Senators on civil liberties

[Sidney Markowitz]

Here's a quote from the Washington Post last Sunday, 23 Sept, 2001.
The URL
http://www.washingtonpost.com/wp-dyn/articles/A10701-2001Sep22.html
is good for 2 weeks from then:

 -

"I've been getting e-mails from all over the country, from people both
on the left and the right, concerned about what we're doing to civil
liberties," Senate Judiciary Committee Chairman Patrick J. Leahy
(D-Vt.) told Ashcroft in a meeting Wednesday.

"That's okay, Pat, we've been reading your e-mails all week," Ashcroft
deadpanned.

Leahy erupted in laughter, disarmed.

 --





-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Stego spy terrorist scare

[Peter Gutmann]

Looking at some of the recent (unsubstantiated) reports of people who would
abhor porn for religious reasons using porn to communicate (!!), I wonder if
these stories can be traced back to the LA Times nonsense of a few years ago
where unnamed spies were doing the same thing?  Given that these rumours stick
around more or less forever once started, and that the stego-porn story seems
to be no more than a rumour, could it just be a mutation of the same story?

(Why couldn't bin Laden just record his messages backwards in heavy metal like
satan does?).

Peter.



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: "Pirate Utopia," FEED, February 20, 2001

[David Honig]

At 11:44 AM 9/24/01 -0700, Ray Dillinger wrote:
>
>Actually, dictionary attacks reveal about sixty percent of passwords, 
>so for every six passwords you find on a dictionary attack, you can 
>infer ten actual stegotexts times the ratio between your analyzed and 
>discovered (possibly-false) positives.  
>
>While he has analyzed only two percent of his sample, that's a sufficient 
>number that if even even a tenth of one percent of his positives were 
>real he'd have discovered at least a few passwords. 
>
>The paper is solid statistical methods; lack of any dictionary-yeilding 
>passwords in that big a sample is very strong evidence that the sample 
>is overwhelmingly made up of false positives.
>
>   Bear

That's an excellent point, but: if you were smart enough to use stego
for real, wouldn't you be smart enough to pick a good password? 





 






  







-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: New encryption technology closes WLAN security loopholes

[ji]

> Or in other words, the first requirement for perimeter security is a perimeter.

In increasingly many environments, the term "perimeter" makes little sense.
See, for example, the CCS-2000 paper on Distributed Firewalls by Sotiris
Ioannidis et al.  You can get it (among other places) from
http://www.research.att.com/~smb/papers/ccs-df.pdf

/ji

(for the curious, the Ioannidis on that paper is my brother, not I).




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: [FYI] Did Encryption Empower These Terrorists?

[Steven M. Bellovin]

In message , Bill Frantz writes:
>At 10:11 AM -0700 9/24/01, [EMAIL PROTECTED] wrote:
>>as mentioned in the various previous references ... what is at risk  ...
>>effectively proportional to the aggregate of the account credit limits ...
>>for all accounts that happened to have been stored in any account master
>>file ... is significantly larger than any particular merchant may have
>>directly at risk because of a security breach. in the "security
>>proportional to risk" theory  the entity that has the risk should have
>>control over the security measures, those security measures should be
>>proportional to what they have at risk, and the cost of those security
>>measures should also be proportional to the risk.
>
>It seems to me that because of the $50 liability limit under US law, most
>of the risk is carried by the credit card issuers.  They are also in a
>position to require proper security by contract with the merchant.
>

Actually, I believe it's by the merchants.  Internet transactions 
generally count as "card not present" transactions, which means that 
the merchants take the risk.  

--Steve Bellovin, http://www.research.att.com/~smb
  http://www.wilyhacker.com





-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: [FYI] Did Encryption Empower These Terrorists?

