On Mon, Feb 11, 2008 at 07:01:07PM +1300, Peter Gutmann wrote:
Daniel Carosone [EMAIL PROTECTED] writes:
[...]
Particularly for the first point, early validation for packet integrity in
general can be a useful defensive tool against unknown potential
implementation vulnerabilities
Others have made similar points and suggestions, not picking on this
instance in particular:
On Mon, Feb 04, 2008 at 02:48:08PM -0700, Martin James Cochran wrote:
Additionally, in order to conserve bandwidth you might want to make a
trade-off where some packets may be forged with small
On Tue, Oct 02, 2007 at 03:50:27PM +0200, Simon Josefsson wrote:
Without access to the device (I've contacted Hitachi EMEA to find out if
it is possible to purchase the special disks) it is difficult to infer
how it works, but the final page of the howto seems strange:
...
NOTE: All
On Thu, Sep 14, 2006 at 02:48:54PM -0400, Leichter, Jerry wrote:
| The problem is that _because there is an interface to poll the token for
| a code across the USB bus_, malicious software can *repeatedly* steal new
| token codes *any time it wants to*. This means that it can steal codes
|
On Thu, Mar 23, 2006 at 08:15:50PM -, Dave Korn wrote:
As we all know, when you pay with a credit or debit card at a store, it's
important to take the receipt with you
[..]
So what they've been doing at my local branch of Marks Spencer for the
past few weeks is, at the end of the
On Tue, Feb 14, 2006 at 04:26:35PM -0500, Steven M. Bellovin wrote:
In message [EMAIL PROTECTED], Werner Koch writes:
I agree. However the case at hand is a bit different. I can't
imagine how any application or upper layer will be able to recover
from that error (ENOENT when opening
On Tue, Aug 09, 2005 at 01:04:10AM +1200, Peter Gutmann wrote:
That sounds a bit like unicorn insurance
[..]
However, this is slightly different from what Perry was suggesting.
There seem to be at least four subclasses of problem here:
1. ??? : A solution based on a misunderstanding of what
On Tue, Jun 07, 2005 at 07:48:22PM -0400, Perry E. Metzger wrote:
It happens because some idiot web designer thought it was a nice
look, and their security people are too ignorant or too powerless to
stop it, that's why.
It has nothing to do with cost. The largest non-bank card issuer in
On Tue, May 31, 2005 at 06:43:56PM -0400, Perry E. Metzger wrote:
So we need to see a Choicepoint for listening and sniffing and so
forth.
No, we really don't.
Perhaps we do - not so much as a source of hard statistical data, but
as a source of hard pain.
People making (uninformed or
On Mon, Jan 31, 2005 at 10:38:53PM -0500, Steven M. Bellovin wrote:
When using CBC mode, one should not encrypt more than 2^32 64-bit
blocks under a given key. That comes to ~275G bits, which means that
on a GigE link running flat out you need to rekey at least every 5
minutes, which is
On Tue, Jan 11, 2005 at 03:48:32PM -0500, William Allen Simpson wrote:
2. set the contract in the read() call such that
the bits returned may be internally entangled, but
must not be entangled with any other read(). This
can trivially be met by locking the device for
single read access, and
I'm really enjoying the current discussion about hash constructions
and splints for current algorithms. I will make one observation in
that discussion, which is that the proposal for a Hnew (2n - n) seems
a little beyond the scope of a field splint that can be done using
existing tools and
My immediate (and not yet further considered) reaction to the
description of Joux' method was that it might be defeated by something
as simple as adding a block counter to the input each time.
I any case, I see it as a form of dictionary attack, and wonder
whether the same kinds of techniques
13 matches
Mail list logo