Search Results from Financial Cryptography
So says NIST... 10 years ago I annoyed the entire crypto-supply industry: Hypothesis #1 -- The One True Cipher Suite In cryptoplumbing, the gravest choices are apparently on the nature of the cipher suite. To include latest fad algo or...
Posted in Financial Cryptography on October 19, 2018 05:11 PM
Readers might have probably been watching the amazing story of the Bridges & Force arrests in USA. It's starting to look much like a film, and the one I have in mind is this: Training Day. In short: two agents...
Posted in Financial Cryptography on April 3, 2015 06:15 PM
Just got tipped to Andrew Poelstra's faq on ASICs, where he says of Adam Back's Proof of Work system in Bitcoin: In places where the waste heat is directly useful, the cost of mining is merely the difference between electric...
Posted in Financial Cryptography on September 3, 2014 02:12 PM
L.M. Goodman stated in a recent paper on Tezos: "The heartbleed bug caused millions of dollars in damages." To which I asked what the cites were. His immediate response (thanks!) was "Nothing very academic" but the links were very interesting...
Posted in Financial Cryptography on August 14, 2014 06:14 AM
Preamble. In the last recent months I've seen a lot of interest in the question of what makes a good Bitcoin investment. I may not be the best person to make this call, but as I'm a reluctant skeptic, I...
Posted in Financial Cryptography on April 22, 2014 06:53 PM
Editorial note: this rant was originally posted here but has now moved to a permanent home where it will be updated with new thoughts. As many have noticed, there is now a permathread (Paul's term) on how to do random...
Posted in Financial Cryptography on January 30, 2014 12:34 PM
I was pointed to Ripple and found it was actually a protocol (I thought it was a business, that's the trap with slick marketing). Worth a quick look. To my surprise, it was actually quite neat. However, tricks and traps...
Posted in Financial Cryptography on January 20, 2014 03:31 AM
A series of posts over on Chris Skinner's Financial Services Club has amounted to a whistleblowing expose par excellence! First up, a victims organisation called BullyBanks has collected over a thousand cases of mis-selling of Interest Rate Swap Agreements (IRSAs)...
Posted in Financial Cryptography on May 5, 2013 04:56 PM
Yes, it's the first of May, also known as May Day, and the communist world's celebration of the victory over capitalism. Quite why MayDay became the international distress message over radio is not known to me, but I'd like to...
Posted in Financial Cryptography on May 1, 2013 04:34 AM
A month or so ago, I asked about oddball questions in job interviews. Some are related to job function but some are challengingly perverse. If you are, like me, disturbingly offended by a dark and fearful force within those questions,...
Posted in Financial Cryptography on April 21, 2013 11:09 PM
One of the essential requirements of any system is that it actually has to work for people, and work enough of the time to make a positive difference. Unfortunately, this effect can be confused with security systems because attacks can...
Posted in Financial Cryptography on October 21, 2012 04:18 AM
Clive asks in comments a long time ago (apologies for late reply): any thoughts to VISA's extraodinarily abrupt behaviour over stopping all ePassport issued VISA cards? ( http://m.krebsonsecurity.com/2010/09/visa-blocks-epassporte/ ) Aside from the seamier side (which all financial systems attract) a...
Posted in Financial Cryptography on February 5, 2012 05:24 AM
As an aside to the old currency market currently collapsing, in the now universally known movie GFC-2 rolling on your screens right now, some people have commented that perhaps online currencies and LETS and so forth will fill the gap....
Posted in Financial Cryptography on January 21, 2012 06:54 PM
As we all know by now, MF Global crashed with some many billions of losses, filing for bankrupcy on 31st October. James Turk wonders aloud: First of all investors should be concerned because everything is so inter-connected today. People call...
Posted in Financial Cryptography on November 28, 2011 03:51 PM
In the last couple of weeks I posted a thesis on what caused the global financial crisis. In technical terms it is the invention and usage of securitization, a.k.a., the market for mortgage-backed securities. In economic and policy terms, it...
