[funsec] VeriSign takes the "Trust" out of "SSL certificates"
>From http://financialcryptography.com/: According to VeriSign, "The VeriSign Trust seal shows the world that VeriSign has confirmed your identity and your site has passed the VeriSign malware scan." A year's worth of service for a VeriSign Trust seal normally sells for $299. During the "Dollar Day" sale, which will run from 12:01AM PST to 11:59PM -- "from midnight to midnight," said Tim Callan, head of marketing for VeriSign trust services at Symantec -- VeriSign is offering a $298 discount on one year's worth of Trust seal. A comment of background. VeriSign recently closed a deal to sell its CA (Certification Authority) to Symantec ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] VeriSign takes the "Trust" out of "SSL certificates"
I should say that I do work for this group of VeriSign (now called Symantec Authentication), but I don't see how a sale "takes the trust out". LJS -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Jeffrey Walton Sent: Monday, November 08, 2010 3:01 AM To: FunSec Subject: [funsec] VeriSign takes the "Trust" out of "SSL certificates" >From http://financialcryptography.com/: According to VeriSign, "The VeriSign Trust seal shows the world that VeriSign has confirmed your identity and your site has passed the VeriSign malware scan." A year's worth of service for a VeriSign Trust seal normally sells for $299. During the "Dollar Day" sale, which will run from 12:01AM PST to 11:59PM -- "from midnight to midnight," said Tim Callan, head of marketing for VeriSign trust services at Symantec -- VeriSign is offering a $298 discount on one year's worth of Trust seal. A comment of background. VeriSign recently closed a deal to sell its CA (Certification Authority) to Symantec ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] VeriSign takes the "Trust" out of "SSL certificates"
On Mon, 08 Nov 2010 06:50:35 EST, Larry Seltzer said: > I should say that I do work for this group of VeriSign (now called > Symantec Authentication), but I don't see how a sale "takes the trust > out". "Trust, but verify". - some famous president. How much verification can you do for $1? pgpRKxwmRXg8k.pgp Description: PGP signature ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] VeriSign takes the "Trust" out of "SSL certificates"
I'm sure they do as much as they do for full price. The idea is to get users on-board so that they're happy and renew at full price in a year. -Original Message- From: valdis.kletni...@vt.edu [mailto:valdis.kletni...@vt.edu] Sent: Monday, November 08, 2010 8:21 AM To: Larry Seltzer Cc: noloa...@gmail.com; FunSec Subject: Re: [funsec] VeriSign takes the "Trust" out of "SSL certificates" On Mon, 08 Nov 2010 06:50:35 EST, Larry Seltzer said: > I should say that I do work for this group of VeriSign (now called > Symantec Authentication), but I don't see how a sale "takes the trust > out". "Trust, but verify". - some famous president. How much verification can you do for $1? ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] VeriSign takes the "Trust" out of "SSL certificates"
You never heard of this before? Don't you guys get cable? -Original Message- From: Larry Seltzer [mailto:la...@larryseltzer.com] Sent: Monday, November 08, 2010 8:23 AM To: valdis.kletni...@vt.edu Cc: noloa...@gmail.com; FunSec Subject: RE: [funsec] VeriSign takes the "Trust" out of "SSL certificates" I'm sure they do as much as they do for full price. The idea is to get users on-board so that they're happy and renew at full price in a year. -Original Message- From: valdis.kletni...@vt.edu [mailto:valdis.kletni...@vt.edu] Sent: Monday, November 08, 2010 8:21 AM To: Larry Seltzer Cc: noloa...@gmail.com; FunSec Subject: Re: [funsec] VeriSign takes the "Trust" out of "SSL certificates" On Mon, 08 Nov 2010 06:50:35 EST, Larry Seltzer said: > I should say that I do work for this group of VeriSign (now called > Symantec Authentication), but I don't see how a sale "takes the trust > out". "Trust, but verify". - some famous president. How much verification can you do for $1? ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] VeriSign takes the "Trust" out of "SSL certificates"