[Bill Frantz]

At 10:11 AM -0700 9/24/01, [EMAIL PROTECTED] wrote:
>as mentioned in the various previous references ... what is at risk  ...
>effectively proportional to the aggregate of the account credit limits ...
>for all accounts that happened to have been stored in any account master
>file ... is significantly larger than any particular merchant may have
>directly at risk because of a security breach. in the "security
>proportional to risk" theory  the entity that has the risk should have
>control over the security measures, those security measures should be
>proportional to what they have at risk, and the cost of those security
>measures should also be proportional to the risk.

It seems to me that because of the $50 liability limit under US law, most
of the risk is carried by the credit card issuers.  They are also in a
position to require proper security by contract with the merchant.

Cheers - Bill


-
Bill Frantz   | The principal effect of| Periwinkle -- Consulting
(408)356-8506 | DMCA/SDMI is to prevent| 16345 Englewood Ave.
[EMAIL PROTECTED] | fair use.  | Los Gatos, CA 95032, USA





-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: New encryption technology closes WLAN security loopholes

[Bill Frantz]

At 12:36 PM -0700 9/24/01, [EMAIL PROTECTED] wrote:
>>While we are on the topic, it seems to me that the other implication
>>of 802.11 is that the Ethernet backbone in most offices can no longer
>>be considered secure.
>
>Given the number of people with laptops who bring them in and out of
>your average firewalled network, nothing can be considered secure.  Or
>people spreading viruses, for that matter.
>
>/ji
>
>
>[Moderator's Note: To expand on John's point, many organizations were
>infected with Code Red by people plugging their laptops in to the
>corporate LAN after running them outside the LAN, or were infected via
>VPN tunnels from machines on the outside that were incorrectly not
>thought of as being part of the security perimeter. In the face of
>such attacks, firewalls can no longer stop worms or viruses from
>entering a firm. --Perry]

Or in other words, the first requirement for perimeter security is a perimeter.

Cheers - Bill


-
Bill Frantz   | The principal effect of| Periwinkle -- Consulting
(408)356-8506 | DMCA/SDMI is to prevent| 16345 Englewood Ave.
[EMAIL PROTECTED] | fair use.  | Los Gatos, CA 95032, USA





-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: "Pirate Utopia," FEED, February 20, 2001

[Greg Rose]

At 11:44 AM 9/24/2001 -0700, Ray Dillinger wrote:
>On Mon, 24 Sep 2001, Nomen Nescio wrote:
> >The Stegdetect paper proceeded to further analyze the 2+ images by
> >looking for passwords that would produce meaningful messages from the
> >hypothesized hidden content, via dictionary attack.  No valid passwords
> >were found, and the authors concluded therefore that these were all
> >false positives.  This does not seem to be a fully supported conclusion.
>
>Actually, dictionary attacks reveal about sixty percent of passwords,
>so for every six passwords you find on a dictionary attack, you can
>infer ten actual stegotexts times the ratio between your analyzed and
>discovered (possibly-false) positives.
>
>While he has analyzed only two percent of his sample, that's a sufficient
>number that if even even a tenth of one percent of his positives were
>real he'd have discovered at least a few passwords.
>
>The paper is solid statistical methods; lack of any dictionary-yeilding
>passwords in that big a sample is very strong evidence that the sample
>is overwhelmingly made up of false positives.

I'm afraid I have to disagree. They could all be images manipulated by a 
different steganographic program from the one(s) that are being tested, 
and/or they could all have been manipulated by very disciplined people 
using high-entropy passwords. Lack of evidence is at most suggestive.

Greg.

Greg Rose   INTERNET: [EMAIL PROTECTED]
Qualcomm Australia  VOICE:  +61-2-9817 4188   FAX: +61-2-9817 5199
Level 3, 230 Victoria Road,http://people.qualcomm.com/ggr/
Gladesville NSW 2111232B EC8F 44C6 C853 D68F  E107 E6BF CD2F 1081 A37C




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: "Pirate Utopia," FEED, February 20, 2001

[Sampo Syreeni]

On Mon, 24 Sep 2001, Ted Lemon wrote:

>This presumes that people who use steganography in the real world right
>now are similar in their password security habits to the general computer
>user population.

