On 11/09/2011, at 10:02, James A. Donald jam...@echeque.com wrote:
On 2011-09-11 9:10 AM, Andy Steingruebl wrote:
1. Phishing isn't the only problem right?
Malware + breaches might be the other 2 biggies.
Note that the malware/pc takeover market was probably financed by profits from
On 2011-09-11 9:10 AM, Andy Steingruebl wrote:
1. Phishing isn't the only problem right?
On 2011-09-11 7:44 PM, Ian G wrote:
Malware + breaches might be the other 2 biggies.
We now know in principle how to make malware resistant operating
systems,
On Sun, Sep 11, 2011 at 8:58 AM, Ian G i...@iang.org wrote:
On 11/09/2011, at 7:50, Steven Bellovin s...@cs.columbia.edu wrote:
On Sep 10, 2011, at 4:14 00PM, John Levine wrote:
[SNIP]
The issue, then, is one of
motivation -- given the current market price for stolen credit card
Lucky Peter said:
Moreover, I noticed that some posts list one or more desirable properties
and requirements together with a proposed solution.
That's the nice thing about PKI, there's more than enough fail to go around.
So, what happens now? As we all observe, there are two approaches
While PKI has many shortcomings, DigiNotar has shown the industry can
effectively kill off a deficient CA. Are there any measures in place
to keep a deficient registrar out of DNS? Or will NetNames still be
serving up records with a promise to do better? [Naively, I thought
the DNS hacks were
On Sep 11, 2011, at 4:50 PM, Ian G wrote:
So, what happens now? As we all observe, there are two approaches to dealing
with the collapse of faith of the PKI system: incremental fixes, and complete
rewrite.
We don't all observe that. Some of us observe a third, more likely approach:
On 09/11/2011 07:26 PM, Paul Hoffman wrote:
Some of us observe a third, more likely
approach: nothing significant happens due to this event. The
collapse of faith is only among the security folks whose faith was
never there in the first place. A week after the event, who was
talking about it
On 2011-09-12 9:50 AM, Ian G wrote:
Google has one more notable advantage: it is the only
player with all interests aligned.
... google is already the third person, because it also
serves the ad. It knows the merchant. So the next thing
that is going to happen is google will serve up the ad
On Sep 11, 2011, at 6:40 PM, Marsh Ray wrote:
On 09/11/2011 07:26 PM, Paul Hoffman wrote:
Some of us observe a third, more likely
approach: nothing significant happens due to this event. The
collapse of faith is only among the security folks whose faith was
never there in the first place. A