Search Results from Financial Cryptography
If you've ever wondered how to deal with the legal side of business, here's the answer, written out by someone who's done it: To put it bluntly – every bitcoin actor should be reading the law very carefully and finding...
Posted in Financial Cryptography on August 24, 2014 08:10 AM
In an extraordinary clean sweep of disclosure from the Washington Post and the Guardian: The National Security Agency and the FBI are tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio and video chats, photographs,...
Posted in Financial Cryptography on June 7, 2013 02:28 AM
It's confirmed -- Skype is revealing traffic to Microsoft. A reader informed heise Security that he had observed some unusual network traffic following a Skype instant messaging conversation. The server indicated a potential replay attack. It turned out that an...
Posted in Financial Cryptography on May 16, 2013 02:25 PM
Bruce Schneier points at SkypeMorph: To prevent the Tor traffic from being recognized by anyone analyzing the network flow, SkypeMorph uses what's known as traffic shaping to convert Tor packets into User Datagram Protocol packets, as used by Skype. The...
Posted in Financial Cryptography on April 16, 2012 03:08 PM
Finanser posted this great picture from Sameer Zafar on mobile payment systems: in commenting on some talks from Safar and Dave Birch. Well, you probably had to be there, but the picture is quite a compelling one, if you're interested...
Posted in Financial Cryptography on October 16, 2010 01:05 AM
Skype, RIM, and now CircleTech v. the governments. This battle has been going on for a while. Here's today's battle results: BIS [Czech counter-intelligence] officers first offered to Satanek that his firm would supply an encryption system with "a defect"...
Posted in Financial Cryptography on September 28, 2010 07:55 AM
Evgeny Morozov and a whole lot of other media-savvy people have a silver bullets moment when analysing Haystack, a hopeful attempt at bypassing censorship for citizens in countries like Iran. The software was released, lauded by the press, and got...
Posted in Financial Cryptography on September 14, 2010 10:00 PM
In a paper Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL_, by Christopher Soghoian and Sid Stammby, there is a reasonably good layout of the problem that browsers face in delivering their "one-model-suits-all" security model. It is more...
Posted in Financial Cryptography on March 24, 2010 07:52 PM
A wave of stupidity is flooding through the USA mediawaves. Here's an example: A cyberattack disabled US cell phone networks, slowed Internet traffic to a crawl and crippled America's power grid Tuesday -- all in the interest of beefing up...
Posted in Financial Cryptography on February 22, 2010 04:59 PM
It's terrifically cliched to say it these days, but the net is one of the great engineering marvels of science. The Economist reports it as 40 years old: Such contentious issues never dawned on the dozen or so engineers who...
Posted in Financial Cryptography on September 11, 2009 12:57 PM
Over on EC, Adam does a presentation on his new book, co-authored with Andrew Stewart. AFAICS, the basic message in the book is "security sucks, we better start again." Right, no argument there. Curiously, he's also experimenting with Twitter in...
Posted in Financial Cryptography on March 12, 2009 07:00 PM
A printable-quality rumour straight from El Reg: News of a possible viable business model for P2P VoIP network Skype emerged today, at the Counter Terror Expo in London. An industry source disclosed that America's supersecret National Security Agency (NSA) is...
Posted in Financial Cryptography on February 13, 2009 09:30 AM
Skype loses some of its shine. Here's a list I've built up over the last year, others have better lists. the Chinese use it for targetting and eavesdropping. In other rumours, it has been said (!) that the intel agencies...
Posted in Financial Cryptography on January 22, 2009 01:41 PM
A slightly smaller problem than this weekend's systemic risk and the US Treasury is the continuing weakness of the security of the US retail banking sector: They are a staple of consumer-complaint hotlines and Web sites: anguished tales about money...
Posted in Financial Cryptography on September 8, 2008 07:54 AM
Why is it that when you come across a good new thought, it is harder to deal with than an old, rehashed thought? I struggle with this all the time: E.g., blogs. my favourite ones are the writers that do...
Posted in Financial Cryptography on May 10, 2008 06:04 PM
This was my first time [writes Dani Nagy] at the annual Financial Cryptography and Data Security Conference, even though I have extensively used results published at this conference in my research. In short, it was very interesting from both a...
Posted in Financial Cryptography on February 14, 2008 02:09 PM
Skype is the darling child of cryptoplumbers, the application that got everything right, could withstand the scrutiny of the open investigators, and looked like it was designed well. It also did something useful, and had a huge market, putting it...
Posted in Financial Cryptography on January 29, 2008 05:46 PM
Capabilities is one of the few bright spots in theoretical computing. In Internet software terms, caps can be simply implemented as nymous public/private keys (that is, ones without all that PKI baggage). The long and deep tradition of capabilities is...
