Re: Anyone know anything about the new ATT encrypted voice service?

2010-10-06 Thread David G. Koontz
On 7/10/10 11:19 AM, Perry E. Metzger wrote: ATT debuts a new encrypted voice service. Anyone know anything about it? http://news.cnet.com/8301-13506_3-20018761-17.html (Hat tip to Jacob Applebaum's twitter feed.) JavaScript needs to be enabled:

Re: Obama administration revives Draconian communications intercept plans

2010-09-27 Thread David G. Koontz
On 28/09/10 1:26 AM, Perry E. Metzger wrote: From the New York Times, word that the Obama administration wants to compel access to encrypted communications. http://www.nytimes.com/2010/09/27/us/27wiretap.html Someone should beat up the FBI for using specious arguments: But as an example,

Obama administration wants encryption backdoors for domestic surveillance

2010-09-27 Thread David G. Koontz
http://www.boingboing.net/2010/09/27/obama-administration.html A good first point of interest clearinghouse site for the issue can be found on Boing Boing. It points to a Green Greenwald article on Salon and the ACLU. There's also a nice piece at the Cato Institute

Re: Intel plans crypto-walled-garden for x86

2010-09-14 Thread David G. Koontz
On 14/09/10 3:58 PM, John Gilmore wrote: http://arstechnica.com/business/news/2010/09/intels-walled-garden-plan-to-put-av-vendors-out-of-business.ars In describing the motivation behind Intel's recent purchase of McAfee for a packed-out audience at the Intel Developer Forum, Intel's Paul

Re: About that Mighty Fortress... What's it look like?

2010-08-17 Thread David G. Koontz
On 18/08/10 3:46 AM, Peter Gutmann wrote: Alexander Klimov alser...@inbox.ru writes: Each real-time check reveals your interest in the check. What about privacy implications? (Have you ever seen a PKI or similar key-using design where anyone involved in speccing or deploying it genuinely

Re: Cars hacked through wireless tire sensors Another paper plus USENIX SEC10 proceedings

2010-08-15 Thread David G. Koontz
What looks like to be an applicable paper. Not the same set of authors as the earlier reference to USENIX. Experimental Security Analysis of a Modern Automobile Karl Koscher, Alexei Czeskis, Franziska Roesner, Shwetak Patel, and Tadayoshi Kohno Department of Computer Science and Engineering

After spyware fails, UAE gives up and bans Blackberries

2010-08-02 Thread David G. Koontz
http://arstechnica.com/tech-policy/news/2010/08/after-spyware-failed-uae-gives-up-and-bans-blackberries.ars By John Timmer Discussing in general terms RIM's Blackberry email server connections to their servers in Canada's encryption resistance to United Arab Emirates monitoring efforts when used

Re: Crypto dongles to secure online transactions

2009-11-10 Thread David G. Koontz
Jerry Leichter wrote: On Nov 8, 2009, at 2:07 AM, John Levine wrote: At a meeting a few weeks ago I was talking to a guy from BITS, the e-commerce part of the Financial Services Roundtable, about the way that malware infected PCs break all banks' fancy multi-password logins since no matter

Re: full-disk subversion standards released

2009-02-01 Thread David G. Koontz
Peter Gutmann wrote: John Gilmore g...@toad.com writes: The theory that we should build good and useful tools capable of monopoly and totalitarianism, but use social mechanisms to prevent them from being used for that purpose, strikes me as naive. There's another problem with this theory

Re: Obama's secure PDA

2009-01-29 Thread David G. Koontz
Jerry Leichter wrote: I commented earlier that $3200 seemed surprisingly cheap. One of the articles on this claimed this was absurdly expensive - typical DoD gold plating. Well ... the real price of a standard Blackberry is a couple of hundred dollars, and put one in a room with a speaker

Researchers Show How to Forge Site Certificates |

2008-12-30 Thread David G. Koontz
http://www.freedom-to-tinker.com/blog/felten/researchers-show-how-forge-site-certificates By Ed Felten - Posted on December 30th, 2008 at 11:18 am Today at the Chaos Computing Congress, a group of researchers (Alex Sotirov, Marc Stevens, Jake Appelbaum, Arjen Lenstra, Benne de Weger, and David

