After spyware fails, UAE gives up and bans Blackberries

2010-08-02 Thread David G. Koontz
http://arstechnica.com/tech-policy/news/2010/08/after-spyware-failed-uae-gives-up-and-bans-blackberries.ars By John Timmer Discussing in general terms RIM's Blackberry email server connections to their servers in Canada's encryption resistance to United Arab Emirates monitoring efforts when used

Re: "Cars hacked through wireless tire sensors" Another paper plus USENIX SEC10 proceedings

2010-08-15 Thread David G. Koontz
What looks like to be an applicable paper. Not the same set of authors as the earlier reference to USENIX. Experimental Security Analysis of a Modern Automobile Karl Koscher, Alexei Czeskis, Franziska Roesner, Shwetak Patel, and Tadayoshi Kohno Department of Computer Science and Engineering Unive

Re: About that "Mighty Fortress"... What's it look like?

2010-08-17 Thread David G. Koontz
On 18/08/10 3:46 AM, Peter Gutmann wrote: > Alexander Klimov writes: > >> Each real-time check reveals your interest in the check. What about privacy >> implications? > > (Have you ever seen a PKI or similar key-using design where anyone involved in > speccing or deploying it genuinely cares abou

Re: Intel plans crypto-walled-garden for x86

2010-09-14 Thread David G. Koontz
On 14/09/10 3:58 PM, John Gilmore wrote: > http://arstechnica.com/business/news/2010/09/intels-walled-garden-plan-to-put-av-vendors-out-of-business.ars > > "In describing the motivation behind Intel's recent purchase of McAfee > for a packed-out audience at the Intel Developer Forum, Intel's Paul

Re: Obama administration revives Draconian communications intercept plans

2010-09-27 Thread David G. Koontz
On 28/09/10 1:26 AM, Perry E. Metzger wrote: > From the New York Times, word that the Obama administration wants to > compel access to encrypted communications. > > http://www.nytimes.com/2010/09/27/us/27wiretap.html Someone should beat up the FBI for using specious arguments: > But as an examp

Obama administration wants encryption backdoors for domestic surveillance

2010-09-27 Thread David G. Koontz
http://www.boingboing.net/2010/09/27/obama-administration.html A good first point of interest clearinghouse site for the issue can be found on Boing Boing. It points to a Green Greenwald article on Salon and the ACLU. There's also a nice piece at the Cato Institute http://www.cato-at-liberty.org

Re: Anyone know anything about the new AT&T encrypted voice service?

2010-10-06 Thread David G. Koontz
On 7/10/10 11:19 AM, Perry E. Metzger wrote: > AT&T debuts a new encrypted voice service. Anyone know anything about > it? > > http://news.cnet.com/8301-13506_3-20018761-17.html > > (Hat tip to Jacob Applebaum's twitter feed.) > JavaScript needs to be enabled: http://www.att.com/gen/press-room?p

Re: A small editorial about recent events.

2005-12-22 Thread David G. Koontz
[EMAIL PROTECTED] wrote: Clinton's Asst. A.G. http://www.chicagotribune.com/news/opinion/chi-0512210142dec21,0,3553632.story? coll=chi-newsopinioncommentary-hed Dick Morris http://www.drudgereport.com/flash7.htm --dan Yet President Bush as publicly stated it requires a court order to wireta

A processor that can do a DES round in 1 clock

2006-02-12 Thread David G. Koontz
I've seen this quite some time in the past, it wasn't for public disclosure. Periodically I've looked for a copy on the internet. This is from Strech Inc., their Software Configurable Processor. http://www.pdcl.eng.wayne.edu/msp6/MSP6_Workshop_Keynote_2004_POSTING.pdf The stuff on DES encrypt

Re: can a random number be subject to a takedown?

2007-05-04 Thread David G. Koontz
Hal Finney wrote: >> My question to the assembled: are cryptographic keys really subject to >> DMCA subject to takedown requests? I suspect they are not >> copyrightable under the criterion from the phone directory >> precedent. > > A sample demand letter from the AACS Licensing Authority appears

Re: Free Rootkit with Every New Intel Machine

2007-06-25 Thread David G. Koontz
Peter Gutmann wrote: > "Ian Farquhar (ifarquha)" <[EMAIL PROTECTED]> writes: > >> For example: the Gigabyte GA-965QM-DS2 (rev 2.0) which "features security >> enhancement by TPM". More common (ASUS, Foxconn) was the "TPM Connector", >> which seemed to be a hedged bet, by replacing the cost of the

