On Tue, Nov 23, 2010 at 10:43 PM, Marsh Ray ma...@extendedsubset.com wrote:
How about all the weak and insufficiently seeded RNGs out there?
it's more than a little annoying how many accelerated crypto
implementations exist while good entropy is still a scarcity.
why isn't this a native
On 11/24/2010 02:11 PM, coderman wrote:
On Wed, Nov 24, 2010 at 2:49 AM, Marsh Rayma...@extendedsubset.com wrote:
(that's the abridged version. this is actually more complicated than
many assume, and i've written my own egd's in the past to meet need.)
Ya.
How does this feature interact
On Wed, Nov 24, 2010 at 2:16 PM, Marsh Ray ma...@extendedsubset.com wrote:
...
So are you saying it is or it isn't Cloud-Compliant?
hah, i rant at length on the mistaken security assumptions of cloud
computing. (remember when it was grid computing?, and before that ...)
i'll try to stay on
On 21/11/10 8:37 AM, Marsh Ray wrote:
On 11/19/2010 05:39 PM, Ian G wrote:
I don't think this qualifies as a bait-and-switch scenario because the
originally-advertised functionality (the bait) is still part of the
package.
:)
Bait-and-switch would be more like a salesperson saying No,
On Sat, Nov 20, 2010 at 1:37 PM, Marsh Ray ma...@extendedsubset.com wrote:
...
The best term for this that I can think of is plain old exaggeration, but
I don't feel like that really captures the idea. It's more that the claims
are extended beyond their original domain, to the point where they
Does the fact that parts of Stuxnet was signed by two valid certs
count as a cryptographic failure?
Of course not. Does it count as a DMV failure if a bank robber has a valid
drivers license?
None of us have ever claimed that only good people can use cryptography. As a
matter of fact,
Ian G wrote:
On this I would demure. We do have a good metric: losses. Risk
management starts from the business, and then moves on to how losses are
effecting that business, which informs our threat model.
We now have substantial measureable history of the results of open use
of
On 20/11/10 2:10 PM, James A. Donald wrote:
Ian G wrote:
On this I would demure. We do have a good metric: losses. Risk
management starts from the business, and then moves on to how losses are
effecting that business, which informs our threat model.
We now have substantial measureable history
A common, perhaps the most common, attack on corporations is
to get
inside the corporate network through wifi, then mount an sql
injection attack on the corporate database, then steal the
corporate database.
This often causes extremely large monetary losses.
A very large percentage of