It also presumes that people use the precise same steganographic algorithm,
I think. I've haven't seen the paper, though -- what's said there about the
issue of multiple stego methods out there?

Sampo Syreeni, aka decoy, mailto:[EMAIL PROTECTED], gsm: +358-50-5756111
student/math+cs/helsinki university, http://www.iki.fi/~decoy/front
openpgp: 050985C2/025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: "Pirate Utopia," FEED, February 20, 2001

[Ted Lemon]

> Actually, dictionary attacks reveal about sixty percent of passwords, 
> so for every six passwords you find on a dictionary attack, you can 
> infer ten actual stegotexts times the ratio between your analyzed and 
> discovered (possibly-false) positives.  

This presumes that people who use steganography in the real world
right now are similar in their password security habits to the general
computer user population.  Steganography is an esoteric practice, and
really only interesting in the real world to people who have much more
serious security worries than the average computer user.  So I think
this is actually unrealistic - I would bet that close to 0% of
encryption keys used to encrypt data sent in the real world using
steganography (assuming steganography is being used by anybody but
crypto researchers right now) would be susceptible to dictionary
attack.

   _MelloN_





-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: [FYI] Did Encryption Empower These Terrorists?

[lynn . wheeler]

re: easy;

almost 30 years ago, we shot a scripting type virus on the internal network
and then laid down some "easy" rules that would preclude any new scripting
virus &/or trojan horses.

if it really was as trivial and easy as we thot 30 years ago ... by
definition, the majority of the recent rash of exploits, viruses, et al ...
would never have happened. Since the expolits did  happen (and are
continuing)  ... then there must be issues involved that are not be quite
as easy as we thot 30 years ago.

i spent some amount of my young years around various types of farm
equipment and thot it was easy living thru it (although when I was around
10,  i  let lady-fingers explode in my hand & when I was older ... worked
re-bar w/o gloves). Later, along came HEW and set out guidelines that a lot
of the stuff I grew up working around was dangerous equipment and in
various cases needed substantial modifications (what I thot was easy at the
time, subsequently was judged very dangerous).





-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: [FYI] Did Encryption Empower These Terrorists?

[lynn . wheeler]

If it was so easy ... it wouldn't be a problem. An objective of the
original e-commerce deployments was that the account number file not be
co-located on the webserver. Since a large number of subsequent deployments
have co-located on the webserver or on some equally accessable location
would tend to indicate that it isn't as easy as it might first appear.

One might suspect that the definition of "easy" is rather relative ... and
also there may be some questions regarding what aspect of the issues does
"easy" apply to (internet easy, server easy, webserver easy, technology
easy, programming easy, business process easy, process easy, etc).

I would claim that having it become so prevalent after the initial
subsequent deployments would imply that there are at least some issues
involved that make it much more than a simple, straight-forward, brain-dead
matter (if it was trivially obvious for everybody in world, then there is
some rational that nobody would have done in such a way that creates such
security & risk issues).




   
 Ben Laurie
<[EMAIL PROTECTED] To:  [EMAIL PROTECTED]
   .uk> cc:  [EMAIL PROTECTED],   
   Hadmut Danisch <[EMAIL PROTECTED]>, 
 09/24/2001[EMAIL PROTECTED]   
   01:32 PM Subject:  Re: [FYI] Did Encryption 
   Empower These Terrorists?   
   




[EMAIL PROTECTED] wrote:
>
> there are all sorts of shortcomings in this world. you find a "merchant"
> that buys a computer, installs some webserver software and puts it up and
> the web and expects that to handle everything.

Fine, but that was not the point you claimed to be making. You said:

> The web server
> account number master file also typicall represents a risk that is
> significantly greater than what typical merchant otherwise has at risk
...
> making it difficult to support a solution where the level of
> security/protection is proportional to the risk

but that is simply not true - it is very easy to eliminate this
particular piece of crap design.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff







-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: New encryption technology closes WLAN security loopholes

[ji]

>While we are on the topic, it seems to me that the other implication
>of 802.11 is that the Ethernet backbone in most offices can no longer
>be considered secure.

