Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

2004-11-01 Thread Ian Grigg
Ben, > Ian Grigg wrote: >> It should be obvious. But it's not. A few billions >> of investment in smart cards says that it is anything >> but obvious. > > That assumes that the goal of smartcards is to increase security instead > of to decrease liability. On whether the goal of smart cards is t

Re: AES Modes

2004-11-01 Thread David A. McGrew
DJ, On Oct 13, 2004, at 10:59 AM, [EMAIL PROTECTED] wrote: On the IEEE 802 standards track, CCM and GCM have traction. CCM has been in 802.11 for a while and the 802.16-2004 was published last week, supplanting the broken DES-CBC mode with AES-CCM. For wireless systems, we know and like CCM and i

US deploys anti-satelite equipment

2004-11-01 Thread Perry E. Metzger
WASHINGTON (Reuters) -- The U.S. Air Force quietly has put into service a new weapon designed to jam enemy satellite communications, a significant step toward U.S. control of space. http://www.cnn.com/2004/TECH/space/11/01/satellite.jamming.reut/index.html Perry

Trio try for better mobile security

2004-11-01 Thread R.A. Hettinga
vnunet.com Trio try for better mobile security The Trusted Mobile Platform from Intel, IBM and NTT DoCoMo aims to make mobiles a better bet for secure networking Daniel Robinson, IT Week 01 Nov 2004 Intel, IBM and mobile communications company NTT DoCoMo

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

2004-11-01 Thread Ben Laurie
Ian Grigg wrote: Alan Barrett wrote: On Sat, 23 Oct 2004, Aaron Whitehouse wrote: Oh, and make it small enough to fit in the pocket, put a display *and* a keypad on it, and tell the user not to lose it. How much difference is there, practically, between this and using a smartcard credit card in

Re: [off-topic, but not by ukcrypto standards] ukcrypto-moderated pre-moderators needed

2004-11-01 Thread Ben Laurie
Peter Fairbrother wrote: Ben Laurie wrote: OK, since my previous attempt to create a lower volume ukcrypto-like-thing failed, I have concluded that the only way to handle the problem is to produce a moderated version of ukcrypto. I know for sure there's demand for this, but I also know that the vo

[off-topic, but not by ukcrypto standards] ukcrypto-moderated pre-moderators needed

2004-11-01 Thread Ben Laurie
OK, since my previous attempt to create a lower volume ukcrypto-like-thing failed, I have concluded that the only way to handle the problem is to produce a moderated version of ukcrypto. I know for sure there's demand for this, but I also know that the volume is too high for traditional moderat

Adding reliability and trust to smartcards

2004-11-01 Thread Anne & Lynn Wheeler
IST Results - Adding reliability and trust to smartcards http://istresults.cordis.lu/index.cfm/section/news/tpl/article/BrowsingType/Features/ID/70511 of course ... reliability and trust is more than just the smartcards ... it assurance and trust related to the smartcard infrastructre ... not ju

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

2004-11-01 Thread Anne & Lynn Wheeler
At 10:29 AM 10/28/2004, James A. Donald wrote: Is there a phone that is programmable enough to store secrets on and sign and decrypt stuff? The ideal crypto device would be programmed by burning new proms, thus enabling easy reprogramming, while making it resistant to trojans and viruses. the

RE: Financial identity is *dangerous*? (was re: Fake companies, real money)

2004-11-01 Thread Trei, Peter
James A. Donald wrote: > R.A. Hettinga wrote: > > [The mobile phone is] certainly getting to be like Chaum's > > ideal crypto device. You own it, it has its own I/O, and it > > never leaves your sight. > > Is there a phone that is programmable enough to store secrets > on and sign and decrypt st

[ISN] Secret Service busts online organized crime ring

2004-11-01 Thread R.A. Hettinga
--- begin forwarded text Date: Fri, 29 Oct 2004 03:31:38 -0500 (CDT) From: InfoSec News <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: [ISN] Secret Service busts online organized crime ring Reply-To: [EMAIL PROTECTED] List-Id: InfoSec News List-Archive:

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

2004-11-01 Thread Eugen Leitl
On Thu, Oct 28, 2004 at 09:29:21AM -0700, James A. Donald wrote: > Is there a phone that is programmable enough to store secrets > on and sign and decrypt stuff? Er, it has been a while since you bought a new mobile, right? About all of them have several MBytes memory, and run Java. Some Motorol

"Scan design called portal for hackers"

2004-11-01 Thread David Honig
EETimes 25 Oct 04 has an article about how the testing structures on ICs makes them vulnerable to attacks. The basic idea is that to test a chip, you need to see inside it; this can also reveal crypto details (e.g., keys) which compromise the chip. This has been known to us with an interest

Re: MCI set to offer secure two-way messaging with strong encryption

2004-11-01 Thread Dan Veeneman
At 01:16 PM 10/28/04, you wrote: > MCI Inc. will offer secure two-way messaging through its SkyTel > Communications subsidiary next month, encrypting wireless text > with the Advanced Encryption Algorithm. This service has been available to U.S. Government customers for at least seven years, albeit

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

2004-11-01 Thread R.A. Hettinga
At 9:29 AM -0700 10/28/04, James A. Donald wrote: >Is there a phone that is programmable enough to store secrets >on and sign and decrypt stuff? I think we're getting there. We're going to need a, heh, killer ap, for it, of course. :-) Cheers, RAH -- - R. A. Hettinga The Inter