Posted in Financial Cryptography on November 11, 2007 09:51 AM
I didn't spot it when Peter Gutmann called it the world's biggest supercomputer (I thought he was talking about a game or something ...). Now John Robb pointed to Bruce Schneier who has just published a summary. Here's my paraphrasing:...
Posted in Financial Cryptography on October 5, 2007 07:07 AM
So how do you know if you are a utility? Crash the system, and see how far the ripples spread. Skype is down. Their blog reports some sort of network issue that blocks logins. It's worth tracking to see how...
Posted in Financial Cryptography on August 16, 2007 09:45 AM
In the PKI ("public key infrastructure") world, there is a written practice that the user, sometimes known as the relying party, should read the CPS ("certificate practice statement") and other documents before being qualified to rely on a certificate. This...
Posted in Financial Cryptography on August 8, 2007 07:14 AM
Reading this post from Robert Watson: I presented, “Exploiting Concurrency Vulnerabilities in System Call Wrappers,” a paper on the topic of compromising system call interposition-based protection systems, such as COTS virus scanners, OpenBSD and NetBSD’s Systrace, the TIS Generic Software...
Posted in Financial Cryptography on August 7, 2007 11:09 AM
For some obscure reason, this morning I ploughed through the rather excellent but rather deep tome of Peter Gutmann's Cryptographic Security Architecture - Design and Verification (or at least an older version of chapter 2, taken from his thesis). He...
Posted in Financial Cryptography on May 21, 2007 07:01 AM
Over on EC and other places they are talking about the .bank TLD as a possibility for solving phishing. Alex says it's an idea who's time has come. No chance: Adam correctly undermines it: Crooks are already investing in their...
Posted in Financial Cryptography on May 9, 2007 06:52 AM
Dani spots: From within the Skype client, there's a new choice among the forms of communication that a Skype user can initiate with a contact. In addition to being able to chat, make a VoIP call, send files and other...
Posted in Financial Cryptography on April 18, 2007 09:53 AM
In our side project of collecting reported threat statistics, here's lots of them: MessageLabs, a company that counts spam, recently stopped counting bot-infected computers because it literally could not keep up. It says it quit when the figure passed about...
Posted in Financial Cryptography on April 1, 2007 04:51 PM
What follows is a long set of criticisms on the Mozilla draft principles. Like the original document, these are quite drafty; and also hypercritical. That's because that's what is needed now: hard words. Agreement isn't much use; it is indistinguishable...
Posted in Financial Cryptography on January 19, 2007 05:44 AM
What is to happen in the coming year? (Apologies for being behind on the routine end-of-year predictions, but I was AFI -- away from Internet -- and too depressed with predictions to make the journey. Still, duty calls!) More depression...
Posted in Financial Cryptography on January 10, 2007 01:27 PM
Canny financial cryptographers will spot the bombshell in the first and last comments of the article mentioned earlier on Skype. Read those paras first (look for "payment") and come back, as the rest won't make sense. Skype are adding payments....
Posted in Financial Cryptography on January 6, 2007 10:55 PM
Some good articles on how to do security. Firstly, the Security Bloke at Skype talks. And secondly, someone in the USG reveals willingness to "know thy enemy," something generally out of favour in bureaucratic circles, and so immoral in some...
Posted in Financial Cryptography on January 6, 2007 12:30 PM
Someone's paying attention to the tracking ability of mobile phones. Darrent points to Spyblog who suggests some tips to whistleblowers (those who sacrifice their careers and sometimes their liberty to reveal crimes in government and other places): 8. Do not...
Posted in Financial Cryptography on October 23, 2006 08:30 AM
In the sometimes related world of mobile telephony, Dave challenged an off-the-cuff prediction: "The reason for this is that there are enough rebel handset manufacturers out there now" I'm curious about this Ian, could you expand a little? Because of...
Posted in Financial Cryptography on October 19, 2006 09:58 AM
While on the conjunction of Mozo tools and security, woeful or otherwise ... a month or so back I used Thunderbird as a foil to introduce a hypothesis (which you can call a law when I'm dead): * There is...
Posted in Financial Cryptography on September 7, 2006 05:45 PM
An age-old debate has sprung up around something called Identity 2.0. David Weinburger related it to transparency (and thus to open governance). David indicates that transparency is good, but it has its limits as an overarching framework: So, all hail...
Posted in Financial Cryptography on August 22, 2006 01:16 PM
In talking with Hagai, it was suggested that I try using the TLS/IMAP capabilities of Thunderbird, which I turned on (it's been a year or two since the last time I tried it). Unfortunately, nothing happened. Nothing positive, nothing negative....