Given the number of people with laptops who bring them in and out of
your average firewalled network, nothing can be considered secure.  Or
people spreading viruses, for that matter.

/ji


[Moderator's Note: To expand on John's point, many organizations were
infected with Code Red by people plugging their laptops in to the
corporate LAN after running them outside the LAN, or were infected via
VPN tunnels from machines on the outside that were incorrectly not
thought of as being part of the security perimeter. In the face of
such attacks, firewalls can no longer stop worms or viruses from
entering a firm. --Perry]

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: "Pirate Utopia," FEED, February 20, 2001

[Ray Dillinger]

On Mon, 24 Sep 2001, Nomen Nescio wrote:

>The Stegdetect paper proceeded to further analyze the 2+ images by
>looking for passwords that would produce meaningful messages from the
>hypothesized hidden content, via dictionary attack.  No valid passwords
>were found, and the authors concluded therefore that these were all
>false positives.  This does not seem to be a fully supported conclusion.

Actually, dictionary attacks reveal about sixty percent of passwords, 
so for every six passwords you find on a dictionary attack, you can 
infer ten actual stegotexts times the ratio between your analyzed and 
discovered (possibly-false) positives.  

While he has analyzed only two percent of his sample, that's a sufficient 
number that if even even a tenth of one percent of his positives were 
real he'd have discovered at least a few passwords. 

The paper is solid statistical methods; lack of any dictionary-yeilding 
passwords in that big a sample is very strong evidence that the sample 
is overwhelmingly made up of false positives.

Bear




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: New encryption technology closes WLAN security loopholes

[Rodney Thayer]

At 08:10 PM 9/21/01 -0400, R. A. Hettinga wrote:

>At 10:34 AM -0400 9/20/2001, Perry E. Metzger wrote:
> >"R. A. Hettinga" <[EMAIL PROTECTED]> writes:
> >> [1] "New encryption technology closes WLAN security loopholes"
> >
> >We don't need a new proprietary technology. IPSec tunnels from the
> >wireless node to the base station work just fine, and are actually
> >secure on top of it!
> >
(From: "Arnold G. Reinhold" <[EMAIL PROTECTED]>)

>As I understand things, and please correct me if I am misinformed,
>IPSec is still quite complex to install and setup.

And wireless is a bit of a bitch too -- I'm able to set it up with
ease now that I've got four different kinds of cards to switch back
and forth... wild variation in management interfaces in the Win32 world...


>While we are on the topic, it seems to me that the other implication
>of 802.11 is that the Ethernet backbone in most offices can no longer
>be considered secure.

It never was.  "Get a life, use IPsec (or TLS, or SSH, or PGP, or SMIME...)"
is (a) standard answer to link layer security.

At this time, I'm much more worried about some Exodus employee going
postal and selling out to my competitor and tapping the copper wires,
than some drive-by cypherpunk sniffing my 802.11 network.
(Picking on Exodus because their economic fortunes have blemishes, not
to say other colo's and ISP's are perfect...)





-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: "Pirate Utopia," FEED, February 20, 2001

[Nomen Nescio]

Adam Back wrote:
> To elaborate on this slightly.  There are inherent reasons why
> steganography is harder than encryption: the arms race of hiding data
> in noise is based on which side (the hider vs the detecter) has the
> best understanding of the characteristics of the host signal.  The
> problem is the host signal is not something with clear definition,
> what is known is primarily empirical statistical analysis.
> Manipulating signals with noise in them to replace noise with the
> stego text is not so hard, but knowing and modeling the signal and the
> source noise is not a solvable problem.

If you read the report at
http://www.citi.umich.edu/techreports/reports/citi-tr-01-11.ps.gz you
will find that the authors, Niels Provos and Peter Honeyman, you find
that they actually found a great many images with statistical indication
of steganographic content: "After processing the two million images
with Stegdetect, we find that over 1% of all images seem to contain
hidden content."  That is, these images seemed to depart from normal
statistics to a significant degree.