>From a business perspective, it's makes total sense (or cents). I don't know how many customers they have, or would get, but even if it's only 1 million, get a quick million bucks before the business is sold. It's pure cash in their pockets. Thomas J. Raef > > On Mon, 08 Nov 2010 06:50:35 EST, Larry Seltzer said: > > I should say that I do work for this group of VeriSign (now called > > Symantec Authentication), but I don't see how a sale "takes the trust > > out". > > "Trust, but verify". - some famous president. > > How much verification can you do for $1? ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] VeriSign takes the "Trust" out of "SSL certificates"
http://www.youtube.com/watch?v=HAiNDb6lHUY ;) On 11/8/10 7:23 AM, Larry Seltzer wrote: > I'm sure they do as much as they do for full price. The idea is to get > users on-board so that they're happy and renew at full price in a year. > > -Original Message- > From: valdis.kletni...@vt.edu [mailto:valdis.kletni...@vt.edu] > Sent: Monday, November 08, 2010 8:21 AM > To: Larry Seltzer > Cc: noloa...@gmail.com; FunSec > Subject: Re: [funsec] VeriSign takes the "Trust" out of "SSL certificates" > > On Mon, 08 Nov 2010 06:50:35 EST, Larry Seltzer said: >> I should say that I do work for this group of VeriSign (now called >> Symantec Authentication), but I don't see how a sale "takes the trust >> out". > > "Trust, but verify". - some famous president. > > How much verification can you do for $1? > ___ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] VeriSign takes the "Trust" out of "SSL certificates"
Cool, I like that. -Original Message- From: RLVaughn [mailto:rl_vau...@baylor.edu] Sent: Monday, November 08, 2010 9:31 AM To: Larry Seltzer Cc: valdis.kletni...@vt.edu; FunSec Subject: Re: [funsec] VeriSign takes the "Trust" out of "SSL certificates" http://www.youtube.com/watch?v=HAiNDb6lHUY ;) On 11/8/10 7:23 AM, Larry Seltzer wrote: > I'm sure they do as much as they do for full price. The idea is to get > users on-board so that they're happy and renew at full price in a year. > > -Original Message- > From: valdis.kletni...@vt.edu [mailto:valdis.kletni...@vt.edu] > Sent: Monday, November 08, 2010 8:21 AM > To: Larry Seltzer > Cc: noloa...@gmail.com; FunSec > Subject: Re: [funsec] VeriSign takes the "Trust" out of "SSL certificates" > > On Mon, 08 Nov 2010 06:50:35 EST, Larry Seltzer said: >> I should say that I do work for this group of VeriSign (now called >> Symantec Authentication), but I don't see how a sale "takes the trust >> out". > > "Trust, but verify". - some famous president. > > How much verification can you do for $1? > ___ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] An obvious canard
http://www.bbc.co.uk/news/science-environment-11711228 Clearly they are lying. If this had really happened, the universe would have been instantly destroyed, and replaced by something weirder. (Wait a minute ...) == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org /~\ The ASCII Ribbon Campaign Against HTML Email! \ / X / \ victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html http://blogs.securiteam.com/index.php/archives/author/p1/ http://www.infosecbc.org/links http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Security theatre of the absurd--that's a print
http://www.bbc.co.uk/news/world-us-canada-11713958 So, this means I can no longer bring my printer on the plane with me? An outrage! == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org It's a kind of spiritual snobbery that makes people think they can be happy without money. - Albert Camus (1913-60) victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html http://blogs.securiteam.com/index.php/archives/author/p1/ http://www.infosecbc.org/links http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] A method to make the patent system more ridiculous
http://slashdot.org/story/10/11/07/1248226/USPTO-Decides-To-Lower- Obviousness-Standards (Maybe they could patent that.) (Or is it too obvious?) == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Microsoft gambled that making their users fault-tolerant was a better use of resources than making their software reliable. - Paul Guertin victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html http://blogs.securiteam.com/index.php/archives/author/p1/ http://www.infosecbc.org/links http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] An obvious canard
