RE: Financial identity is *dangerous*? (was re: Fake companies, real money)

> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Aaron Whitehouse > Sent: Saturday, October 23, 2004 1:58 AM > To: Ian Grigg > Cc: [EMAIL PROTECTED] > Subject: Re: Financial identity is *dangerous*? (was re: Fake > companies, > real money) > > > >

Re: Printers betray document secrets

Marshall Clow wrote: At 10:44 PM -0700 10/20/04, Bill Stewart wrote: At 05:23 PM 10/18/2004, R.A. Hettinga wrote: It's not clear that they work at all with inkjet printers, and changing ink cartridges is even more common than changing laser pri

OpenSSL 0.9.7e released (fwd from [EMAIL PROTECTED])

From: Mark J Cox <[EMAIL PROTECTED]> Subject: OpenSSL 0.9.7e released To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Date: Mon, 25 Oct 2004 14:49:49 +0100 (BST) Reply-To: [EMAIL PROTECTED] From: Mark J Cox <[EMAIL PROTECTED]> Date: Mon, 25 Oct 2004 14:49:49 +0100 (BST) To: [E

Re: Are new passports [an] identity-theft risk?

On Sat, Oct 23, 2004 at 03:23:21PM -0400, Adam Shostack wrote: > 5 years? I don't think we have that long. > > The technology will mature *very* rapidly if Virginia makes their > driver's licenses RFID-enabled, or if the US goes ahead with the > passports. Why? Because there will be a stunning

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

http://www.financialcryptography.com/mt/archives/000219.html [EMAIL PROTECTED] wrote: ... to break the conundrum Ballmer finds himself in where the road forks towards (1) fix the security problem but lose backward compatibility, or (2) keep the backward compatibility but never fix the problem. I th

Re: Are new passports [an] identity-theft risk?

On Sun, Oct 24, 2004 at 12:58:56AM -0400, Dave Emery wrote: | On Sat, Oct 23, 2004 at 03:23:21PM -0400, Adam Shostack wrote: | > | > The technology will mature *very* rapidly if Virginia makes their | > driver's licenses RFID-enabled, or if the US goes ahead with the | > passports. Why? Because

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

| [EMAIL PROTECTED] writes: | | >I'm pretty sure that you are answering the question | >"Why did Microsoft buy Connectix?" | | The answer to that one is actually "To provide a | development environment for Windows CE (and later XP | Embedded)" (the emulator that's used for development

Re: Are new passports [an] identity-theft risk?

Dave Emery wrote: On Sat, Oct 23, 2004 at 03:23:21PM -0400, Adam Shostack wrote: Correct me if I am wrong, but don't most of the passive, cheap RF or magnetic field powered RFIDs transmit maybe 128 bits of payload, not thousands and thousands of bits which would be enough to include addres

Re: VIA PadLock reloaded (fwd from [EMAIL PROTECTED])

From: Michal Ludvig <[EMAIL PROTECTED]> Subject: Re: VIA PadLock reloaded To: James Morris <[EMAIL PROTECTED]> Cc: CryptoAPI List <[EMAIL PROTECTED]> Date: Sun, 24 Oct 2004 01:55:03 +0200 From: Michal Ludvig <[EMAIL PROTECTED]> Date: Sun, 24 Oct 2004 01:55:03 +0200 To: James Morris <[EMAIL PROTECT

Re: Are new passports [an] identity-theft risk?

On Sat, Oct 23, 2004 at 03:23:21PM -0400, Adam Shostack wrote: > > The technology will mature *very* rapidly if Virginia makes their > driver's licenses RFID-enabled, or if the US goes ahead with the > passports. Why? Because there will be a stunning amount of money to > be stolen by not identit

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

[EMAIL PROTECTED] writes: >I'm pretty sure that you are answering the question "Why did Microsoft buy >Connectix?" The answer to that one is actually "To provide a development environment for Windows CE (and later XP Embedded)" (the emulator that's used for development in those environments is Vi

Re: Are new passports [an] identity-theft risk?

On Fri, 22 Oct 2004, Perry E. Metzger wrote: I don't know who *else* has said it, but I've said this repeatedly at conferences. With phased arrays, you should be able to read RFID tags at surprising distances, and in spite of attempts to jam such signals (such as RSA's proposed RFID privacy mechani

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

On Sat, Oct 23, 2004 at 06:58:26PM +1300, Aaron Whitehouse wrote: > That would seem to me a more realistic expectation on consumers who are > going to have, before too long, credit cards that fit that description > and quite possibly the readers to go with them. No, that's going to be the mobil

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

On Sat, 23 Oct 2004, Aaron Whitehouse wrote: > >Oh, and make it small enough to fit in the pocket, > >put a display *and* a keypad on it, and tell the > >user not to lose it. > > How much difference is there, practically, between this and using a > smartcard credit card in an external reader with