Re: An attack on paypal --> secure UI for browsers
> For example, a proposal I saw recently which > would have the OS decorate the borders of "trusted" windows with facts or > images that an attacker wouldn't be able to predict: the name of your > dog, or whatever. But if the system is rooted, then the attacker merely has to find the "today's secret word" entry in the registry and do the same thing. Unless Windows is planning on getting real kernel-level kinds of protection. > It was none other than Microsoft's NGSCB, nee Palladium. See > http://news.com.com/2100-1012_3-1000584.html?tag=fd_top: See previous sentence. :) /r$ -- Rich Salz Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
Re: QuizID?
Marc Branchaud wrote: Any thoughts on this device? At first glance, it doesn't seem particularly impressive... http://www.quizid.com/ Looks like hardware S/Key, doesn't it? If I could fool the user into entering a quizcode, then it seems like I could get the device and the admin database out of sync and lock the user out of the system. /r$
Re: secure IRC/messaging successor
> gale has scaling problems to large numbers of users, in particular > for group messaging. What doesn't? :) Gale seems to have a better security story, but Jabber certainly has the momentum and large force behind it. Plus, it's XML so you *know* it's good. /r$ -- Zolera Systems, Your Key to Online Integrity Securing Web services: XML, SOAP, Dig-sig, Encryption http://www.zolera.com