The question is whether these are random variations from the norm or
are they actual embedded content?  This is the factor which the analysis
above seems to neglect.  Any statistical test is going to have a certain
number of false positives.  This provides a background of "noise"
(that is, false positives) in which a true signal (a true positive,
an image with actual steganographic content) can hide.

The Stegdetect paper proceeded to further analyze the 2+ images by
looking for passwords that would produce meaningful messages from the
hypothesized hidden content, via dictionary attack.  No valid passwords
were found, and the authors concluded therefore that these were all
false positives.  This does not seem to be a fully supported conclusion.



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: [FYI] Did Encryption Empower These Terrorists?

[lynn . wheeler]

of course, the other problem is that a substantial part is the "customer at
risk" (not just merchant at risk exposure as the result of any merchant
implementation short comings)  and there is currently no obvious way
that a customer can determine what, if any, security standards a merchant
might have implemented.

as mentioned in the various previous references ... what is at risk  ...
effectively proportional to the aggregate of the account credit limits ...
for all accounts that happened to have been stored in any account master
file ... is significantly larger than any particular merchant may have
directly at risk because of a security breach. in the "security
proportional to risk" theory  the entity that has the risk should have
control over the security measures, those security measures should be
proportional to what they have at risk, and the cost of those security
measures should also be proportional to the risk.

A complex, multi-system internet web implementation may represent a
significantly greater cost than the direct busines value a merchant may be
doing on the internet (not to mention the cost of the care and feeding of
such an implementation).  I would claim that any impression that such an
implementation is required is proof that what is at risk (value represented
by the account master file) is not directly related to what any merchant
might have at risk with putting up a merchant web server. Furthermore, I
would claim that it would be possible to find account master files
(regardless of the volume of a merchant's internet business) that
represents a risk level higher than the merchant direct risk ... and
therefor there will always be merchants (at all business size segments)
that find it difficult to provide security proportional to that risk.







This is simply bad design - there should be no "account number master
file" on the web server!

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to
[EMAIL PROTECTED]







-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Phil wasn't crying about PGP...

[R. A. Hettinga]

--- begin forwarded text


Status:  U
Date: Mon, 24 Sep 2001 17:32:55 +0100
From: Somebody
To: [EMAIL PROTECTED]
Subject: [[EMAIL PROTECTED]: No Regrets About Developing PGP]
User-Agent: Mutt/1.2.2i

- Forwarded message from Sandy Sandfort <[EMAIL PROTECTED]> -

From: "Sandy Sandfort" <[EMAIL PROTECTED]>
To: "Cypherpunks" <[EMAIL PROTECTED]>
Old-Subject: No Regrets About Developing PGP
Date: Mon, 24 Sep 2001 07:59:50 -0700
Subject:  No Regrets About Developing PGP
X-Algebra: http://www.algebra.com>Algebra
Sender: [EMAIL PROTECTED]
Precedence: bulk
X-Mailing-List: [EMAIL PROTECTED]
X-List-Admin: [EMAIL PROTECTED]
X-Loop: [EMAIL PROTECTED]


C'punks,

Phil Zimmermann asked me to post this.  He would like it freely
disseminated, so feel free to post it wherever you wish.


 S a n d y

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

No Regrets About Developing PGP

The Friday September 21st Washington Post carried an article by
Ariana Cha that I feel misrepresents my views on the role of PGP
encryption software in the September 11th terrorist attacks.  She
interviewed me on Monday September 17th, and we talked about how I
felt about the possibility that the terrorists might have used PGP in
planning their attack.  The article states that as the inventor of
PGP, I was "overwhelmed with feelings of guilt".  I never implied
that in the interview, and specifically went out of my way to
emphasize to her that that was not the case, and made her repeat back
to me this point so that she would not get it wrong in the article.
This misrepresentation is serious, because it implies that
under the duress of terrorism I have changed my principles on the
importance of cryptography for protecting privacy and civil liberties
in the information age.

