Ross Anderson paper on fraud, risk and nonbank payment systems

2007-05-12 Thread Steve Schear
[Read the paper here: http://www.cl.cam.ac.uk/%7Erja14/Papers/nonbanks.pdf Very interesting stuff, but not likely new to most here.] The Federal Reserve commissioned me to research and write a paper on fraud, risk and nonbank payment systems. I found that phishing is facilitated by payment

Fwd: [gsc] Digital cache with extended features

2007-05-09 Thread Steve Schear
[Some interesting thinking going on. Wasn't there some similar ideas presented/published at a past FC conference?] Subject: [gsc] Digital cache with extended features Date: Sun, 06 May 2007 12:57:08 +0300 From: George Hara [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] It

Re: Was a mistake made in the design of AACS?

2007-05-05 Thread Steve Schear
At 07:50 AM 5/4/2007, Nicolas Williams wrote: On Thu, May 03, 2007 at 10:25:34AM -0700, Steve Schear wrote: At 03:52 PM 5/2/2007, Ian G wrote: This seems to assume that when a crack is announced, all revenue stops. This would appear to be false. When cracks are announced in such systems

Re: AACS and Processing Key

2007-05-04 Thread Steve Schear
At 11:32 AM 5/2/2007, Perry E. Metzger wrote: Anyone very familiar with AACS have ideas on what optimal attack and defense strategies are? This seems like a fertile new ground for technical discussion. Ed Felton wrote and excellent piece on AACS from the technical and economic/tactical

Re: Was a mistake made in the design of AACS?

2007-05-04 Thread Steve Schear
At 03:52 PM 5/2/2007, Ian G wrote: Hal Finney wrote: Perry Metzger writes: Once the release window has passed, the attacker will use the compromise aggressively and the authority will then blacklist the compromised player, which essentially starts the game over. The studio collects revenue

Re: Governance of anonymous financial services

2007-03-31 Thread Steve Schear
At 12:15 PM 3/30/2007, Hal Finney wrote: If the backing is distributed among a multitude of holders (e.g., in a fashion similar to how Lloyds backs their insurance empire), who's identities are kept secret until audit time and then only a few, randomly selected, names and claimed deposit

Re: Governance of anonymous financial services

2007-03-30 Thread Steve Schear
At 08:23 PM 3/29/2007, Allen wrote: Steve, I assume that you mean the owner of the on-line financial service when you say operator, correct? In which case what exactly are the auditors going to be looking at when comes time to audit but the operator's identity, whereabouts, the servers and a

Re: private credential/ecash thread on slashdot (Re: announce: credlib library with brands and chaum credentials)

2007-02-26 Thread Steve Schear
At 04:40 PM 2/20/2007, Adam Back wrote: There is quite some underinformed speculation as critique on the thread... Its interesting to see people who probably understand SSL, SMIME and stuff at least at a power user if not programmer level, try to make logical leaps about what must be wrong or

New digital bearer cash site launched

2007-02-21 Thread Steve Schear
With the expiration of Chaum's key patents it was assumed that someone would step up an try their hand at launching a DBC-based financial service. Some time has passed and I'm happy to announce that this has finally happened. Taking a cue from the lively Digital Gold Currencies, eCache's

Re: It's a Presidential Mandate, Feds use it. How come you are not using FDE?

2007-01-19 Thread Steve Schear
At 03:57 PM 1/18/2007, Saqib Ali wrote: When is the last time you checked the code for the open source app that you use, to make sure that it is written properly? When is the last time you carefully checked the code for a closed source app that you use? (Besides the one you mentioned to

Real-world password guessing

2007-01-18 Thread Steve Schear
http://dilbert.com/comics/dilbert/archive/dilbert-20070117.html http://dilbert.com/comics/dilbert/archive/dilbert-20070118.html - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: It's a Presidential Mandate, Feds use it. How come you are not using FDE?

2007-01-16 Thread Steve Schear
At 06:32 AM 1/16/2007, Steven M. Bellovin wrote: Disk encryption, in general, is useful when the enemy has physical access to the disk. Laptops -- the case you describe on your page -- do fit that category; I have no quarrel with disk encryption for them. It's more dubious for desktops and

SC-based link encryption

2007-01-04 Thread Steve Schear
I haven't been following the smartcard scene for a while. I'm looking to create a low-cost and portable link encryptor, with D-H or similar key exchange, for lower 100kbps data speeds. Is this possible? Steve - The

Re: cellphones as room bugs

2006-12-03 Thread Steve Schear
At 07:21 AM 12/2/2006, Perry E. Metzger wrote: Quoting: The FBI appears to have begun using a novel form of electronic surveillance in criminal investigations: remotely activating a mobile phone's microphone and using it to eavesdrop on nearby conversations. The technique is

Re: cellphones as room bugs

2006-12-03 Thread Steve Schear
At 07:21 AM 12/2/2006, Perry E. Metzger wrote: Quoting: The FBI appears to have begun using a novel form of electronic surveillance in criminal investigations: remotely activating a mobile phone's microphone and using it to eavesdrop on nearby conversations. BTW, its easy to

Re: fyi: On-card displays

2006-09-21 Thread Steve Schear
At 02:45 PM 9/20/2006, [EMAIL PROTECTED] wrote: Via Bruce Schneier's blog, flexible displays that can sit on smartcards. So we finally have an output mechanism that means you don't have to trust smartcard terminal displays:

Re: NSA knows who you've called.

