Nicholas Bohm wrote:
That is why efforts by banks to shift the risk to the customer are
pernicious - they distort the incentive the bank ought to have to get
the security right.
Yes. Today, under current practice, there's actually a strong
incentive to keep existing fraud levels than to try
From: Peter Tomlinson [EMAIL PROTECTED]
Subject: National IA Strategy
To: [EMAIL PROTECTED]
Date: Mon, 02 Jul 2007 16:00:16 +0100
From http://www.cabinetoffice.gov.uk/csia/ :
News
National Information Assurance Strategy launched
On 07/01/2007 05:55 AM, Peter Gutmann wrote:
One threat model (or at least failure mode) that's always concerned me deeply
about QC is that you have absolutely no way of checking whether it's working
as required. With any other mechanism you can run test vectors through it,
run
[EMAIL PROTECTED] (Peter Gutmann) writes:
(The usage model is that you do the UI portion on the PC, but perform the
actual transaction on the external device, which has a two-line LCD display
for source and destination of transaction, amount, and purpose of the
transaction. All communications
Yes, and that's why we cited Kauer on the page, in Evan's paper, and
in the video!
http://os.inf.tu-dresden.de/papers_ps/kauer07-oslo.pdf (mainly
section 2; section 2.2 describes the TPM Reset trick)
-
The Cryptography
I do not believe the mentioned conflict exists. The aim of these
calculator-like devices is to make sure that no malware, virus etc can
create unauthorized transactions. The user should still be able to
debug, and inspect the software in the calculator-like device, or
virtual software
Quoting:
Cryptography Research Inc. (CRI), a San Francisco company, is
developing chip technology aimed at helping printer manufacturers
protect this primary source of profit. The company's chips use
cryptography designed to make it harder for printers to use
off-brand and
Hi,
The problem I found (during my research for
http://www.cacert.at/svn/sourcerer/CAcert/SecureClient.pdf )
for Smartcards and other external devices for secure banking is the following:
About 50% of the online-banking users are doing personal online banking on
company PCs, while they are at
Adam Back [EMAIL PROTECTED] writes:
I do not believe the mentioned conflict exists. The aim of these
calculator-like devices is to make sure that no malware, virus etc can
create unauthorized transactions. The user should still be able to
debug, and inspect the software in the
Adam Shostack wrote:
It may be, indeed. You're going (as Lynn pointed out in another post)
to be fighting an uphill battle against the last attempts. I don't
think smartcards (per se) are the answer. What you really need is
something like a palm pilot, with screen and input and a reasonably
Ed Gerck wrote:
Yes. Today, under current practice, there's actually a strong
incentive to keep existing fraud levels than to try to scrub
it out -- fraud has become a sale:
thread from earlier this year ... when over a period of a month or
so there were several releases that essentially had
I do not believe the mentioned conflict exists. The aim of these
calculator-like devices is to make sure that no malware, virus etc can
create unauthorized transactions. The user should still be able to
debug, and inspect the software in the calculator-like device, or
virtual software
At 5:11 PM -0400 7/2/07, John Denker wrote:
By that I mean:
-- the integrity of DH depends fundamentally on the algorithm, so you
should verify the algorithmic theory, and then verify that the box
implements the algorithm correctly; while
-- in the simple case, the integrity of quantum
13 matches
Mail list logo