n and they don't realize that the state of the art
has already shifted under their feet.
Arshad Noor
StrongAuth, Inc.
- Original Message -
From: "Steven M. Bellovin" <[EMAIL PROTECTED]>
On Mon, 18 Jun 2007 22:57:36 -0700
"Ali, Saqib" <[EMAIL PROTECTED]>
their energy on protecting the area that matters most - the actual
applications that use sensitive data.
Arshad Noor
StrongAuth, Inc.
- Original Message -
From: "Saqib Ali" <[EMAIL PROTECTED]>
To: "Arshad Noor" <[EMAIL PROTECTED]>
Cc: "Cryptography"
Sen
A reminder of the Enterise Key Management Infrastructure (EKMI)
Workshop on November 15th in San Francisco. Thanks.
Arshad Noor
StrongAuth, Inc.
Original Message
Subject: ISACA to Host an Enterprise Key Management Infrastructure Workshop
Date: Sun, 21 Oct 2007 21:49:40 -0700
contact me privately for an alternative solution.
Arshad Noor
StrongAuth, Inc.
[EMAIL PROTECTED] wrote:
So... supposing I was going to design a crypto library for use within
a financial organization, which mostly deals with credit card numbers
and bank accounts, and wanted to create an API for
I think you would be doing the crypto community a huge public
service by publishing the ~4 page section, Ian. Personally,
I prefer your 3-sentence disclaimer. :-)
Arshad Noor
StrongAuth, Inc.
Ian Farquhar (ifarquha) wrote:
I personally have a boilerplate risk disclosure section
which
The usual excuse, Dan: ignorance.
Those of us who know how companies maintain the security
of their systems minimize the use of, or eschew, such
sites. We also always ask for an Absentee (paper) ballot
in places where electronic voting is the only choice at
the polling booth.
Arshad Noor
Do business people get it? Do security professionals get it?
Apparently not.
Arshad Noor
StrongAuth, Inc.
Huge losses reported by Société Générale were apparently enabled
by forgotten low-level IT chores such as password management.
http://www.infoworld.com/article/08/02/04/Poor-password
Las Vegas" mentality has permeated businesses
to the point that we're taking bigger and bigger risks without really
doing the analysis - going on just "gut feel" - resulting in situations
like at Societe' Generale.
Arshad Noor
StrongAuth, Inc.
Jon Callas wrote:
scheduled to be held
in Baltimore, MD this fall, that should be of interest to
people in this forum:
http://www.keymanagementsummit.com/2008/
Arshad Noor
StrongAuth, Inc.
[EMAIL PROTECTED] wrote:
I've got two presentations I've given on encrypted storage technologies h
conference are available at:
http://middleware.internet2.edu/idtrust/2008/program.html
Arshad Noor
StrongAuth, Inc.
Philipp Gühring wrote:
Hi,
QUESTION: Does anybody knows about the existence of a
security research in area of grading the easiness to
steel biometric data.
There are several
Fascinating!
This may be the first phishing e-mail I've seen that uses
a message related to digital certificates for attacking the
client; I am not a customer of Comerica.
Has anyone else seen this before?
Arshad Noor
StrongAuth, Inc.
Original Message
Subject:S
Had to remove the link so it would get past the spam-filters;
apologies if you see multiple postings.
Arshad Noor wrote:
Fascinating!
This may be the first phishing e-mail I've seen that uses
a message related to digital certificates for attacking the
client; I am not a customer of Com
It can be "ordered to decrypt system passwords"??? So, I wonder
what attackers can do with this...
Arshad Noor
StrongAuth, Inc.
"Microsoft revealed its development of a digital forensic analysis toolkit at a
security conference yesterday as part of a wider discussion of how tec
does the Blackberry encryption protocol work like S/MIME?
Arshad Noor
StrongAuth, Inc.
- Original Message -
From: "Derek Atkins" <[EMAIL PROTECTED]>
To: "Perry E. Metzger" <[EMAIL PROTECTED]>
Cc: cryptography@metzdowd.com
Sent: Tuesday, May 27, 2008 8:54
FYI.
- Forwarded Message -
From: "Matt Ball" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Sent: Wednesday, May 28, 2008 1:37:18 PM (GMT-0800) America/Los_Angeles
Subject: [P1619-3] Last reminder: Call for Speakers and Sponsors for the 2008
Key Management Summit Ends This Friday
(Please forw
d, if they are, how are the 3DES keys
agreed upon? Doesn't that imply public/private key-pairs or a
master-key?)
Arshad Noor
StrongAuth, Inc.
- Original Message -
From: "Victor Duchovni" <[EMAIL PROTECTED]>
Cc: cryptography@metzdowd.com
Sent: Friday, May 30, 2008 10:4
except to experts over e-mail. I
presume this is how David learned of the RC4 algorithm?
Arshad Noor
StrongAuth, Inc.
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
hnology is well understood by most people on this forum, until
we educate the gate-keepers, we have failed in our jobs to secure IT
infrastructure.
Arshad Noor
StrongAuth, Inc.