On Mon, Nov 8, 2010 at 2:27 PM, Rob, grandpa of Ryan, Trevor, Devon & Hannah wrote: > http://www.bbc.co.uk/news/science-environment-11711228 > > Clearly they are lying. If this had really happened, the universe would have > been > instantly destroyed, and replaced by something weirder. I wonder if these "Little Bangs" do, in fact, allow time travel: "Man arrested at Large Hadron Collider claims he's from the future", http://crave.cnet.co.uk/gadgets/man-arrested-at-large-hadron-collider-claims-hes-from-the-future-49305387 ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] An obvious canard
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 8 Nov 2010 11:27:30 -0800 "Rob, grandpa of Ryan, Trevor, Devon & Hannah" wrote: > http://www.bbc.co.uk/news/science-environment-11711228 > > Clearly they are lying. If this had really happened, the universe > would have been instantly destroyed, and replaced by something > weirder. > > (Wait a minute ...) Headline != article. The sentences that mention the big bang are: "This way, they hope to learn more about the plasma the Universe was made of a millionth of a second after the Big Bang, 13.7 billion years ago." and: "This plasma is believed to have existed just after the Big Bang." They should be chided misrepresenting the article with an inaccurate headline but all media does this about every topic, not just science. For example, today on CNN: "Man loses 27 lbs. on Twinkie diet". If you read the article, twinkies are a small part of what he was eating. Brandon -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.16 (GNU/Linux) iEYEARECAAYFAkzYXFsACgkQqaGPzAsl94JBNQCgmA3jUuOw1fl54YhRXztDZ6qa urcAn2Dg7yFi8QhITuN+VOqxpnQV9B8a =48Zo -END PGP SIGNATURE- ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Security theatre of the absurd--that's a print
hrm, perhaps your semtex font as well... http://www.ffonts.net/tag/0/semtex cheers, --scm On Mon, Nov 8, 2010 at 2:27 PM, Rob, grandpa of Ryan, Trevor, Devon & Hannah wrote: > http://www.bbc.co.uk/news/world-us-canada-11713958 > > So, this means I can no longer bring my printer on the plane with me? An > outrage! ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Bad words, bad words, bad words ...
http://www.newscientist.com/article/dn19665-aircraft-bomb-finds-may-spell-end- for-inflight-wifi.html I've never had a chance to use inflight Wifi yet, and now it seems it might be gone before it's started ... == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Hardware has grown following Moore's Law, software seems to be stuck with Gresham's Law. - Jim Horning victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html http://blogs.securiteam.com/index.php/archives/author/p1/ http://www.infosecbc.org/links http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] DoS help
hi sorry for interrupting the fun in funsec, I work for a small promotional products company that today experienced DoS. Most of you here are above me in understanding such so i will spare you the whole story and am asking for advice to present to my CIO on what measures can be taken to prevent another day where it cost us $$$! Once I found the "UDP Echo request" pounding us and contacted ATT/SBC explaining to them how rebooting the router opened the internet for a few minutes until these same request started pounding again all they could tell me was to "email to them" a request to block. Well...the Echo request hit again our IP block address using another IP (both from FR.), the first hits were morning, second wer about two hours of it in the afternoon (I've never experienced where it hit the whole damn thing X.X.X.255) My CIO wants to know what can be done so they can report this to the CEO. At the moment we have two Radware boxes capable of controling our DNS and taking two internet ISP (att or whomever we choose). In theory would switching our ip blocks from one ISP to the other control such? Or would it just also follow? -- been great, thanks RandyM a.k.a System ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] VeriSign takes the "Trust" out of "SSL certificates"