Posted in Financial Cryptography on December 3, 2010 07:35 PM
The dark side of Intellectual Property is this: the structure of the market encourages theft, and more so than the more polite in society would predict. It's something that has really annoyed both sides of the debate; those who want...
Posted in Financial Cryptography on September 28, 2010 09:41 PM
Some things I've seen that match predictions from a long time back, just weren't exciting enough to merit an entire blog post, but were sufficient to blow the trumpet in orchestra: Chris Skinner of The Finanser puts in his old...
Posted in Financial Cryptography on May 19, 2010 09:44 PM
Twan points to an odd thing from the Securities and Exchanges Commission in USA: We are proposing to require that most ABS issuers file a computer program that gives effect to the flow of funds, or “waterfall,” provisions of the...
Posted in Financial Cryptography on April 24, 2010 09:15 AM
In an influential paper, Prof Ross Anderson proposes that the _Market for Lemons_ is a good fit for infosec. I disagree, because that market is predicated on the seller being informed, and the buyer not. I suggest the sellers are...
Posted in Financial Cryptography on April 13, 2010 02:25 AM
A wave of stupidity is flooding through the USA mediawaves. Here's an example: A cyberattack disabled US cell phone networks, slowed Internet traffic to a crawl and crippled America's power grid Tuesday -- all in the interest of beefing up...
Posted in Financial Cryptography on February 22, 2010 04:59 PM
Which reminds me to push out yet another outrageous chapter in secure protocol design. In my hypothesis #4 on Protocol Design, I claim this: #4.3 Simplicity is Inversely Proportional to the Number of Designers Never doubt that a small group...
Posted in Financial Cryptography on December 7, 2009 09:04 AM
We often print numbers reported in the press and other places, because sometimes these are useful for dealing with the fantasies and fallacies common in this world. I wish they were more used! Stephen Mason and Roger Porkess have just...
Posted in Financial Cryptography on October 16, 2009 09:04 AM
Stephen Mason reports that MITB is in court: A gang of internet fraudsters used a sophisticated virus to con members of the public into parting with their banking details and stealing £600,000, a court heard today. Once the 'malicious software'...
Posted in Financial Cryptography on October 1, 2009 09:26 AM
So, if they are not doing audits and accounting, where does the accounting profession want to go? Perhaps unwittingly, TOdd provided the answer with that reference to the book Accounting Education: Charting the Course through a Perilous Future by W....
Posted in Financial Cryptography on September 18, 2009 09:13 AM
A month ago, the crypto-tea rooms were buzzing about the result in AES-256. Apparently, now weaker than AES-128. Can it be? Well, at first I thought this was impossible, because the cryptographers were not panicking, they were simply admiring the...
Posted in Financial Cryptography on September 5, 2009 03:16 PM
Following yesterday's post, here's a today example of thinking about unknowns -- yesterday's, today's and tomorrow's. Currently the experts in crypto and protocol circles are championing "algorithm agility". Why? Because SHA1 is under a cloud, and MD5 is all-but-drowned. It...
Posted in Financial Cryptography on September 3, 2009 04:21 PM
I had been meaning to write something on audits when this dropped into the email box from Bruce Schneier, late last year, which gave me the perfect opening: How to Prevent Digital Snooping [snip] What these three incidents illustrate is...
Posted in Financial Cryptography on January 25, 2009 05:38 PM
Alex writes in comments a response to my "Business" post. As it is comprehensive and detailed, I'll re-post it here for reasons I can't exactly explain. Here goes, rest of words from Alex: I find that most people with InfoSec...
Posted in Financial Cryptography on January 23, 2009 11:28 AM
Skype loses some of its shine. Here's a list I've built up over the last year, others have better lists. the Chinese use it for targetting and eavesdropping. In other rumours, it has been said (!) that the intel agencies...
Posted in Financial Cryptography on January 22, 2009 01:41 PM
Ian says in comments to the post on "Business": Your emphasis - exactly. I read Frank's 'paper' yesterday and I read it very differently. You've missed emphasising "security is essentially risk management" in the first sentence. i.e. Frank IS saying...
