Re: English 19-year-old jailed for refusal to disclose decryption key

2010-10-06 Thread Arshad Noor
. http://www.legislation.gov.uk/ukpga/2000/23/section/53 Arshad Noor StrongAuth, Inc. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

Re: Unattended reboots (was Re: The clouds are not random enough)

2009-08-03 Thread Arshad Noor
are involved? Arshad Noor StrongAuth, Inc. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

Unattended reboots (was Re: The clouds are not random enough)

2009-08-02 Thread Arshad Noor
(or anyone on this forum) know of technology that allows the application to gain access to the crypto-hardware after an unattended reboot - but can prevent an attacker from gaining access to those keys after compromising a legitimate ID on the machine - I'd welcome hearing about it. TIA. Arshad Noor

[Fwd: New W3C XML Security Specifications]

2009-03-02 Thread Arshad Noor
FYI. Original Message Subject: New W3C XML Security Specifications Date: Fri, 27 Feb 2009 14:10:04 -0500 From: Sean Mullan sean.mul...@sun.com Reply-To: security-...@xml.apache.org To: security-...@xml.apache.org The W3C XML Security Working Group has just released 7 first

Re: How to Share without Spilling the Beans

2009-03-02 Thread Arshad Noor
and no possibility of someone writing out plaintext when comparing decrypted objects. Am I missing something? Arshad Noor StrongAuth, Inc. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord

Re: full-disk encryption standards released

2009-01-29 Thread Arshad Noor
/irweblinkx/file.aspx?IID=4094417FID=7249269 Arshad Noor StrongAuth, Inc. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

Pulling Keystrokes Out of the Air

2008-10-24 Thread Arshad Noor
Computer keyboards are often used to transmit sensitive information such as username/password (e.g. to log into computers, to do e-banking money transfer, etc.). A vulnerability on these devices will definitely kill the security of any computer or ATM. http://lasecwww.epfl.ch/keyboard/ Arshad

Re: once more, with feeling.

2008-09-08 Thread Arshad Noor
/pci_dss_download.html http://www.owasp.org/index.php/Top_10_2007 Arshad Noor StrongAuth, Inc. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: once more, with feeling.

2008-09-08 Thread Arshad Noor
Darren Lasko wrote: Arshad Noor wrote: 6.5 Develop all web applications based on secure coding guidelines such as the Open Web Application Security Project guidelines Isn't this vulnerability already in the Top 10, specifically A7 - Broken Authentication and Session Management ( http

[Fwd: [P1619-3] Early Registration Deadline for KMS 2008 Extended to August 31, 2008]

2008-08-17 Thread Arshad Noor
FYI. Original Message Subject:[P1619-3] Early Registration Deadline for KMS 2008 Extended to August 31, 2008 Date: Sat, 16 Aug 2008 18:18:54 -0600 From: Matt Ball [EMAIL PROTECTED] Reply-To: Matt Ball [EMAIL PROTECTED] To: [EMAIL PROTECTED] To give

Re: Strength in Complexity?

2008-08-04 Thread Arshad Noor
require that the Symmetric Key Client Library (SKCL) have connected to the Symmetric Key Services (SKS) server at least once before it can use this capability. Arshad Noor StrongAuth, Inc. - The Cryptography Mailing List

Re: Strength in Complexity?

2008-08-04 Thread Arshad Noor
that I cannot please everyone in any audience, and must therefore, do/say what what I believe is right for my customers. Only time will tell if I got it right - temporarily. Arshad Noor StrongAuth, Inc. - The Cryptography Mailing

Re: Strength in Complexity?

2008-08-04 Thread Arshad Noor
-management. Those precise three groups of people - and now, including security and compliance officers - are slowly starting to discover that for themselves. Arshad Noor StrongAuth, Inc. - The Cryptography Mailing List Unsubscribe

Re: Strength in Complexity?

2008-08-04 Thread Arshad Noor
, for 20+ years I've always seen Kerberos as a network-authentication protocol and perhaps it is my failing that I couldn't see the possibility of using a flat-head screwdriver in a Philips-head screw. Arshad Noor StrongAuth, Inc

Re: Strength in Complexity?