Agree with Larry. This type of stuff happens all the time. It's called "lock-in on renewal" sales technique. J On Nov 8, 2010, at 8:23 AM, Larry Seltzer wrote: > You never heard of this before? Don't you guys get cable? > > -Original Message- > From: Larry Seltzer [mailto:la...@larryseltzer.com] > Sent: Monday, November 08, 2010 8:23 AM > To: valdis.kletni...@vt.edu > Cc: noloa...@gmail.com; FunSec > Subject: RE: [funsec] VeriSign takes the "Trust" out of "SSL certificates" > > I'm sure they do as much as they do for full price. The idea is to get > users on-board so that they're happy and renew at full price in a year. > > -Original Message- > From: valdis.kletni...@vt.edu [mailto:valdis.kletni...@vt.edu] > Sent: Monday, November 08, 2010 8:21 AM > To: Larry Seltzer > Cc: noloa...@gmail.com; FunSec > Subject: Re: [funsec] VeriSign takes the "Trust" out of "SSL certificates" > > On Mon, 08 Nov 2010 06:50:35 EST, Larry Seltzer said: >> I should say that I do work for this group of VeriSign (now called >> Symantec Authentication), but I don't see how a sale "takes the trust >> out". > > "Trust, but verify". - some famous president. > > How much verification can you do for $1? ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] DoS help
On 08/11/10 17:05 -0600, RandallM wrote: >hi >sorry for interrupting the fun in funsec, > >I work for a small promotional products company that today experienced >DoS. Most of you here are above me in understanding such so i will >spare you the whole story and am asking for advice to present to my >CIO on what measures can be taken to prevent another day where it cost >us $$$! You'll probably get some good suggestions on this topic from the NANOG list. >Once I found the "UDP Echo request" pounding us and contacted ATT/SBC >explaining to them how rebooting the router opened the internet for a >few minutes until these same request started pounding again all they >could tell me was to "email to them" a request to block. > >Well...the Echo request hit again our IP block address using another >IP (both from FR.), the first hits were morning, second wer about two >hours of it in the afternoon (I've never experienced where it hit the >whole damn thing X.X.X.255) > >My CIO wants to know what can be done so they can report this to the CEO. Depending on what services you offer or use, you could invest is hosting your critical services in a data center that could provide expertise in fighting DOS attacks. >At the moment we have two Radware boxes capable of controling our DNS >and taking two internet ISP (att or whomever we choose). In theory >would switching our ip blocks from one ISP to the other control such? >Or would it just also follow? You could try negotiating a dynamic routing protocol with your ISPs that allow you to announce a dead route for a given IP address or subnet so that the DOS traffic doesn't get routed to you. -- Dan White ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] DoS help
On 08/11/2010 23:05, RandallM wrote: > Well...the Echo request hit again our IP block address using another > IP (both from FR.), the first hits were morning, second wer about two > hours of it in the afternoon (I've never experienced where it hit the > whole damn thing X.X.X.255) I assume this e-mail was intended as a joke (this being funsec etc), but I'll bite just in case someone who actually has this problem runs into the thread on Google; Above scenario is indicative of a network being an intermediary in a UDP broadcast amplification attack, i.e. fraggle. See http://www.lmgtfy.com/?q=fraggle+attack Thomas/Beige -- Thomas Mannfred Carlsson m...@thomascarlsson.com SMS: +35-850-07-07-850 PGP Key ID: 0x69570687 ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] DoS help
>> about two hours of it in the afternoon (I've never experienced where >> it hit the whole damn thing X.X.X.255) > [...] I'll bite just in case someone who actually has this problem > runs into the thread on Google; > Above scenario is indicative of a network being an intermediary in a > UDP broadcast amplification attack, i.e. fraggle. ...and, in most cases, a suitable defense is to make sure that the router(s) into that broadcast domain don't forward directed broadcast traffic, ie, traffic which is not a broadcast on the network the router receives it on but is a broadcast on the network it would otherwise be sent to. (Most networks have no use for such traffic and most routers can be configured this way; indeed, I think some can't be made to behave any other way.) /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTMLmo...@rodents-montreal.org / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
