Rich Salz [EMAIL PROTECTED] writes:
I think signatures are increasingly being used for technical reasons, not
legal. That is, sign and verify just to prove that all the layers of
middleware and Internet and general bugaboos didn't screw with it.
That cuts both ways though. Since so many
Adam Shostack wrote:
No. If I get your database with SQL injection, all conditions are
met, and I have your plaintext. But, the data is in an encrypted
form, and you're saved.
I'm not familiar with SQL injection vulnerabilities. Perhaps the issue
is misrepresentation by the SQL provider
At 00:48 2005-06-03 +0100, Ian G wrote:
Just to make it more interesting, the AG of New York, Elliot Spitzer
has introduced a package of legislation intended to rein in identity theft
including:
Facilitating prosecutions against computer hackers by creating
specific criminal penalties for
there were several news URLs a month or so ago about the issue of
faster in conjunction with the orlanda effort and some of the
predictions on possibly 40mil (most frequently travelling) people sign
up if such programs were rolled out around the country.
the issue raised was that they were
Peter Gutmann wrote:
That cuts both ways though. Since so many systems *do* screw with data (in
insignificant ways, e.g. stripping trailing blanks), anyone who does massage
data in such a way that any trivial change will be detected is going to be
inundated with false positives. Just ask any
Anne Lynn Wheeler [EMAIL PROTECTED] writes:
the problem was that xml didn't have a deterministic definition for encoding
fields.
Yup, see Why XML Security is Broken,
http://www.cs.auckland.ac.nz/~pgut001/pubs/xmlsec.txt, for more on this. Mind
you ASN.1 is little better, there are rules for
On Friday 03 June 2005 14:38, Greg Rose wrote:
At 00:48 2005-06-03 +0100, Ian G wrote:
Just to make it more interesting, the AG of New York, Elliot Spitzer
has introduced a package of legislation intended to rein in identity
theft including:
Facilitating prosecutions against computer
That cuts both ways though. Since so many systems *do* screw with data (in
insignificant ways, e.g. stripping trailing blanks), anyone who does massage
data in such a way that any trivial change will be detected is going to be
inundated with false positives. Just ask any OpenPGP implementor
Cracking the Bluetooth PIN
http://www.eng.tau.ac.il/~yash/shaked-wool-mobisys05/index.html
Abstract:
This paper describes the implementation of an attack on the Bluetooth
security mechanism. Specifically, we describe a passive attack, in
which an attacker can find the PIN used during the
On Jun 3, 2005, at 11:55, Perry E. Metzger wrote:
2) They also have a way of forcing pairing to happen, by impersonating
one of the devices and saying oops! I need to pair again! to the
other.
Do the devices then pair again without user intervention, re-using the
PIN that paired them
If you have a pair of bluetooth devices that are paired, best to keep
them in a faraday cage at all times.
Buy a Bluetooth phone and get a matching colour Faraday cage for FREE! *
* Faraday not included.
...
-
The
Matt Crawford [EMAIL PROTECTED] writes:
On Jun 3, 2005, at 11:55, Perry E. Metzger wrote:
2) They also have a way of forcing pairing to happen, by impersonating
one of the devices and saying oops! I need to pair again! to the
other.
Do the devices then pair again without user
On 6/3/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Another alternative is the cyphersaber type of thing, where you could just
implement your crypto-code on the fly, as needed.
Yes, I could, and have. Presumably you could. Ben Laurie probably
could blindfolded with both hands tied behind his
Even anonymous plaintext ain't so anonymous, boys and girls...
Cheers,
RAH
--- begin forwarded text
Date: Fri, 3 Jun 2005 23:30:57 -0400
To: Philodox Clips List [EMAIL PROTECTED]
From: R.A. Hettinga [EMAIL PROTECTED]
Subject: [Clips] The Word Crunchers
Reply-To: [EMAIL PROTECTED]
Sender:
14 matches
Mail list logo