2008-08-03 Thread Arshad Noor
the central key-management server. Arshad Noor StrongAuth, Inc. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Fwd: [ekmi] Public Review of SKSML v1.0

2008-07-25 Thread Arshad Noor
: http://www.strongkey.org. Looking forward to this groups' comments. Thank you. Arshad Noor StrongAuth, Inc. - Forwarded Message - From: Mary McRae [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Cc: ekmi [EMAIL PROTECTED] Sent: Thursday, July 24, 2008 7:04:49 PM (GMT-0800

Re: Strength in Complexity?

2008-07-09 Thread Arshad Noor
technology components, polices and practices. But you still have to make the choice. Arshad Noor StrongAuth, Inc. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: disks with hardware FDE

2008-07-08 Thread Arshad Noor
vendors respond to you so you can forward as appropriate. Thanks. Arshad Noor StrongAuth, Inc. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Strength in Complexity?

2008-07-07 Thread Arshad Noor
Ben Laurie wrote: Arshad Noor wrote: I may be a little naive, but can a protocol itself enforce proper key-management? I can certainly see it facilitating the required discipline, but I can't see how a protocol alone can enforce it. I find the question difficult to understand. Before I

Re: Strength in Complexity?

2008-07-05 Thread Arshad Noor
Florian Weimer wrote: * Arshad Noor: http://www.informationweek.com/shared/printableArticle.jhtml?articleID=208800937 On a more serious note, I think the criticism probably refers to the fact that SKSML does not cryptopgrahically enforce proper key management. If a participant turns bad

Re: Strength in Complexity?

2008-07-02 Thread Arshad Noor
the OASIS community that there be support for algorithms that are not in XMLEnc, the Technical Committee will discuss and vote on it. Arshad Noor StrongAuth, Inc. - The Cryptography Mailing List Unsubscribe by sending unsubscribe

Strength in Complexity?

2008-07-01 Thread Arshad Noor
preferred simpler - but strong - technical solutions, have my instincts been wrong all along? TIA. Arshad Noor StrongAuth, Inc. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Strength in Complexity?

2008-07-01 Thread Arshad Noor
- is that it is necessary to use a combination of strong technology and procedures for effective security. Relying on just one component alone can lead to a breakdown in security (as my experience has shown me). Arshad Noor StrongAuth, Inc

Re: The wisdom of the ill informed

2008-06-29 Thread Arshad Noor
understood by most people on this forum, until we educate the gate-keepers, we have failed in our jobs to secure IT infrastructure. Arshad Noor StrongAuth, Inc. Allen wrote: Hi gang, All quiet on the cryptography front lately, I see. However, that does not prevent practices that *appear* like

Re: Ransomware

2008-06-11 Thread Arshad Noor
David learned of the RC4 algorithm? Arshad Noor StrongAuth, Inc. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: RIM to give in to GAK in India

2008-05-31 Thread Arshad Noor
? (And, if they are, how are the 3DES keys agreed upon? Doesn't that imply public/private key-pairs or a master-key?) Arshad Noor StrongAuth, Inc. - Original Message - From: Victor Duchovni [EMAIL PROTECTED] Cc: cryptography@metzdowd.com Sent: Friday, May 30, 2008 10:41:10 AM (GMT-0800) America

Re: RIM to give in to GAK in India

2008-05-30 Thread Arshad Noor
the Blackberry encryption protocol work like S/MIME? Arshad Noor StrongAuth, Inc. - Original Message - From: Derek Atkins [EMAIL PROTECTED] To: Perry E. Metzger [EMAIL PROTECTED] Cc: cryptography@metzdowd.com Sent: Tuesday, May 27, 2008 8:54:12 AM (GMT-0800) America/Los_Angeles Subject

Fwd: [P1619-3] Last reminder: Call for Speakers and Sponsors for the 2008 Key Management Summit Ends This Friday

2008-05-30 Thread Arshad Noor
FYI. - Forwarded Message - From: Matt Ball [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 1:37:18 PM (GMT-0800) America/Los_Angeles Subject: [P1619-3] Last reminder: Call for Speakers and Sponsors for the 2008 Key Management Summit Ends This Friday (Please forward

[Fwd: Secure Server e-Cert Developer e-Cert. Comerica TM Connect Web Bank]

