Re: Trojan horse attack involving many major Israeli companies, executives

Amir Herzberg wrote: Nicely put, but I think not quite fair. From friends in financial and other companies in the states and otherwise, I hear that Trojans are very common there as well. In fact, based on my biased judgement and limited exposure, my impression is that security practice is much

Re: Dell to Add Security Chip to PCs

Peter Gutmann wrote: Neither. Currently they've typically been smart-card cores glued to the MB and accessed via I2C/SMB. and chips that typically have had eal4+ or eal5+ evaluations. hot topic in 2000, 2001 ... at the intel developer's forums and rsa conferences

Re: Dell to Add Security Chip to PCs

Erwann ABALEA wrote: I've read your objections. Maybe I wasn't clear. What's wrong in installing a cryptographic device by default on PC motherboards? I work for a PKI 'vendor', and for me, software private keys is a nonsense. How will you convice Mr Smith (or Mme Michu) to buy an expensive CC

Re: Banks Test ID Device for Online Security

Bill Stewart wrote: Yup. It's the little keychain frob that gives you a string of numbers, updated every 30 seconds or so, which stays roughly in sync with a server, so you can use them as one-time passwords instead of storing a password that's good for a long term. So if the phisher cons you

Re: Academics locked out by tight visa controls

fields reaches new peak; 1st time enrollment of foreign students drops http://www.nsf.gov/sbe/srs/infbrief/nsf04326/start.htm -- Anne Lynn Wheelerhttp://www.garlic.com/~lynn/

Re: TCPA not virtualizable during ownership change (Re: Overcoming the potential downside of TCPA)

I arrived at that decision over four years ago ... TCPA possibly didn't decide on it until two years ago. In the assurance session in the TCPA track at spring 2001 intel developer's conference I claimed my chip was much more KISS, more secure, and could reasonably meet the TCPA requirements at

Re: Challenge to David Wagner on TCPA

actually it is possible to build chips that generate keys as part of manufactoring power-on/test (while still in the wafer, and the private key never, ever exists outside of the chip) ... and be at effectively the same trust level as any other part of the chip (i.e. hard instruction ROM). using

Re: maximize best case, worst case, or average case? (TCPA)

security modules are also inside the swipe pin-entry boxes that you see at check-out counters. effectively both smartcards and dongles are forms of hardware tokens the issue would be whether a smartcard form factor might be utilized in a copy protection scheme similar to TCPA paradigm

Re: PKI: Only Mostly Dead

this is in reference to the use of public key certificates to secure ecommerce web sites. Every one of those https connections is secured by an X.509 certificate infrastructure. That's PKI. Opinion is divided on the subject -- Captain Rum, Blackadder, Potato. The use with SSL is what Anne|Lynn Wheeler refer