Researchers Use PlayStation Cluster to Forge a Web Skeleton Key

2008-12-30 Thread David G. Koontz
http://blog.wired.com/27bstroke6/2008/12/berlin.html More coverage on the MD5 collisions. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

Steve Bellovin on the MD5 Collision attacks, more on Wired

2008-12-30 Thread David G. Koontz
http://www.cs.columbia.edu/~smb/blog//2008-12/2008-12-30.html Steve mentions the social pressures involved in disclosing the vulnerability: Verisign, in particular, appears to have been caught short. One of the CAs they operate still uses MD5. They said: The RapidSSL certificates are

Re: CPRNGs are still an issue.

2008-12-18 Thread David G. Koontz
Charles Jackson wrote: I probably should not be commenting, not being a real device guy. But, variations in temperature and time could be expected to change SSD timing. Temperature changes will probably change the power supply voltages and shift some of the thresholds in the devices.

Re: Why the poor uptake of encrypted email? [Was: Re: Secrets and cell phones.]

2008-12-08 Thread David G. Koontz
JOHN GALT wrote: StealthMonger wrote: This may help to explain the poor uptake of encrypted email. It would be useful to know exactly what has been discovered. Can you provide references? The iconic Paper explaining this is Why Johnny Can't Encrypt available here:

Re: Lifting Some Restrictions on Encryption Exports

2008-12-05 Thread David G. Koontz
Ali, Saqib wrote: Does anyone have more info on the following: http://snurl.com/75m3f I couldn't find any other article that talked about it. The pay per news is the only item I found. It was tough to google for, because of all of the new references to Clinton era articles. google

Re: EFF press release on the gag order being lifted.

2008-08-19 Thread David G. Koontz
Perry E. Metzger wrote: http://www.eff.org/press/archives/2008/08/19 You wonder if it was MTBA exhibit 4 that tipped their case against the MTBA's injunction, using Roblimo's article on Sklyarov, quoting reactions to Dmitry Sklyarov's arrest for a DMCA violation on July 16, 2001, wherein:

Kiwi expert cracks chip passport

2008-08-17 Thread David G. Koontz
http://www.stuff.co.nz/4659100a28.html?source=RSStech_20080817 Peter Gutmann has gotten himself in the news along with Adam Laurie and Jeroen van Beek for altering the passport microchip in a passport. Think of this as a local boy makes good piece of news, well worth it for the picture of

Re: Judge approves TRO to stop DEFCON presentation

2008-08-10 Thread David G. Koontz
Jim Youll wrote: these have been circulating for hours, but they are content-free title slides... On Aug 9, 2008, at 7:38 PM, Ivan Krstić wrote: On Sat, 09 Aug 2008 17:11:11 -0400, Perry E. Metzger [EMAIL PROTECTED] wrote: Las Vegas - Three students at the Massachusetts Institute of

Re: Surveillance, secrecy, and ebay, monor correction.

2008-07-28 Thread David G. Koontz
David G. Koontz wrote: Sherri Davidoff wrote: You know how memory is, little things get squishy with the passage of years. As soon as I saw the post up on cryptography I asked myself was that 1972 or 1974? Privacy Act of 1972 That should be 1974. http://www.law.cornell.edu/uscode/html/uscode05

Re: Surveillance, secrecy, and ebay

2008-07-27 Thread David G. Koontz
Sherri Davidoff wrote: Matt Blaze wrote: Once sensitive or personal data is captured, it stays around forever, and the longer it does, the more likely it is that it will end up somewhere unexpected. Great point, and a fundamental lesson-of-the-moment for the security industry. To take it

Re: Permanent Privacy - Are Snake Oil Patents a threat?