Because of the political sensitivity of how my views were to be
expressed, Ms. Cha read to me most of the article by phone before she
submitted it to her editors, and the article had no such statement or
implication when she read it to me.  The article that appeared in the
Post was significantly shorter than the original, and had the
abovementioned crucial change in wording.  I can only speculate that
her editors must have taken some inappropriate liberties in
abbreviating my feelings to such an inaccurate soundbite.

In the interview six days after the attack, we talked about the fact
that I had cried over the heartbreaking tragedy, as everyone else
did.  But the tears were not because of guilt over the fact that I
developed PGP, they were over the human tragedy of it all.  I also
told her about some hate mail I received that blamed me for
developing a technology that could be used by terrorists.  I told her
that I felt bad about the possibility of terrorists using PGP, but
that I also felt that this was outweighed by the fact that PGP was a
tool for human rights around the world, which was my original intent
in developing it ten years ago.  It appears that this nuance of
reasoning was lost on someone at the Washington Post.  I imagine this
may be caused by this newspaper's staff being stretched to their
limits last week.

In these emotional times, we in the crypto community find ourselves
having to defend our technology from well-intentioned but misguided
efforts by politicians to impose new regulations on the use of strong
cryptography.  I do not want to give ammunition to these efforts by
appearing to cave in on my principles.  I think the article correctly
showed that I'm not an ideologue when faced with a tragedy of this
magnitude.  Did I re-examine my principles in the wake of this
tragedy?  Of course I did.  But the outcome of this re-examination
was the same as it was during the years of public debate, that strong
cryptography does more good for a democratic society than harm, even
if it can be used by terrorists.  Read my lips: I have no regrets
about developing PGP.

The question of whether strong cryptography should be restricted by
the government was debated all through the 1990's.  This debate had
the participation of the White House, the NSA, the FBI, the courts,
the Congress, the computer industry, civilian academia, and the
press.  This debate fully took into account the question of
terrorists using strong crypto, and in fact, that was one of the core
issues of the debate.  Nonetheless, society's collective decision
(over the FBI's objections) was that on the whole, we would be better
off with strong crypto, unencumbered with government back doors.  The
export controls were lifted and no domestic controls were imposed.  I
feel this was a good decision, because we took the time and had such
broad expert participation.  Under the present emotional pressure, if
we make a rash decision to reverse such a careful decision, it will
only lead to terrible mistakes that will not only hurt our democracy,
but will also increase the vulnerability of our national information
infrastructure.

PGP users should rest assured that I would still not acquiesce to any
back door

Re: [FYI] Did Encryption Empower These Terrorists?

[lynn . wheeler]

there are all sorts of shortcomings in this world. you find a "merchant"
that buys a computer, installs some webserver software and puts it up and
the web and expects that to handle everything.

there are sometimes prevalent things like that in the world; it would be
nice if people would choose a random 16-character value for every
PIN/password they need, that every PIN/password they have is different,
that every password/PIN changes at least monthly, and that every person
could easily remember one or two hundred 16-character random values that
change monthly, and no PIN/password is ever re-used.
misc. pin/password ref:
http://www.garlic.com/~lynn/2001d.html#52

security proportional to risk:
http://www.garlic.com/~lynn/aepay7.htm#netbank2

misc. information security & risk management:
http://www.garlic.com/~lynn/aepay3.htm#riskm
http:/www.garlic.com/~lynn/aepay3.htm#riskaads

misc. web refs:
http://www.garlic.com/~lynn/2001j.html#5
http://www.garlic.com/~lynn/subtopic.html#fraud
http://www.garlic.com/~lynn/subtopic.html#privacy

part of above posting 


when we were working on the credit card transaction stuff (now frequently
referred
to as electronic commerce):
http://www.garlic.com/~lynn/aadsm5.htm#asrn2
http://www.garlic.com/~lynn/aadsm5.htm#asrn3

we tried to get various security measures specified:

* physical security for the data processing room, motion detecters, guards,
etc
* multiple layers of firewalls & packet filtering routers
* actual financial transactions performed on backroom dataprocessing
  equipment away from the actual web server
* fbi background checks for all employees
* security audits
* minimum business & security certification levels.