Re: Free Rootkit with Every New Intel Machine

2007-06-26 Thread David G. Koontz
Peter Gutmann wrote: > "David G. Koontz" <[EMAIL PROTECTED]> writes: > >> There are third party TPM modules, which could allow some degree of >> standardization: > > As I said in my previous message, just because they exist doesn't mean they'll

Re: Free Rootkit with Every New Intel Machine

2007-06-26 Thread David G. Koontz
David G. Koontz wrote: > > I picked on one motherboard, a Gigabyte GA-P3-DQ6 which has the 20 pin > header for the IEI TPM pluggable. After an extensive investigation I > found no direct evidence you can actually do as Peter states and roll > your own building a TPM enabled system

Re: Free Rootkit with Every New Intel Machine

2007-06-30 Thread David G. Koontz
http://www.nvlabs.in/?q=node/32 Vipin Kumar of of NVLabs had announced a break of TPM and a demonstration of a break into Bitlocker, (presumably using TPM) to be presented at Black Hat 2007. The presentation has been pulled. Significance to the exchanges on cryptography under this subject stem f

Re: Free Rootkit with Every New Intel Machine

2007-06-30 Thread David G. Koontz
Looking for TPM enterprise adoption. The current version of TPM was adopted in March o f 2006, which should have limited TPM up take. There's an article in Network World http://www.networkworld.com/allstar/2006/092506-chip-security-papa-gino.html from September 2006 talking about a restaurant ch

Re: Susan Landau Op Ed on new NSA powers

2007-08-15 Thread David G. Koontz
Alex Alten wrote: > It seems that a large chunk (and probably relative soon nearly all) > voice is now via VoIP. And to date, Skype not withstanding, this has > all been cleartext traffic. Using router netflow records, etc., one > can now pinpoint any phone conversation and then do a pcap dump.

Re: Skype new IT protection measure

2007-08-21 Thread David G. Koontz
Peter Thermos wrote: > Interesting comment from Skype: > > "The disruption was triggered by a massive restart of our users' computers > across the globe within a very short timeframe as they re-booted after > receiving a routine set of patches through Windows Update." > > and > > "We can confirm

Re: NSA crypto modernization program

2007-08-29 Thread David G. Koontz
Steven M. Bellovin wrote: > http://www.fcw.com/article103563-08-27-07-Print > > > --Steve Bellovin, http://www.cs.columbia.edu/~smb An interview with DIRNSA, a bit on the subject of cryptomod: http://www.military-information-technology.com/article.cfm?DocID=389 Straight from the

Re: FBI "point and click" wiretapping.

2007-08-30 Thread David G. Koontz
Perry E. Metzger wrote: > The blogs of Matt Blaze, Steve Bellovin and Bruce Schneier all linked > to this article today. It is rather disturbing. > > http://www.wired.com/politics/security/news/2007/08/wiretap > I downloaded the docs this morning and poke through them. http://www.eff.org/flag/061

News on stolen Australian Law Enforcement Secure Radios

2007-09-02 Thread David G. Koontz
http://www.news.com.au/story/0,23599,22345160-2,00.html APEC security arrangements have been thrown into disarray with the theft of digitally encrypted police radios and a bullet-proof vest. The Sunday Telegraph reports that statewide memos have been issued to police working during the APEC wee

Encryption Faulted in TJX Hacking,

2007-09-26 Thread David G. Koontz
http://www.physorg.com/news109963481.html 25 Sep 2007 (AP) -- Hackers stole millions of credit card numbers from discount retailer TJX Cos. by intercepting wireless transfers of customer information at two Miami-area Marshalls stores, according to an eight-month investigation by the Canadian gov

Jihadi software promises secure web communication

2008-01-20 Thread David G. Koontz
http://www.stuff.co.nz/4365478a28.html An Islamist website often used by al Qaeda supporters is promoting encryption software which it says will help Islamic militants communicate with greater security on the internet. The Mujahideen Secrets 2 software was promoted as "the first Islamic program f

Re: Toshiba shows 2Mbps hardware RNG

2008-02-13 Thread David G. Koontz
Hal Finney wrote: > > Looking at the block diagram for the new Toshiba circuit, and comparing > with the Intel design, one concern I have is with attacks on the device > via external electromagnetic fields which could modulate current flows > and potentially influence internal random numbers. Inte

Unique locks on microchips could reduce hardware piracy

2008-03-15 Thread David G. Koontz
http://www.physorg.com/news123951684.html The technique is called EPIC, short for Ending Piracy of Integrated Circuits. It relies on established cryptography methods and introduces subtle changes into the chip design process. But it does not affect the chips' performance or power consumption. Th