Posted in Financial Cryptography on January 17, 2009 03:48 PM
The USA financial mess was seen taking a brief pause, with almost 24 hours going by without another new world record in greatest failures ever. Morgan Stanley gamely held on ... But even as we speak, they are preparing the...
Posted in Financial Cryptography on September 21, 2008 03:31 PM
Gunnar lauds a post on why there are few architects in the security world: Superb post by Mark on what I think is the biggest problem we have in security. One thing you learn in consulting is that no matter...
Posted in Financial Cryptography on September 20, 2008 05:59 AM
People on the crypto list were asking whether prices of street sales of insecurity could tell us stuff, like the drugs czars get from the price of street drugs. Dan Geer reports that the current cost of US passports is:...
Posted in Financial Cryptography on September 11, 2008 07:07 AM
The following is either explicitly taken from Stephen Mason (2007), Electronic Signatures in Law, Tottel, 2nd edition; or implicitly builds on that book. The Definition of the Signature A definition of a signature is: a token of the intent of...
Posted in Financial Cryptography on July 20, 2008 07:01 PM
Life is slowly improving with that old tired security model called secure browsing. Here's a roundup: Firefox have their new security UI in place whereby you can click on exceptions to store the certificates as accepted and trust by you...
Posted in Financial Cryptography on June 6, 2008 10:21 AM
One of the frequently lamented complaints of PKI is that it simply didn't scale (IT talk for not delivering enough grunt to power a big user base), and there was no evidence to the contrary. Well, that's not quite true,...
Posted in Financial Cryptography on March 20, 2008 04:08 AM
This would be almost boring except for the numbers involved. The Economist writes: TROUBLE had been expected but nothing like this. Widespread concerns that Société Générale, a large French bank, had more subprime-related problems to reveal were proved right on...
Posted in Financial Cryptography on January 24, 2008 03:14 PM
Still reeling at the shock of that question, it feels like time to introduce another hypothesis: #4.2 Simplicity is Inversely Proportional to the Number of Designers Never doubt that a small group of thoughtful, committed citizens can change the world....
Posted in Financial Cryptography on January 11, 2008 02:35 PM
Some good news: after a long hard decade, OpenPGP is now on standards track. That means that it is a standard, more or less, for the rest of us, and the IETF process will make it a "full standard" according...
Posted in Financial Cryptography on November 8, 2007 11:08 AM
Jonath over at Mozilla takes up the flame and publishes lots of stats on the current state of SSL, phishing and other defences. Headline issues: Number of SSL sites: 600,000 from Netcraft Cost of phishing to US: $2.1 billion dollars....
Posted in Financial Cryptography on August 23, 2007 09:06 AM
Over at Dave's digital money blog, he keeps writing financial cryptography posts ... which saves the blog from doing it! Last night he opined on whether he could construct a new high level view of the changes to money: The...
Posted in Financial Cryptography on August 16, 2007 04:43 AM
Dave Birch reads Leo van Hove's new article "Central Banks and Payment Instruments: a Serious Case of Schizophrenia": This article analyses the competition between cash and payment cards against the backdrop of the dual role of central banks - as...
Posted in Financial Cryptography on August 12, 2007 02:02 PM
From the where did you read it first? department here comes an interesting claim: Beyond obvious tips like activating firewalls, shutting computers down when not in use, and exercising caution when downloading software or using public computers, Consumer Reports offered...
Posted in Financial Cryptography on August 9, 2007 07:36 AM
Thoughts from the modern world: My incompetence with electronics and computers has always been offset by help from friends in the software industry. The lesson I learned from trying to work with an older-generation iPod is different. Technologies of different...
Posted in Financial Cryptography on May 11, 2007 09:13 AM
Unconfirmed claims are being made on WSJ that the hackers in the TJX case did the following: sat in a carpark and listened into a store's wireless net. cracked the WEP encryption. scarfed up user names and passwords .... used...
Posted in Financial Cryptography on May 7, 2007 02:27 PM
As inspired by this paper on S/MIME signing, I (quickly) surveyed what the RFCs say about S/MIME signature semantics. In brief, RFCs suggest that the signature is for the purpose of: integrity of content or message authenticity of the sender...
