Re: An attack on paypal -- secure UI for browsers
For example, a proposal I saw recently which would have the OS decorate the borders of trusted windows with facts or images that an attacker wouldn't be able to predict: the name of your dog, or whatever. But if the system is rooted, then the attacker merely has to find the today's secret word entry in the registry and do the same thing. Unless Windows is planning on getting real kernel-level kinds of protection. It was none other than Microsoft's NGSCB, nee Palladium. See http://news.com.com/2100-1012_3-1000584.html?tag=fd_top: See previous sentence. :) /r$ -- Rich Salz Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
Re: QuizID?
Marc Branchaud wrote: Any thoughts on this device? At first glance, it doesn't seem particularly impressive... http://www.quizid.com/ Looks like hardware S/Key, doesn't it? If I could fool the user into entering a quizcode, then it seems like I could get the device and the admin database out of sync and lock the user out of the system. /r$
Re: QuizID?
Marc Branchaud wrote: Any thoughts on this device? At first glance, it doesn't seem particularly impressive... http://www.quizid.com/ Looks like hardware S/Key, doesn't it? If I could fool the user into entering a quizcode, then it seems like I could get the device and the admin database out of sync and lock the user out of the system. /r$
Re: secure IRC/messaging successor
gale has scaling problems to large numbers of users, in particular for group messaging. What doesn't? :) Gale seems to have a better security story, but Jabber certainly has the momentum and large force behind it. ironyPlus, it's XML so you *know* it's good./irony /r$ -- Zolera Systems, Your Key to Online Integrity Securing Web services: XML, SOAP, Dig-sig, Encryption http://www.zolera.com