Re: Unique locks on microchips could reduce hardware piracy

2008-03-15 Thread David G. Koontz
David G. Koontz wrote: > http://www.physorg.com/news123951684.html > Two more articles: http://arstechnica.com/news.ars/post/20080309-fighting-the-black-market-crypto-locks-for-cpus-other-ics.html This one has a bit of the technical description http://itnews.com.au/News/71553,chip-lock-a

Re: Unique locks on microchips could reduce hardware piracy

2008-03-15 Thread David G. Koontz
Two papers of interest in evaluating the paper http://www.eecs.umich.edu/~imarkov/pubs/conf/date08-epic.pdf EPIC: Ending Piracy of Integrated Circuits Jarrod A. Roy?, Farinaz Koushanfar? and Igor L. Markov? ?The University of Michigan, Department of EECS, 2260 Hayward Ave., Ann Arbor, MI 48109-21

RFID-hack hits 1 billion digital access cards worldwide

2008-03-15 Thread David G. Koontz
http://computerworld.co.nz/news.nsf/scrt/3FF9713E23292846CC25740A0069243E The Dutch government has issued a warning about the security of access keys that are based on the widely used Mifare Classic RFID chip. The warning comes in a week when two research teams independently demonstrated hacks o

Re: NSA approves secure smart phone

2008-03-21 Thread David G. Koontz
Steven M. Bellovin wrote: > http://www.gcn.com/online/vol1_no1/45946-1.html >http://www.gdc4s.com/documents/D-SMEPED-6-1007_p21.pdf - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTE

Re: NSA approves secure smart phone

2008-03-21 Thread David G. Koontz
Steven M. Bellovin wrote: > http://www.gcn.com/online/vol1_no1/45946-1.html > > http://www.afcea.org/signal/articles/templates/Signal_Article_Template.asp?articleid=1346&zoneid=210 - The Cryptography Mailing List Unsubscribe by

Re: Why doesn't Sun release the crypto module of the OpenSPARC? Competition?

2008-06-12 Thread David G. Koontz
Lawerence Spracklen's Blog: http://blogs.sun.com/sprack/entry/detailed_t2_crypto_info Detailed T2 crypto info Very detailed info on the UltraSPARC T2 cryptographic accelerators can be found here on the OpenSPARC website (the pertinent info can be found in chapter-21 of the doc) Posted

Re: Why doesn't Sun release the crypto module of the OpenSPARC?

2008-06-13 Thread David G. Koontz
zooko wrote: > On Jun 12, 2008, at 4:35 PM, David G. Koontz wrote: > >> There's the aspect of competition. > >> I've also wondered if a reason they didn't release it is because they >> bought >> the 'IP' from someone. > > Those

Re: Why doesn't Sun release the crypto module of the OpenSPARC?

2008-06-27 Thread David G. Koontz
ip this message, too. --Perry] David G. Koontz wrote: > zooko wrote: >> On Jun 12, 2008, at 4:35 PM, David G. Koontz wrote: >> >>> There's the aspect of competition. >>> I've also wondered if a reason they didn't release it is because they >>

Re: Permanent Privacy - Are Snake Oil Patents a threat?

2008-07-09 Thread David G. Koontz
Ali, Saqib wrote: > Quoting the Foxbusiness article: > > Permanent Privacy (patent pending) has been verified by Peter > Schweitzer, one of Harvard's top cryptanalysts, and for the inevitable > cynics Permanent Privacy is offering $1,000,000 to anyone who can > decipher a sample of ciphertext." I

Re: Surveillance, secrecy, and ebay

2008-07-27 Thread David G. Koontz
Sherri Davidoff wrote: > Matt Blaze wrote: >> Once sensitive or personal data is captured, it stays around forever, >> and the longer it does, the more likely it is that it will end up >> somewhere unexpected. > > Great point, and a fundamental lesson-of-the-moment for the security > industry. To

Re: Surveillance, secrecy, and ebay, monor correction.

2008-07-28 Thread David G. Koontz
David G. Koontz wrote: > Sherri Davidoff wrote: You know how memory is, little things get squishy with the passage of years. As soon as I saw the post up on cryptography I asked myself was that 1972 or 1974? >Privacy Act of 1972 That should be 1974. http://www.law.cornell.edu/uscod

Re: Judge approves TRO to stop DEFCON presentation

2008-08-10 Thread David G. Koontz
Jim Youll wrote: > these have been circulating for hours, but they are content-free title > slides... > > On Aug 9, 2008, at 7:38 PM, Ivan Krstić wrote: > >> On Sat, 09 Aug 2008 17:11:11 -0400, "Perry E. Metzger" >> <[EMAIL PROTECTED]> >> wrote: >>>Las Vegas - Three students at the Massachus

Kiwi expert cracks chip passport

2008-08-17 Thread David G. Koontz
http://www.stuff.co.nz/4659100a28.html?source=RSStech_20080817 Peter Gutmann has gotten himself in the news along with Adam Laurie and Jeroen van Beek for altering the passport microchip in a passport. Think of this as a local boy makes good piece of news, well worth it for the picture of Peter:

Re: EFF press release on the gag order being lifted.