2008-04-23 Thread Arshad Noor
Fascinating! This may be the first phishing e-mail I've seen that uses a message related to digital certificates for attacking the client; I am not a customer of Comerica. Has anyone else seen this before? Arshad Noor StrongAuth, Inc. Original Message Subject:Secure

Re: [Fwd: Secure Server e-Cert Developer e-Cert. Comerica TM Connect Web Bank]

2008-04-23 Thread Arshad Noor
Had to remove the link so it would get past the spam-filters; apologies if you see multiple postings. Arshad Noor wrote: Fascinating! This may be the first phishing e-mail I've seen that uses a message related to digital certificates for attacking the client; I am not a customer of Comerica

Re: Levels of security according to the easiness to steel biometric data

2008-04-18 Thread Arshad Noor
the conference are available at: http://middleware.internet2.edu/idtrust/2008/program.html Arshad Noor StrongAuth, Inc. Philipp G├╝hring wrote: Hi, QUESTION: Does anybody knows about the existence of a security research in area of grading the easiness to steel biometric data. There are several

Re: presentations about encrypted storage

2008-04-02 Thread Arshad Noor
is scheduled to be held in Baltimore, MD this fall, that should be of interest to people in this forum: http://www.keymanagementsummit.com/2008/ Arshad Noor StrongAuth, Inc. [EMAIL PROTECTED] wrote: I've got two presentations I've given on encrypted storage technologies here: http

Re: Poor password management may have led to bank meltdown

2008-02-06 Thread Arshad Noor
- going on just gut feel - resulting in situations like at Societe' Generale. Arshad Noor StrongAuth, Inc. Jon Callas wrote: On Feb 4, 2008, at 1:55 PM, Arshad Noor wrote: Do business people get it? Do security professionals get it? Apparently not. Arshad Noor StrongAuth, Inc. Huge losses

Re: 2008: The year of hack the vote?

2007-12-26 Thread Arshad Noor
The usual excuse, Dan: ignorance. Those of us who know how companies maintain the security of their systems minimize the use of, or eschew, such sites. We also always ask for an Absentee (paper) ballot in places where electronic voting is the only choice at the polling booth. Arshad Noor

Re: crypto class design

2007-12-20 Thread Arshad Noor
I think you would be doing the crypto community a huge public service by publishing the ~4 page section, Ian. Personally, I prefer your 3-sentence disclaimer. :-) Arshad Noor StrongAuth, Inc. Ian Farquhar (ifarquha) wrote: I personally have a boilerplate risk disclosure section which

Re: crypto class design

2007-12-19 Thread Arshad Noor
) or contact me privately for an alternative solution. Arshad Noor StrongAuth, Inc. [EMAIL PROTECTED] wrote: So... supposing I was going to design a crypto library for use within a financial organization, which mostly deals with credit card numbers and bank accounts, and wanted to create an API

[Fwd: ISACA to Host an Enterprise Key Management Infrastructure Workshop]

2007-11-13 Thread Arshad Noor
A reminder of the Enterise Key Management Infrastructure (EKMI) Workshop on November 15th in San Francisco. Thanks. Arshad Noor StrongAuth, Inc. Original Message Subject: ISACA to Host an Enterprise Key Management Infrastructure Workshop Date: Sun, 21 Oct 2007 21:49:40 -0700

Re: Full Disk Encryption solutions selected for US Government use

2007-10-08 Thread Arshad Noor
and they don't realize that the state of the art has already shifted under their feet. Arshad Noor StrongAuth, Inc. - Original Message - From: Steven M. Bellovin [EMAIL PROTECTED] On Mon, 18 Jun 2007 22:57:36 -0700 Ali, Saqib [EMAIL PROTECTED] wrote: US Government has select 9 security vendors

Re: Full Disk Encryption solutions selected for US Government use

2007-10-08 Thread Arshad Noor
the area that matters most - the actual applications that use sensitive data. Arshad Noor StrongAuth, Inc. - Original Message - From: Saqib Ali [EMAIL PROTECTED] To: Arshad Noor [EMAIL PROTECTED] Cc: Cryptography cryptography@metzdowd.com Sent: Monday, October 8, 2007 11:52:28 AM (GMT