2008-07-09 Thread David G. Koontz
Ali, Saqib wrote: Quoting the Foxbusiness article: Permanent Privacy (patent pending) has been verified by Peter Schweitzer, one of Harvard's top cryptanalysts, and for the inevitable cynics Permanent Privacy is offering $1,000,000 to anyone who can decipher a sample of ciphertext. I did a

Re: Why doesn't Sun release the crypto module of the OpenSPARC?

2008-06-13 Thread David G. Koontz
zooko wrote: On Jun 12, 2008, at 4:35 PM, David G. Koontz wrote: There's the aspect of competition. I've also wondered if a reason they didn't release it is because they bought the 'IP' from someone. Those are good guesses, David, and I guessed similar things myself and inquired

Re: Why doesn't Sun release the crypto module of the OpenSPARC? Competition?

2008-06-12 Thread David G. Koontz
Lawerence Spracklen's Blog: http://blogs.sun.com/sprack/entry/detailed_t2_crypto_info Detailed T2 crypto info Very detailed info on the UltraSPARC T2 cryptographic accelerators can be found here on the OpenSPARC website (the pertinent info can be found in chapter-21 of the doc) Posted

Re: NSA approves secure smart phone

2008-03-21 Thread David G. Koontz
Steven M. Bellovin wrote: http://www.gcn.com/online/vol1_no1/45946-1.html http://www.gdc4s.com/documents/D-SMEPED-6-1007_p21.pdf - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL

Re: NSA approves secure smart phone

2008-03-21 Thread David G. Koontz
Steven M. Bellovin wrote: http://www.gcn.com/online/vol1_no1/45946-1.html http://www.afcea.org/signal/articles/templates/Signal_Article_Template.asp?articleid=1346zoneid=210 - The Cryptography Mailing List Unsubscribe by

Unique locks on microchips could reduce hardware piracy

2008-03-15 Thread David G. Koontz
http://www.physorg.com/news123951684.html The technique is called EPIC, short for Ending Piracy of Integrated Circuits. It relies on established cryptography methods and introduces subtle changes into the chip design process. But it does not affect the chips' performance or power consumption.

Re: Unique locks on microchips could reduce hardware piracy

2008-03-15 Thread David G. Koontz
David G. Koontz wrote: http://www.physorg.com/news123951684.html Two more articles: http://arstechnica.com/news.ars/post/20080309-fighting-the-black-market-crypto-locks-for-cpus-other-ics.html This one has a bit of the technical description http://itnews.com.au/News/71553,chip-lock-aims

Re: Unique locks on microchips could reduce hardware piracy

2008-03-15 Thread David G. Koontz
Two papers of interest in evaluating the paper http://www.eecs.umich.edu/~imarkov/pubs/conf/date08-epic.pdf EPIC: Ending Piracy of Integrated Circuits Jarrod A. Roy?, Farinaz Koushanfar? and Igor L. Markov? ?The University of Michigan, Department of EECS, 2260 Hayward Ave., Ann Arbor, MI

RFID-hack hits 1 billion digital access cards worldwide

2008-03-15 Thread David G. Koontz
http://computerworld.co.nz/news.nsf/scrt/3FF9713E23292846CC25740A0069243E The Dutch government has issued a warning about the security of access keys that are based on the widely used Mifare Classic RFID chip. The warning comes in a week when two research teams independently demonstrated hacks

Re: Toshiba shows 2Mbps hardware RNG

2008-02-13 Thread David G. Koontz
Hal Finney wrote: Looking at the block diagram for the new Toshiba circuit, and comparing with the Intel design, one concern I have is with attacks on the device via external electromagnetic fields which could modulate current flows and potentially influence internal random numbers. Intel

Jihadi software promises secure web communication

2008-01-20 Thread David G. Koontz
http://www.stuff.co.nz/4365478a28.html An Islamist website often used by al Qaeda supporters is promoting encryption software which it says will help Islamic militants communicate with greater security on the internet. The Mujahideen Secrets 2 software was promoted as the first Islamic program