2008-08-19 Thread David G. Koontz
Perry E. Metzger wrote: > http://www.eff.org/press/archives/2008/08/19 > You wonder if it was MTBA exhibit 4 that tipped their case against the MTBA's injunction, using Roblimo's article on Sklyarov, quoting reactions to Dmitry Sklyarov's arrest for a DMCA violation on July 16, 2001, wherein:

Re: Lifting Some Restrictions on Encryption Exports

2008-12-05 Thread David G. Koontz
Ali, Saqib wrote: > Does anyone have more info on the following: > http://snurl.com/75m3f > > I couldn't find any other article that talked about it. The pay per > news is the only item I found. > It was tough to google for, because of all of the new references to Clinton era articles. google '

Re: Why the poor uptake of encrypted email? [Was: Re: Secrets and cell phones.]

2008-12-08 Thread David G. Koontz
JOHN GALT wrote: > StealthMonger wrote: > >> This may help to explain the poor uptake of encrypted email. It would >> be useful to know exactly what has been discovered. Can you provide >> references? > > The iconic Paper explaining this is "Why Johnny Can't Encrypt" available > here: http://p

Re: CPRNGs are still an issue.

2008-12-18 Thread David G. Koontz
Charles Jackson wrote: > > I probably should not be commenting, not being a real device guy. But, > variations in temperature and time could be expected to change SSD timing. > Temperature changes will probably change the power supply voltages and shift > some of the thresholds in the devices.

Researchers Show How to Forge Site Certificates |

2008-12-30 Thread David G. Koontz
http://www.freedom-to-tinker.com/blog/felten/researchers-show-how-forge-site-certificates By Ed Felten - Posted on December 30th, 2008 at 11:18 am Today at the Chaos Computing Congress, a group of researchers (Alex Sotirov, Marc Stevens, Jake Appelbaum, Arjen Lenstra, Benne de Weger, and David M

Researchers Use PlayStation Cluster to Forge a Web Skeleton Key

2008-12-30 Thread David G. Koontz
http://blog.wired.com/27bstroke6/2008/12/berlin.html More coverage on the MD5 collisions. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Steve Bellovin on the MD5 Collision attacks, more on Wired

2008-12-30 Thread David G. Koontz
http://www.cs.columbia.edu/~smb/blog//2008-12/2008-12-30.html Steve mentions the social pressures involved in disclosing the vulnerability: Verisign, in particular, appears to have been caught short. One of the CAs they operate still uses MD5. They said: The RapidSSL certificates are current

Re: Obama's secure PDA

2009-01-29 Thread David G. Koontz
Jerry Leichter wrote: > I commented earlier that $3200 seemed surprisingly cheap. One of the > articles on this claimed this was absurdly expensive - typical DoD gold > plating. Well ... the real price of a standard Blackberry is a couple > of hundred dollars, and put one in a room with a speake

Re: full-disk subversion standards released

2009-02-01 Thread David G. Koontz
Peter Gutmann wrote: > John Gilmore writes: > >> The theory that we should build "good and useful" tools capable of monopoly >> and totalitarianism, but use social mechanisms to prevent them from being >> used for that purpose, strikes me as naive. > > There's another problem with this theory an

Re: Crypto dongles to secure online transactions

2009-11-10 Thread David G. Koontz
Jerry Leichter wrote: > On Nov 8, 2009, at 2:07 AM, John Levine wrote: > >> At a meeting a few weeks ago I was talking to a guy from BITS, the >> e-commerce part of the Financial Services Roundtable, about the way >> that malware infected PCs break all banks' fancy multi-password logins >> since n

Re: NY Times reports: NSA falsified Gulf of Tonkin intercepts

2005-11-01 Thread David G. Koontz
Perry E. Metzger wrote: http://www.nytimes.com/2005/10/31/politics/31war.html?ex=1288414800&en=e2f5e341687a2ed9&ei=5090&partner=rssuserland&emc=rss WASHINGTON, Oct. 28 - The National Security Agency has kept secret since 2001 a finding by an agency historian that during the Tonkin Gulf