Posted in Financial Cryptography on May 5, 2007 09:23 AM
In the ongoing saga of "what is security?" and more importantly, "why is it such a crock?" Bruce Schneier weighs in with some ruminations on "feelings" or perceptions, leading to an investigation of psychology. I think the perceptional face of...
Posted in Financial Cryptography on March 10, 2007 12:20 PM
Sometimes someone writes a sweeping article that just happens to include why Financial Cryptography is so important, and also so misunderstood. Here's an article by Reuven Brenner (posted by RAH): What happens when societies either do not have or destroy...
Posted in Financial Cryptography on February 25, 2007 12:25 PM
Lynn mentioned in comments yesterday: I guess I have to admit to being on a roll. :-) Lynn grasped the nexus between the tea-room and the systems room yesterday: One of the big issues is inadequate design and/or assumptions ......
Posted in Financial Cryptography on October 6, 2006 02:35 PM
"Hackers clone e-passports" from wired reports that the RFID in the new passport formfactor can be cloned for peanuts: Grunwald says it took him only two weeks to figure out how to clone the passport chip. Most of that time...
Posted in Financial Cryptography on August 4, 2006 08:42 AM
SWIFT was extorted to hand over the data. According to two Austrian reports: "Einverständnis wurde abgepresst" Per Gerichtsbeschluss sollte der gesamte Datenverkehr in der US-Zentrale von SWIFT beschlagnahmt werden, falls SWIFT nicht freiwillig eine bestimmte Zahl von Datensätzen liefere -...
Posted in Financial Cryptography on July 22, 2006 02:42 PM
In the breach that keeps on breaching, I suggested that the reason the Bush administration was nervous of the program was that the Europeans might be embarrassed via public opinion to put in place real governance. I was close (dead...
Posted in Financial Cryptography on July 7, 2006 01:57 AM
This may be the first of its kind. I've long predicted this response to ropey SSL industry practice, but unfortunately, today, I have no time to comment! (Note - FC is moving ... expect some disruption.) Firm leads $200M suit...
Posted in Financial Cryptography on May 31, 2006 10:13 AM
By now, all know about Plamegate, the Valerie Plame affair. It seems that the White House leaked information in order to suppress an alternate view to the approved intelligence story. As they leaked actual intelligence information to do this, the...
Posted in Financial Cryptography on May 16, 2006 04:11 AM
America moves a bit closer to using cells (mobiles outside the US) for payment. What I find curious is why banks don't simply use their customer's phones as two-factor tokens. It can't be any more sophisticated than selling a ring...
Posted in Financial Cryptography on March 2, 2006 08:54 AM
Todd Critiques! iang wrote: > Financial Cryptography Update: Brand matters (IE7, Skype, Vonage, Mozilla) > [........] > No, brand is a shorthand, a simple visual symbol that points to the > entire underlying security model. Conventional bricks&mortar > establishments use...
Posted in Financial Cryptography on February 14, 2006 12:19 PM
The case against G&SR, operators of the e-gold payment system, has been filed in Washington DC courts. Here are some of the filings, apparently from the PACER system, which is a US Government site for court documents. Complaint Doc3 Doc4...
Posted in Financial Cryptography on January 26, 2006 12:20 PM
Adam points to Ethan's musings on the dire need to move many small payments across borders. It's a good analysis, he gets it right. Remittances has been huge business for a long time. However it didn't burst onto the international...
Posted in Financial Cryptography on January 17, 2006 05:55 AM
We would be remiss if we didn't also measure the theory of GP (GP1, GP2, GP3) against that old hobby horse, phishing. When ecommerce burst on the scene as an adjunct to browsing, it pretty quickly emerged as "taking credit...
Posted in Financial Cryptography on December 30, 2005 07:51 PM
I've been thinking about software liability a bit and just the other day had a bit of a revelation. If security software came with liability it would destroy the security industry. That's the good news :-) The bad news is...
Posted in Financial Cryptography on July 8, 2005 09:56 AM
Whitfield Diffie is again interviewed, and this time the interviewer gave him the full benefit of a leading question: A running joke is that whatever year we're in is "The Year of PKI," meaning the technology has yet to live...