News on stolen Australian Law Enforcement Secure Radios

2007-09-02 Thread David G. Koontz
http://www.news.com.au/story/0,23599,22345160-2,00.html APEC security arrangements have been thrown into disarray with the theft of digitally encrypted police radios and a bullet-proof vest. The Sunday Telegraph reports that statewide memos have been issued to police working during the APEC

Re: Skype new IT protection measure

2007-08-21 Thread David G. Koontz
Peter Thermos wrote: Interesting comment from Skype: The disruption was triggered by a massive restart of our users' computers across the globe within a very short timeframe as they re-booted after receiving a routine set of patches through Windows Update. and We can confirm

Re: Free Rootkit with Every New Intel Machine

2007-06-30 Thread David G. Koontz
http://www.nvlabs.in/?q=node/32 Vipin Kumar of of NVLabs had announced a break of TPM and a demonstration of a break into Bitlocker, (presumably using TPM) to be presented at Black Hat 2007. The presentation has been pulled. Significance to the exchanges on cryptography under this subject stem

Re: Free Rootkit with Every New Intel Machine

2007-06-30 Thread David G. Koontz
Looking for TPM enterprise adoption. The current version of TPM was adopted in March o f 2006, which should have limited TPM up take. There's an article in Network World http://www.networkworld.com/allstar/2006/092506-chip-security-papa-gino.html from September 2006 talking about a restaurant

Re: Free Rootkit with Every New Intel Machine

2007-06-26 Thread David G. Koontz
Peter Gutmann wrote: David G. Koontz [EMAIL PROTECTED] writes: There are third party TPM modules, which could allow some degree of standardization: As I said in my previous message, just because they exist doesn't mean they'll do anything if you plug them into a MB with the necessary

Re: Free Rootkit with Every New Intel Machine

2007-06-26 Thread David G. Koontz
David G. Koontz wrote: I picked on one motherboard, a Gigabyte GA-P3-DQ6 which has the 20 pin header for the IEI TPM pluggable. After an extensive investigation I found no direct evidence you can actually do as Peter states and roll your own building a TPM enabled system. That includes

Re: Free Rootkit with Every New Intel Machine

2007-06-25 Thread David G. Koontz
Peter Gutmann wrote: Ian Farquhar (ifarquha) [EMAIL PROTECTED] writes: For example: the Gigabyte GA-965QM-DS2 (rev 2.0) which features security enhancement by TPM. More common (ASUS, Foxconn) was the TPM Connector, which seemed to be a hedged bet, by replacing the cost of the TPM chip with

Re: can a random number be subject to a takedown?

2007-05-04 Thread David G. Koontz
Hal Finney wrote: My question to the assembled: are cryptographic keys really subject to DMCA subject to takedown requests? I suspect they are not copyrightable under the criterion from the phone directory precedent. A sample demand letter from the AACS Licensing Authority appears at:

A processor that can do a DES round in 1 clock

2006-02-12 Thread David G. Koontz
I've seen this quite some time in the past, it wasn't for public disclosure. Periodically I've looked for a copy on the internet. This is from Strech Inc., their Software Configurable Processor. http://www.pdcl.eng.wayne.edu/msp6/MSP6_Workshop_Keynote_2004_POSTING.pdf The stuff on DES

Re: A small editorial about recent events.

2005-12-22 Thread David G. Koontz
[EMAIL PROTECTED] wrote: Clinton's Asst. A.G. http://www.chicagotribune.com/news/opinion/chi-0512210142dec21,0,3553632.story? coll=chi-newsopinioncommentary-hed Dick Morris http://www.drudgereport.com/flash7.htm --dan Yet President Bush as publicly stated it requires a court order to

Re: NY Times reports: NSA falsified Gulf of Tonkin intercepts

2005-11-01 Thread David G. Koontz
Perry E. Metzger wrote: http://www.nytimes.com/2005/10/31/politics/31war.html?ex=1288414800en=e2f5e341687a2ed9ei=5090partner=rssuserlandemc=rss WASHINGTON, Oct. 28 - The National Security Agency has kept secret since 2001 a finding by an agency historian that during the Tonkin Gulf