list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--
Lance James
http://soundcloud.com/lancejames
Office: 760-262-4141
l lan...@securescience.netan...@gmail.com
___
The cryptography mailing list
cryptography
by sending unsubscribe cryptography to [EMAIL PROTECTED]
--
Best Regards,
Lance James
Secure Science Corp.
http://www.securescience.net
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Hadmut Danisch wrote:
Hi Lance,
On Fri, Sep 08, 2006 at 10:26:45AM -0700, Lance James wrote:
Another problem from what I see with Malware that steals data is the
formgrabbing and on event logging of data. Malware can detect if
SecureID is being used based on targeted events, example: Say
Full article at http: // blog.washingtonpost.com / securityfix /
Citibank Phish Spoofs 2-Factor Authentication
Security experts have long touted the need for financial Web sites to move
beyond mere passwords and implement so-called two-factor authentication --
the second factor being something
Defeat 2-Factor Auth
Lance James wrote:
Full article at http: // blog.washingtonpost.com / securityfix /
happen to mention more than a year ago ... that it would be subject to
mitm-attacks ... recent comment on the subject
http://www.garlic.com/~lynn/aadsm24.htm#33 Threatwatch - 2-factor tokens
.
Surprisingly, many would fall for this.
My 2 cents.
-Lance
James A. Donald wrote:
--
James A. Donald wrote:
The obvious solution to the phishing crisis is the
widespread deployment of SRP
Lance James
I disagree here, I don't think this will stop phishing
for many reasons. Please
it, and in phishing,
if the user knows it, the user is vulnerable.
My 2 cents.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to
[EMAIL PROTECTED]
--
Best Regards,
Lance James
Secure
Lance James wrote:
James A. Donald wrote:
The obvious solution to the phishing crisis is the widespread
deployment of SRP, but this does not seem to happening. SASL-SRP was
recently dropped. What is the problem?
I want to clarify, because by typing to fast, i think my
to [EMAIL PROTECTED]
--
Best Regards,
Lance James
Secure Science Corporation
www.securescience.net
Author of 'Phishing Exposed'
http://www.securescience.net/amazon/
-
The Cryptography Mailing List
Unsubscribe by sending
Hi all,
I don't know if this is appropriate on this list, but I know that
diebold voting systems have been an issue in the cryptography community
for a while now. Having said that, I'm pasting an article that I
received (from my parents actually) that might be of interest to this
group. If
Jason Holt wrote:
On Mon, 11 Jul 2005, Lance James wrote:
[...]
place to fend off these attacks. Soon phishers will just use the site
itself to phish users, pushing away the dependency on tricking the
user with a spoofed or mirrored site.
[...]
You dismiss too much with your just
--
Best Regards,
Lance James
Secure Science Corporation
www.securescience.net
Author of 'Phishing Exposed'
http://www.securescience.net/amazon/
Find out how malware is affecting your company: Get a DIA account today!
https://slam.securescience.com/signup.cgi - it's free
.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to
[EMAIL PROTECTED]
--
Best Regards,
Lance James
Secure Science Corporation
www.securescience.net
Author of 'Phishing Exposed'
http://www.securescience.net/amazon/
Find out how malware
unsubscribe cryptography to [EMAIL PROTECTED]
--
Best Regards,
Lance James
Secure Science Corporation
www.securescience.net
Author of 'Phishing Exposed'
http://www.securescience.net/amazon/
Find out how malware is affecting your company: Get a DIA account today!
https://slam.securescience.com
, or flaw?
--
Best Regards,
Lance James
Secure Science Corporation
www.securescience.net
Author of 'Phishing Exposed'
http://www.securescience.net/amazon/
Find out how malware is affecting your company: Get a DIA account today!
https://slam.securescience.com/signup.cgi - it's free
Amir Herzberg wrote:
Lance James wrote:
...
https://slam.securescience.com/threats/mixed.html
This site is set so that there is a frame of https://www.bankone.com
inside my https://slam.securescience.com/threats/mixed.html site. The
imaginative part is that you may have to reverse
Florian Weimer wrote:
* Lance James:
Feature, or flaw?
Couldn't you just copy (or proxy all content) and get the same effect
without using frames at all?
How would you go about doing that and still get the SSL Lock to remain
as the banks? Can you give an example?
Maybe I'm
Florian Weimer wrote:
* Lance James:
Couldn't you just copy (or proxy all content) and get the same effect
without using frames at all?
How would you go about doing that and still get the SSL Lock to remain
as the banks? Can you give an example?
In both cases, you have
Amir Herzberg wrote:
Lance James wrote:
...
https://slam.securescience.com/threats/mixed.html
This site is set so that there is a frame of https://www.bankone.com
inside my https://slam.securescience.com/threats/mixed.html site. The
imaginative part is that you may have to reverse
Florian Weimer wrote:
* Lance James:
And as stated above, reverse the effect and it would be the banks in
scenarios such as XSS.
In case of XSS or CSRF, you have lost anyway. The web was not
designed as a presentation service for transaction processing,
especially
, unfortunately what I can vouch for is
covered under NDA - but I can tell you they are very serious about
addressing security - mind you, no one is perfect.
--
Best Regards,
Lance James
Secure Science Corporation
www.securescience.net
Author of 'Phishing Exposed'
http://www.securescience.net
.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
--
Best Regards,
Lance James
Secure Science Corporation
www.securescience.net
Author of 'Phishing Exposed'
http://www.securescience.net/amazon/
Find out how malware is affecting your
Protected or not, AmericanExpress.com has multiple web vulnerabilities -
I wouldn't log into it with a ten-foot pole :)
-Lance
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Perry E. Metzger
Sent: Wednesday, June 08, 2005 12:16 PM
To: Jerrold Leichter
and static. The ATM's last-four is private and static too
(unless
you want the burden to change your card often).
I agree on the privacy issue, your point is well taken there.
Lance James wrote:
But from your point, the codeword would be in the clear as well.
Respectively speaking, I don't
privacy and security risk.
Or is email becoming even more insecure, with our private information
being more and more disclosed by those who should actually guard it,
in the name of security?
Cheers,
Ed Gerck
--
Best Regards,
Lance James
Secure Science Corporation
www.securescience.com
Author
Perry E. Metzger wrote:
At long last, the DES FIPSes are withdrawn:
http://cryptome.org/nist051905.txt
Any comments on the NSA SHA-2 patents?
--
Best Regards,
Lance James
Secure Science Corporation
www.securescience.com
Author of 'Phishing Exposed'
http://www.securescience.net/amazon/
Have
the security of a block cipher?
Lance James @ Secure Science Corporation writes:
We will be proposing 2 hashes as well.
Well, that is completely non-responsive to the point Adam made.
You used the term provably. Where is your proof?
Did you understand the point Adam is making? In this field, the term
Regards,
Lance James
Secure Science Corporation
[Have Phishers stolen your customers' logins? Find out with DIA]
https://slam.securescience.com/signup.cgi - it's free!
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe
customers' logins? Find out with DIA]
| https://slam.securescience.com/signup.cgi - it's free!
|
--
Best Regards,
Lance James
Secure Science Corporation
[Have Phishers stolen your customers' logins? Find out with DIA]
https://slam.securescience.com/signup.cgi - it's free
29 matches
Mail list logo