2006-05-18 Thread Steve Schear
At 08:05 AM 5/11/2006, Perry E. Metzger wrote: Let me again remind people that if you do not inform your elected representatives of your displeasure with this sort of thing, eventually you will not be in a position to inform them of your displeasure with this sort of thing. I think begging

Black Hole Encryption

2006-04-04 Thread Steve Schear
What happens to the quantum information ingested by a black hole? In 1997, Thorne and Hawking argued that information swallowed by a black hole is forever hidden, despite the fact that these dense objects do emit a peculiar kind of radiation and eventually evaporate. Preskill countered that

Re: Cryptography Expert Paul Kocher Warns: Future DVDs Prime Target for Piracy, Pay TV Foreshadows Challenges

2004-04-22 Thread Steve Schear
At 10:40 AM 4/20/2004, R. A. Hettinga wrote: While it's unfortunate that security on the current DVD format is broken and can't be reprogrammed, HD is what really matters. Once studios release high-definition content, there will be little or no distinction between studio-quality and

Microsoft publicly announces Penny Black PoW postage project

2003-12-28 Thread Steve Schear
http://news.bbc.co.uk/2/hi/technology/3324883.stm Adam Back is part of this team, I think. Similar approach to Camram/hahscash. Memory-based approaches have been discussed. Why hasn't Camram explored them? steve BTW, Penny Black stamp was only used briefly. It was the Penny Red which

Fwd: Two interesting communication privacy tools

2003-12-14 Thread Steve Schear
From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] 1. Invisiblog http://invisiblog.com/ lets you publish a weblog using GPG and the Mixmaster anonymous remailer network. You don't ever have to reveal your identity - not even to us. You don't have to trust us, because we'll never know who you are.

Re: 'Smart stamps' next in war on terrorism

2003-11-16 Thread Steve Schear
The postal notice itself says this is the first step to identify all senders, so this is not a matter of paranoia, this is reality. The post office is moving towards identification requirements for everyone, said Chris Hoofnagle, associate director of the Electronic Privacy Information

Software protection scheme may boost new game sales

2003-10-11 Thread Steve Schear
Companies are using a new software protection system, called Fade, to protect their intellectual property from software thieves. Fade is being introduced by Macrovision, which specializes in digital rights management, and the British games developer Codemasters. What the program does is make

Freenet fork appears likely (was Re: Gmane -- Re: Why is Freenet so sick at the moment?)

2003-10-07 Thread Steve Schear
On Sat, Oct 04, 2003 at 11:31:36PM -0700, Ian Clarke spake thusly: I have never ever characterized Freenet as being anything other than in development. If you don't like the fact that Freenet is taking so-long to perfect, then either help, or use Earth Station 5 - I hear its great. You never

Re: Code breakers crack GSM cellphone encryption

2003-09-08 Thread Steve Schear
. Not if they can type GNURadio into Google. steve A foolish Constitutional inconsistency is the hobgoblin of freedom, adored by judges and demagogue statesmen. - Steve Schear - The Cryptography Mailing List Unsubscribe by sending

RE: Code breakers crack GSM cellphone encryption

2003-09-08 Thread Steve Schear
subscriber instruments can be captured by mobile rouge cell sites for fun stuff (I seem to recall Harris Communications made these). steve A foolish Constitutional inconsistency is the hobgoblin of freedom, adored by judges and demagogue statesmen. - Steve Schear

Hijacking .NET

2003-09-02 Thread Steve Schear
In the .NET Framework, it's possible to access a private member of any class -- your own, another developer's, or even the classes in the .NET Framework itself! Appleman demonstrates this with a great example that uses private members to get the list of groups that the current user is a

Re: JAP back doored

2003-09-02 Thread Steve Schear
http://www.heise.de/newsticker/data/jk-02.09.03-005/ German police have searched and seized the rooms (dorm?) of one of the JAP developers. They were on the look for data that was logged throughout the period when JAP had to log specific traffic. The JAP-people say that the seizure was not

Re: traffix analysis

2003-08-28 Thread Steve Schear
At 09:17 PM 8/27/2003 -0500, Anonymous wrote: It will often be possible to also trace the communication channel back through the crowd, by inserting delays onto chosen links and observing which ones correlate with delays in the data observed at the endpoint. This way it is not necessary to monitor

Grey-World

2003-07-09 Thread Steve Schear
An excellent site for those interested in tunneling, covert channels, network related steganographic methods developments. http://gray-world.net/ There is no protection or safety in anticipatory servility. Craig Spencer - The

New toy: SSLbar

2003-06-24 Thread Steve Schear
://sslbar.metropipe.net Enjoy. A Jobless Recovery is like a Breadless Sandwich. -- Steve Schear - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Session Fixation Vulnerability in Web Based Apps

2003-06-12 Thread Steve Schear
http://www.acros.si/papers/session_fixation.pdf A Jobless Recovery is like a Breadless Sandwich. -- Steve Schear - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]