Re: Certificate-stealing Trojan

2010-09-28 Thread Marsh Ray
On 09/27/2010 08:26 PM, Rose, Greg wrote: On 2010 Sep 24, at 12:47 , Steven Bellovin wrote: Per there's a new Trojan out there that looks for a steals Cert_*.p12 files -- certificates with private keys. Since

Re: Obama administration revives Draconian communications intercept plans

2010-09-28 Thread Florian Weimer
Essentially, officials want Congress to require all services that enable communications — including encrypted e-mail transmitters like BlackBerry, social networking Web sites like Facebook and software that allows direct “peer to peer” messaging like Skype — to be technically

Re: Haystack (helping dissidents?)

2010-09-28 Thread Adam Shostack
On Thu, Sep 16, 2010 at 04:49:19PM +, M.R. wrote: | I said (something like) this when Haystack first appeared on this | list... | | Words dissidents and oppressive regimes have no place in | serious discussions among cryptographers. Once we start assigning | ethical categorizations to those

Re: 'Padding Oracle' Crypto Attack Affects Millions of ASP.NET Apps

2010-09-28 Thread Thai Duong
On Tue, Sep 28, 2010 at 12:49 PM, Peter Gutmann wrote: Ye gods, how can you screw something that simple up that much?  They use the appropriate, and secure, HMAC-SHA1 and AES, but manage to apply it backwards! I guess they just follow SSL. BTW, they screw up more