Posted in Financial Cryptography on April 24, 2005 09:15 AM
Elliot Spitzer's office of the Attorney General has introduced a package of legislation intended to "rein in identity theft." Well, good luck! But here's one thing that won't help: Facilitating prosecutions against computer hackers by creating specific criminal penalties for...
Posted in Financial Cryptography on April 19, 2005 06:09 AM
The Champion of NerdHerders points to the pathological habit of nerds-gone-binary to do either all of it or nothing. It's true, that we all face this inability to create a sensible compromise and to recognise when our binary extremes are...
Posted in Financial Cryptography on April 13, 2005 09:55 AM
Online fraud has been organised, industrialised, institutionalised and big for some time now. When I tell people that they just look blank, they have no conception of what this means. In a nutshell, it means they're making money, scads of...
Posted in Financial Cryptography on April 11, 2005 02:10 PM
Hop on a plane, land, and discover Adam has posted 13 blog entries, including one that asks for more topics! Congrats on 500 posts! He posts on some testimony: " the only part of our national security apparatus that actually...
Posted in Financial Cryptography on March 3, 2005 08:30 AM
In another win for open governance, Nasdaq Trader has listed all the stocks that it found has breached the "failed to deliver" limits of the SEC. How embarrassing! Which is the exact point - just how many of the trades...
Posted in Financial Cryptography on February 12, 2005 10:29 AM
Another case of the One True Number syndrome: If you are one of those mystified as to why phishing is so talked about, read this article. Or, if confused as to why computer scientists get angry when governments talk about...
Posted in Financial Cryptography on February 7, 2005 06:05 AM
It seems that no sooner than I'd got the polemic on Why Hollywood has to take one for the team off my chest, Dr Ron Paul, a Representative in the US Congress, proposed legislation to the US Congress to ban...
Posted in Financial Cryptography on January 14, 2005 11:49 AM
The Year of the Phish has passed us by, and we can relax in our new life swimming in fear of the net. Everyone now knows about the threats, even the users, but what they don't know is what happens...
Posted in Financial Cryptography on January 9, 2005 05:22 PM
What could be called the "one true number" syndrome has been spotted by Simon Lelieveldt over on his blog. He points to this paper 9210: the zip code of another IT-soap: "Nine-to-ten (9210) refers to the problem that the Dutch...
Posted in Financial Cryptography on December 15, 2004 09:12 AM
Frans Johansson on the Medici Effect By exploring the intersections between different disciplines and cultures, one may discover the next groundbreaking ideas. Frans Johansson is a consultant and author of the new book, "The Medici Effect," published by Harvard Business...
Posted in Financial Cryptography on October 12, 2004 04:48 PM
Sarbanes-Oxley is the act to lay down the law in financial reporting. It's causing a huge shakeup in compliance. On the face of it, better rules and more penalties should be good, but that's not the case here. Unfortunately, the...
Posted in Financial Cryptography on September 3, 2004 05:34 AM
I had heard about Stockgate a while back when the Nanopierce lawsuit was filed. At the time, it looked like a hopeful settlement deal, but now more details have come to light [1]. And what details! This may well be...
Posted in Financial Cryptography on June 22, 2004 07:26 AM
The White House administration has apparently defied the US Congress and kept the controversial "Total Information Awareness" going as a secret project. A politics journal called Capitol Hill Blue has exposed what it claims is the TIA project operating with...
Posted in Financial Cryptography on June 10, 2004 04:57 PM
The great shifts in currency politics go on - this polemic "Bretton Woods and the Forgotten Concept of International Seigniorage" is on the background of the USD since Bretton Woods, leading up to the recent Iraq invasion. Evidence seems to...
Posted in Financial Cryptography on February 23, 2004 09:16 AM
http://www.glenbrook.com/opinions/financial-privacy.html Momentum towards stronger financial privacy for consumers in the United States has picked up a lot of steam over the last 30 days. While most welcome the change, some financial institutions are still tentative about the new direction, others...
Posted in Financial Cryptography on October 9, 2003 07:07 AM