| A brief altercation this evening with CERT over the recent hyperthread caching
| issues has brought something that's been simmering at the back of my brain to
| the forefront.
|
| The recent hyperthread/cache key recovery trick, followed by DJB's related
| (IMO) symmetric key recovery, and
Ole Kasper Olsen wrote:
...
Amir Herzberg asked the question of should login pages be SSL encrypted.
The flurry of discussion can be summerized as Yes...
...
2. Most people believe that a login page *should* be encrypted
for web sites carrying important data. (e.g., financial, etc.)
And
My girlfriend just got an (apparently legitimate from what I can tell)
HTML email from her credit card company, complete with lots of lovely
images and an exhortation to sign up for their new secure online
ShopSafe service that apparently generates one time credit card
numbers on the fly.
Here's
--
On 22 Jun 2005 at 8:39, Anne Lynn Wheeler wrote:
the dual-use attack ... is possibly a person-centric
digitally signing token (in contrast to
institutional-centric token where each institution
might issue a unique token for every use) ... that can
be registered for use in multiple
My girlfriend just got an (apparently legitimate from what I can tell)
HTML email from her credit card company, complete with lots of lovely
images and an exhortation to sign up for their new secure online
ShopSafe service that apparently generates one time credit card
numbers on the fly.
John Levine [EMAIL PROTECTED] writes:
On the other hand, MBNA's mail practices would be laughable if they
weren't entirely in line with every other bank in the country.
The fact that others do laughable things doesn't make their
practices any less laughable. Stupid things remain stupid no
John Levine wrote:
My girlfriend just got an (apparently legitimate from what I can tell)
HTML email from her credit card company, complete with lots of lovely
images and an exhortation to sign up for their new secure online
ShopSafe service that apparently generates one time credit card