... didn't happen, oh well.



   
 Ben Laurie
<[EMAIL PROTECTED] To:  [EMAIL PROTECTED]
   .uk> cc:  [EMAIL PROTECTED],
   [EMAIL PROTECTED], Hadmut  
 09/24/2001Danisch <[EMAIL PROTECTED]> 
   02:34 AM Subject:  Re: [FYI] Did Encryption 
   Empower These Terrorists?   
   




[EMAIL PROTECTED] wrote:
> The problems, of course are 1) account numbers are essentially shared
> secrets, 2) SSL only provides for protection for numbers in flight, 3)
the
> numbers at rest remain a major exploit (as per press stories regarding
> copying of account number master files at web servers) ... aka the use of
> SSL/ecryption only addressed a small portion of the problem. The web
server
> account number master file also typicall represents a risk that is
> significantly greater than what typical merchant otherwise has at risk
...
> making it difficult to support a solution where the level of
> security/protection is proportional to the risk

This is simply bad design - there should be no "account number master
file" on the web server!

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff







-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: "Pirate Utopia," FEED, February 20, 2001

[Ben Laurie]

Grant Bayley wrote:
> 
> > --- begin forwarded text
> >
> > Status:  U
> > From: "Julian Dibbell" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Subject:  "Pirate Utopia," FEED, February 20, 2001
> > Date: Thu, 20 Sep 2001 08:37:20 -0500
> > Sender: [EMAIL PROTECTED]
> > Reply-To: "Julian Dibbell" <[EMAIL PROTECTED]>
> >
> > Key concepts: steganography, encryption, Osama bin Laden, intellectual
> > property, temporary autonomous zone, pirates.
> 
> It's a shame that Niels Provos, one of the main developers of open-source
> Steganography software at the moment wasn't able to detect a single piece
> of information hidden steganographically in a recent survey of two million
> images...  Sort of destroys the whole hype about the use of it by
> criminals.

He did only look for one particular encoding technique (at least, that
was true when we discussed it in April), so his failure to find anything
cannot be considered to be conclusive.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: chip-level randomness?

[Ben Laurie]

Bram Cohen wrote:
> 
> On Wed, 19 Sep 2001, Peter Fairbrother wrote:
> 
> > Bram Cohen wrote:
> >
> > > You only have to do it once at startup to get enough entropy in there.
> >
> > If your machine is left on for months or years the seed entropy would become
> > a big target. If your PRNG status is compromised then all future uses of
> > PRNG output are compromised, which means pretty much everything crypto.
> > Other attacks on the PRNG become possible.
> 
> Such attacks can be stopped by reseeding once a minute or so, at much less
> computational cost than doing it 'continuously'. I think periodic
> reseedings are worth doing, even though I've never actually heard of an
> attack on the internal state of a PRNG which was launched *after* it had
> been seeded properly once already.

There was a bug in OpenSSL's PRNG (and BSAFEs) which permitted recovery
of the internal state from a largish number of small outputs. It has
been fixed, of course.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: [FYI] Did Encryption Empower These Terrorists?

[Ben Laurie]

[EMAIL PROTECTED] wrote:
> The problems, of course are 1) account numbers are essentially shared
> secrets, 2) SSL only provides for protection for numbers in flight, 3) the
> numbers at rest remain a major exploit (as per press stories regarding
> copying of account number master files at web servers) ... aka the use of
> SSL/ecryption only addressed a small portion of the problem. The web server
> account number master file also typicall represents a risk that is
> significantly greater than what typical merchant otherwise has at risk ...
> making it difficult to support a solution where the level of
> security/protection is proportional to the risk

This is simply bad design - there should be no "account number master
file" on the web server!

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]