of origin, i.e. the ability of recipient to convince a
third party that a message was sent (to him) by a particular sender (at
certain time)?
Or - do you think this is not an important requirement?
Or what?
Best regards,
Amir Herzberg
Computer Science Department, Bar Ilan University
again as I wrote before...) that you don't achieve your
stated goal of identifying the intended receiver. This is also solved if
you sign the ciphertext and the receiver's public key, or simply sign the
identity of the receiver.
Anyway, I am repeating myself, so...
Best regards,
st regards,
Amir Herzberg
Computer Science Department, Bar Ilan University
Lectures: http://www.cs.biu.ac.il/~herzbea/book.html
Homepage: http://amir.herzberg.name
At 16:25 15/12/2003, Matt wrote:
Quoting Ben Laurie <[EMAIL PROTECTED]>:
> I don't see any value added by cipher1 - what
er, in his MSc thesis which
he completed these days. I can provide details (or paper/thesis) but first
I wonder if this is what you wanted to achieve at all.
Best,
Amir Herzberg
Computer Science Dept, Bar Ilan University
Lectures: http://www.cs.biu.ac.il/~herzbea/book.html
At 16:42 12/12/2003, wr
k-ins.
BTW I've updated my foils on encryption and hashing which cover much of
this topic (see in site if interested).
Best, Amir Herzberg
http://amir.herzberg.name
-
The Cryptography Mailing List
Unsubscribe by send
en without
knowing for sure they got the money - kind of `risk management` - I'm not
sure what we want is to allow big contributors to gain favors while not
really making as big a contribution as they promised...
Best, Amir Herzberg
At 10:11 08/09/2003 -0700, Steve Schear wrote:
Everyone knows th
e time to explain so nicely why this kind of systems, while cute, are not
really helping applied cryptography (IMHO).
Best regards...
Amir Herzberg
http://amir.herzberg.name
-
The Cryptography Mailing List
Unsubscribe by
as of applied cryptography and secure communication and commerce. So
please consider joining us, and forward to forums or individuals that may
be interested.
Amir Her
he
teaser, the topic of the conference (it's about podcs?),
the dates, and the location.
Topic: Distributed computing, and this year special focus on distributed
security and crypto
Dates: July 13-17
Location: Boston, MA
URL: http://www.podc.org/podc2003/
Best, a very
may receive.
I look forward to seeing many of you at PODC in July!
Victor Luchangco
PODC 2003 Publicity Chair
Amir Herzberg
http://amir.herzberg.name
-
The
,
time-stamping,...
Secure Payments and Banking
----
Amir Herzberg
http://amir.herzberg.name
-
The Cryptography Mailing List
Unsubscribe
ay also discuss
crypto/privacy issues...).
General PODC Information
===
See below `call for participation`.
I hope you will join us for a great conference in July!
Amir Herzberg
PODC 2003 Security Track Chair
CALL FOR PARTI
m, ICICS, LNCS 2513, 2002.
This issue is also covered somewhat by my article in CACM (May 2002).
Best, Amir Herzberg
http://amir.herzberg.name
- Combine the two to allow sites to provide a user-trustable UI to enter
a password which cannot be sucked down.
- Evangelize to users that this is be
to key length requirements); in
particular public key systems are always `only` computationally secure.
This is not really a problem and certainly not a motivation to design new
systems, without a proof of security...
Best, Amir Herzberg
http://amir.herzberg.name
85 matches
Mail list logo