Allen wrote:
Hi gang,
All quiet on the cryptography front lately, I see. However, that does
not prevent practices tha
t, and have instinctively
preferred simpler - but strong - technical solutions, have my instincts
been wrong all along? TIA.
Arshad Noor
StrongAuth, Inc.
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
arge and small - is that it is necessary to use a combination
of strong technology and procedures for effective security. Relying
on just one component alone can lead to a breakdown in security (as
my experience has shown me).
Arshad Noor
StrongAuth, Inc.
---
d
support them in EKMI as appropriate. Should there be requests from
the OASIS community that there be support for algorithms that are not
in XMLEnc, the Technical Committee will discuss and vote on it.
Arshad Noor
StrongAuth, Inc.
---
Florian Weimer wrote:
* Arshad Noor:
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=208800937
On a more serious note, I think the criticism probably refers to the
fact that SKSML does not cryptopgrahically enforce proper key
management. If a participant turns bad
Ben Laurie wrote:
Arshad Noor wrote:
I may be a little naive, but can a protocol itself enforce proper
key-management? I can certainly see it facilitating the required
discipline, but I can't see how a protocol alone can enforce it.
I find the question difficult to understand. Bef
e FDE vendors respond to you so you can forward
as appropriate. Thanks.
Arshad Noor
StrongAuth, Inc.
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
ned by the limitations of the underlying
technology components, polices and practices. But you still have to
make the choice.
Arshad Noor
StrongAuth, Inc.
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
:
http://www.strongkey.org.
Looking forward to this groups' comments. Thank you.
Arshad Noor
StrongAuth, Inc.
- Forwarded Message -
From: "Mary McRae" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Cc: "ekmi" <[EMAIL PROTECTED]>
Sent: Th
ntral key-management server.
Arshad Noor
StrongAuth, Inc.
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
ey-management server. However, it does
require that the Symmetric Key Client Library (SKCL) have connected
to the Symmetric Key Services (SKS) server at least once before it
can use this capability.
Arshad Noor
StrongAuth, Inc.
do (for
the moment). I recognize that I cannot please everyone in any
audience, and must therefore, do/say what what I believe is right for
my customers. Only time will tell if I got it right - temporarily.
Arshad Noor
StrongAuth, Inc.
-
anticipate SKMS doing for key-management. Those
precise three groups of people - and now, including security and
compliance officers - are slowly starting to discover that for themselves.
Arshad Noor
StrongAuth, Inc.
-
The Cryptograp
20+ years I've always seen
Kerberos as a network-authentication protocol and perhaps it is my
failing that I couldn't see the possibility of using a flat-head
screwdriver in a Philips-head screw.
Arshad Noor
Stron
FYI.
Original Message
Subject:[P1619-3] Early Registration Deadline for KMS 2008 Extended to
August 31, 2008
Date: Sat, 16 Aug 2008 18:18:54 -0600
From: Matt Ball <[EMAIL PROTECTED]>
Reply-To: Matt Ball <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
To give ev
//www.pcisecuritystandards.org/security_standards/pci_dss_download.html
http://www.owasp.org/index.php/Top_10_2007
Arshad Noor
StrongAuth, Inc.
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Darren Lasko wrote:
Arshad Noor wrote:
"6.5 Develop all web applications based on secure coding guidelines
such as the Open Web Application Security Project guidelines"
Isn't this vulnerability already in the Top 10, specifically "A7 - Broken
Authentication and Session
h/keyboard/
Arshad Noor
StrongAuth, Inc.
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
de:
http://www.snl.com/irweblinkx/file.aspx?IID=4094417&FID=7249269
Arshad Noor
StrongAuth, Inc.
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
arter-discuss/200902/msg1.html
It is fair to warn readers that the contradictory opinion is
not a technical discussion of cryptography, but more a
political fallout in the KM space. If KM standards are of
interest to readers, they may find the comments at the OASIS
link germane.
Arshad
FYI.
Original Message
Subject: New W3C XML Security Specifications
Date: Fri, 27 Feb 2009 14:10:04 -0500
From: Sean Mullan
Reply-To: security-...@xml.apache.org
To: security-...@xml.apache.org
The W3C XML Security Working Group has just released 7 first public working
drafts o
no possibility of someone writing out plaintext when comparing
decrypted objects.
Am I missing something?
Arshad Noor
StrongAuth, Inc.
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
u (or anyone on this forum) know of technology that allows the
application to gain access to the crypto-hardware after an unattended
reboot - but can prevent an attacker from gaining access to those keys
after compromising a legitimate ID on the machine - I'd welcome hearing
about it. TIA.
A
ation if no PINs are involved?
Arshad Noor
StrongAuth, Inc.
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
-experienced or less-resourceful companies
would start the dominoes falling and inadvertently bring down even the
well calibrated companies. Regulations can help with preventing that
first domino from falling if implemented effectively.
Arshad Noor
StrongAuth, Inc
cency case.
http://www.legislation.gov.uk/ukpga/2000/23/section/53
Arshad Noor
StrongAuth, Inc.
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
43 matches
Mail list logo