SSL and Malicious Hardware/Software

2008-04-28 Thread Ryan Phillips
Matt's blog post [1] gets to the heart of the matter of what we can trust. I may have missed the discussion, but I ran across Netronome's 'SSL Inspector' appliance [2] today and with the recent discussion on this list regarding malicious hardware, I find this appliance appalling. Basically a

Mark Dowd's Flash NULL Pointer Vulnerability Exploit

2008-04-18 Thread Ryan Phillips
[Moderator's note: Not our usual fare but I'll let it through anyway. Bottom line is that it describes a new ugly exploit against Flash. --Perry] White Paper: http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf Decent Summary:

Google Tech Talk : Theory and Practice of Cryptography

2007-12-13 Thread Ryan Phillips
I have yet to watch it. http://video.google.com/videoplay?docid=2899172465808407804 Description: Topics include: Introduction to Modern Cryptography, Using Cryptography in Practice and at Google, Proofs of Security and Security Definitions and A Special Topic in Cryptography This talk is one