Re: Kaminsky finds DNS exploit

2008-07-10 Thread Sidney Markowitz
Udhay Shankar N wrote, On 9/7/08 5:52 PM: I think Dan Kaminsky is on this list. Any other tidbits you can add prior to Black Hat? He's posted a quite long article on his blog http://www.doxpara.com/?p=1162 that looks like all the details he is likely to provide for the next 30 days. It

Explaining DNSSEC

2008-07-10 Thread Ben Laurie
I was asked off-list for a pointer to an explanation of DNSSEC. I guess there may be other readers who'd like that, so here's a pointer to Matasano Chargen's rather beautiful exposition: http://www.matasano.com/log/case-against-dnssec/ Unfinished, but good enough. In particular, part 2

Dutch chipmaker sues to silence security researchers

2008-07-10 Thread Ali, Saqib
Dutch chipmaker NXP Semiconductors has sued a university in The Netherlands to block publication of research that details security flaws in NXP's Mifare Classic wireless smart cards, which are used in transit and building entry systems around the world. More at:

Re: Kaminsky finds DNS exploit

2008-07-10 Thread Florian Weimer
* Paul Hoffman: The take-away here is not that Dan didn't discover the problem, but Dan got it fixed. I haven't seen credible claims that the underlying issue can actually be fixed in the classic DNS protocol. There are workarounds on top of workarounds. A real fix requires more or less

Re: how bad is IPETEE?

2008-07-10 Thread Eric Rescorla
At Thu, 10 Jul 2008 18:10:27 +0200, Eugen Leitl wrote: In case somebody missed it, http://www.tfr.org/wiki/index.php?title=Technical_Proposal_(IPETEE) I'm not sure what the status of http://postel.org/anonsec/ is, the mailing list traffic dried up a while back. This is the first I

Re: Dutch chipmaker sues to silence security researchers

2008-07-10 Thread Allen
Ali, Saqib wrote: Dutch chipmaker NXP Semiconductors has sued a university in The Netherlands to block publication of research that details security flaws in NXP's Mifare Classic wireless smart cards, which are used in transit and building entry systems around the world. Ah, more 3 monkeys

Re: how bad is IPETEE?

2008-07-10 Thread Nicolas Williams
On Thu, Jul 10, 2008 at 06:10:27PM +0200, Eugen Leitl wrote: In case somebody missed it, http://www.tfr.org/wiki/index.php?title=Technical_Proposal_(IPETEE) I did miss it. Thanks for the link. I don't think in-band key exchange is desirable here, but, you never know what will triumph in

Re: how bad is IPETEE?

2008-07-10 Thread James Cloos
Eugen == Eugen Leitl [EMAIL PROTECTED] writes: Eugen I'm not sure what the status of http://postel.org/anonsec/ The IETF just created a new list and subscribed all anonsec subscribers: https://www.ietf.org/mailman/listinfo/btns -JimC -- James Cloos [EMAIL PROTECTED] OpenPGP:

Re: Permanent Privacy - Are Snake Oil Patents a threat?

2008-07-10 Thread Brecht Wyseur
On Wed, 2008-07-09 at 13:02 +1200, David G. Koontz wrote: I did a quick check to look for patent applications or patents by them and didn't find any. This isn't definitive if a patent application isn't published. The newest published patent application I found on encryption had an

Re: how bad is IPETEE?

2008-07-10 Thread Nicolas Williams
On Thu, Jul 10, 2008 at 02:31:12PM -0400, James Cloos wrote: Eugen == Eugen Leitl [EMAIL PROTECTED] writes: Eugen I'm not sure what the status of http://postel.org/anonsec/ The IETF just created a new list and subscribed all anonsec subscribers: