Off-list request

2005-03-25 Thread Lance James
Regards, Lance James Secure Science Corporation [Have Phishers stolen your customers' logins? Find out with DIA] https://slam.securescience.com/signup.cgi - it's free! - The Cryptography Mailing List Unsubscribe by sending unsubscribe

Re: Secure Science issues preview of their upcoming block cipher

2005-03-25 Thread Lance James
customers' logins? Find out with DIA] | https://slam.securescience.com/signup.cgi - it's free! | -- Best Regards, Lance James Secure Science Corporation [Have Phishers stolen your customers' logins? Find out with DIA] https://slam.securescience.com/signup.cgi - it's free

Re: Secure Science issues preview of their upcoming block cipher

2005-03-28 Thread Lance James
the security of a block cipher? Lance James @ Secure Science Corporation writes: We will be proposing 2 hashes as well. Well, that is completely non-responsive to the point Adam made. You used the term provably. Where is your proof? Did you understand the point Adam is making? In this field, the term

Re: DES FIPS is finally withdrawn.

2005-05-21 Thread Lance James
Perry E. Metzger wrote: At long last, the DES FIPSes are withdrawn: http://cryptome.org/nist051905.txt Any comments on the NSA SHA-2 patents? -- Best Regards, Lance James Secure Science Corporation www.securescience.com Author of 'Phishing Exposed' http://www.securescience.net/amazon/ Have

Re: Citibank discloses private information to improve security

2005-05-30 Thread Lance James
privacy and security risk. Or is email becoming even more insecure, with our private information being more and more disclosed by those who should actually guard it, in the name of security? Cheers, Ed Gerck -- Best Regards, Lance James Secure Science Corporation www.securescience.com Author

Re: Citibank discloses private information to improve security

2005-05-31 Thread Lance James
and static. The ATM's last-four is private and static too (unless you want the burden to change your card often). I agree on the privacy issue, your point is well taken there. Lance James wrote: But from your point, the codeword would be in the clear as well. Respectively speaking, I don't

RE: AmEx unprotected login site

2005-06-08 Thread Lance James
Protected or not, AmericanExpress.com has multiple web vulnerabilities - I wouldn't log into it with a ten-foot pole :) -Lance -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Perry E. Metzger Sent: Wednesday, June 08, 2005 12:16 PM To: Jerrold Leichter

Re: Some companies are just asking for it.

2005-06-23 Thread Lance James
. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] -- Best Regards, Lance James Secure Science Corporation www.securescience.net Author of 'Phishing Exposed' http://www.securescience.net/amazon/ Find out how malware is affecting your

Re: Some companies are just asking for it.

2005-06-26 Thread Lance James
, unfortunately what I can vouch for is covered under NDA - but I can tell you they are very serious about addressing security - mind you, no one is perfect. -- Best Regards, Lance James Secure Science Corporation www.securescience.net Author of 'Phishing Exposed' http://www.securescience.net

Feature or Flaw?

2005-07-05 Thread Lance James
, or flaw? -- Best Regards, Lance James Secure Science Corporation www.securescience.net Author of 'Phishing Exposed' http://www.securescience.net/amazon/ Find out how malware is affecting your company: Get a DIA account today! https://slam.securescience.com/signup.cgi - it's free

Re: Feature or Flaw?

2005-07-05 Thread Lance James
Amir Herzberg wrote: Lance James wrote: ... https://slam.securescience.com/threats/mixed.html This site is set so that there is a frame of https://www.bankone.com inside my https://slam.securescience.com/threats/mixed.html site. The imaginative part is that you may have to reverse

Re: Feature or Flaw?

2005-07-05 Thread Lance James
Florian Weimer wrote: * Lance James: Feature, or flaw? Couldn't you just copy (or proxy all content) and get the same effect without using frames at all? How would you go about doing that and still get the SSL Lock to remain as the banks? Can you give an example? Maybe I'm

Re: Feature or Flaw?

2005-07-05 Thread Lance James
Florian Weimer wrote: * Lance James: Couldn't you just copy (or proxy all content) and get the same effect without using frames at all? How would you go about doing that and still get the SSL Lock to remain as the banks? Can you give an example? In both cases, you have

Re: Feature or Flaw?

2005-07-05 Thread Lance James
Amir Herzberg wrote: Lance James wrote: ... https://slam.securescience.com/threats/mixed.html This site is set so that there is a frame of https://www.bankone.com inside my https://slam.securescience.com/threats/mixed.html site. The imaginative part is that you may have to reverse

Re: Feature or Flaw?

2005-07-05 Thread Lance James
Florian Weimer wrote: * Lance James: And as stated above, reverse the effect and it would be the banks in scenarios such as XSS. In case of XSS or CSRF, you have lost anyway. The web was not designed as a presentation service for transaction processing, especially

Re: the limits of crypto and authentication

2005-07-09 Thread Lance James
unsubscribe cryptography to [EMAIL PROTECTED] -- Best Regards, Lance James Secure Science Corporation www.securescience.net Author of 'Phishing Exposed' http://www.securescience.net/amazon/ Find out how malware is affecting your company: Get a DIA account today! https://slam.securescience.com

Re: Why Blockbuster looks at your ID.

2005-07-11 Thread Lance James
-- Best Regards, Lance James Secure Science Corporation www.securescience.net Author of 'Phishing Exposed' http://www.securescience.net/amazon/ Find out how malware is affecting your company: Get a DIA account today! https://slam.securescience.com/signup.cgi - it's free

Re: New Credit Card Scam (fwd)

2005-07-11 Thread Lance James
. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] -- Best Regards, Lance James Secure Science Corporation www.securescience.net Author of 'Phishing Exposed' http://www.securescience.net/amazon/ Find out how malware

Re: New Credit Card Scam (fwd)

2005-07-12 Thread Lance James
Jason Holt wrote: On Mon, 11 Jul 2005, Lance James wrote: [...] place to fend off these attacks. Soon phishers will just use the site itself to phish users, pushing away the dependency on tricking the user with a spoofed or mirrored site. [...] You dismiss too much with your just

Diebold - might be of interest

2005-08-01 Thread Lance James
Hi all, I don't know if this is appropriate on this list, but I know that diebold voting systems have been an issue in the cryptography community for a while now. Having said that, I'm pasting an article that I received (from my parents actually) that might be of interest to this group. If

Re: Kama Sutra Spoofs Digital Certificates

2006-01-26 Thread Lance James
to [EMAIL PROTECTED] -- Best Regards, Lance James Secure Science Corporation www.securescience.net Author of 'Phishing Exposed' http://www.securescience.net/amazon/ - The Cryptography Mailing List Unsubscribe by sending

Re: Status of SRP

2006-06-01 Thread Lance James
it, and in phishing, if the user knows it, the user is vulnerable. My 2 cents. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] -- Best Regards, Lance James Secure

Re: Status of SRP

2006-06-01 Thread Lance James
Lance James wrote: James A. Donald wrote: The obvious solution to the phishing crisis is the widespread deployment of SRP, but this does not seem to happening. SASL-SRP was recently dropped. What is the problem? I want to clarify, because by typing to fast, i think my

Re: Status of SRP

2006-06-02 Thread Lance James
. Surprisingly, many would fall for this. My 2 cents. -Lance James A. Donald wrote: -- James A. Donald wrote: The obvious solution to the phishing crisis is the widespread deployment of SRP Lance James I disagree here, I don't think this will stop phishing for many reasons. Please

Phishers Defeat 2-Factor Auth

2006-07-11 Thread Lance James
Full article at http: // blog.washingtonpost.com / securityfix / Citibank Phish Spoofs 2-Factor Authentication Security experts have long touted the need for financial Web sites to move beyond mere passwords and implement so-called two-factor authentication -- the second factor being something

Phishers Defeat 2-Factor Auth

2006-07-11 Thread Lance James
http://blog.washingtonpost.com/securityfix/2006/07/citibank_phish_spoofs_2fa ctor_1.html Thought this might interest some. -Lance James - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL

RE: Phishers Defeat 2-Factor Auth

2006-07-11 Thread Lance James
Defeat 2-Factor Auth Lance James wrote: Full article at http: // blog.washingtonpost.com / securityfix / happen to mention more than a year ago ... that it would be subject to mitm-attacks ... recent comment on the subject http://www.garlic.com/~lynn/aadsm24.htm#33 Threatwatch - 2-factor tokens

Re: RSA SecurID SID800 Token vulnerable by design

2006-09-09 Thread Lance James
by sending unsubscribe cryptography to [EMAIL PROTECTED] -- Best Regards, Lance James Secure Science Corp. http://www.securescience.net - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: RSA SecurID SID800 Token vulnerable by design

2006-09-09 Thread Lance James
Hadmut Danisch wrote: Hi Lance, On Fri, Sep 08, 2006 at 10:26:45AM -0700, Lance James wrote: Another problem from what I see with Malware that steals data is the formgrabbing and on event logging of data. Malware can detect if SecureID is being used based on targeted events, example: Say

Re: [Cryptography] Opening Discussion: Speculation on BULLRUN

2013-09-05 Thread Lance James
list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography -- Lance James http://soundcloud.com/lancejames Office: 760-262-4141 l lan...@securescience.netan...@gmail.com ___ The cryptography mailing list cryptography