Posted in Financial Cryptography on July 23, 2006 07:19 AM
Finally some figures! We've known for a decade that the SSH model consumes all in its path. What we haven't known is relative quantities. Seen somewhere on the net, this week's report shows Encrypted Traffic. In SSH form: 3.42% In...
Posted in Financial Cryptography on June 27, 2006 04:05 PM
A group of American cryptographers and Internet engineers have criticised the FCC for issuing an order that amounts to a wiretap instruction for all VoIP providers. For many people, Voice over Internet Protocol (VoIP) looks like a nimble way of...
Posted in Financial Cryptography on June 19, 2006 01:20 PM
Opera talks about security features in Opera 9. The good parts - they have totally rewritten their protocol engine, and: 3. We have disabled SSL v2 and the 40 and 56 bit encryption methods supported by SSL and TLS. The...
Posted in Financial Cryptography on May 24, 2006 02:50 PM
(If you are not a cryptoplumber, the following words will be indistinguishable from random... that might be a good thing!) When I and Zooko created the SDP1 layout (for "Secure Datagram Protocol #1") one of the requirements wasn't to avoid...
Posted in Financial Cryptography on May 20, 2006 04:02 AM
Something bothers me about the recent spate of crypto voice news - it looks like we have bungled the threat model, yet again. Do we never learn? For some reason phone tapping, VoIP and the like is much in the...
Posted in Financial Cryptography on April 11, 2006 12:49 PM
A day rarely passes in the crypto community where people do not preach that you should use standard protocols for all your crypto work. Many systems have foundered on this advice, something I tried to explain in more depth in...
Posted in Financial Cryptography on April 2, 2006 05:55 PM
America moves a bit closer to using cells (mobiles outside the US) for payment. What I find curious is why banks don't simply use their customer's phones as two-factor tokens. It can't be any more sophisticated than selling a ring...
Posted in Financial Cryptography on March 2, 2006 08:54 AM
Installing new SSL server certs is like visiting the in-laws for Christmas dinner. It's so painful, you dread it for weeks in advance. Afterwards, the relief flows through you as you know you don't have to do that for another...
Posted in Financial Cryptography on February 25, 2006 04:03 PM
Curious that Apple's Safari wasn't mentioned in recent discussions about High Assurance certs. Which brings us to a rash of sightings of Mac Viruses. Well, three at least. Unfortunately the media can be relied upon to over-play the appearance of...
Posted in Financial Cryptography on February 23, 2006 02:40 PM
Todd Critiques! iang wrote: > Financial Cryptography Update: Brand matters (IE7, Skype, Vonage, Mozilla) > [........] > No, brand is a shorthand, a simple visual symbol that points to the > entire underlying security model. Conventional bricks&mortar > establishments use...
Posted in Financial Cryptography on February 14, 2006 12:19 PM
In branding news: IE7 is out in Beta 2 and I'm impatiently waiting for the first road tests. (Roight... as if I have a Microsoft platform around here...) Readers will recall that Microsoft took the first steps along the branded...
Posted in Financial Cryptography on February 8, 2006 01:27 PM
Firefox reaches around 20% market share in one "weekend" survey in Europe. Bull-rating! If this keeps going on, I'll run out of predictions by the end of January. In other news, a Firefox developer caused a furore on slashdot by...
Posted in Financial Cryptography on January 19, 2006 06:53 AM
Previously, we talked about the Growth and Fraud's GP which is the place where growth kicks off into a self-sustained value growth machine (Parts 1,2) . Then I made some remarks on how to instruct security strategy, which lead to...
Posted in Financial Cryptography on December 19, 2005 09:12 AM
In the closing weeks of 2005, we can now look back and see how the Snail slithered its way across the landscape. 1. Banks failed to understand phishing at any deep level. They failed in these ways: Pushing out websites...
Posted in Financial Cryptography on December 14, 2005 02:25 PM
Many people have sent me pointers to How ATM fraud nearly brought down British banking. It's well worth reading as a governance story, it's as good a one as I've ever seen! In this case, a fairly bog standard insider...
Posted in Financial Cryptography on October 26, 2005 03:08 PM
Jim points out that eBay is to purchase the VeriSign payments gateway business: eBay’s PayPal said the acquisition would enable it to include new small- and medium-size business customers in its user base, as well as expand its repertoire of...
Posted in Financial Cryptography on October 12, 2005 10:07 AM
Adam points to a great idea by EFF and Tor: Tor is a decentralized network of computers on the Internet that increases privacy in Web browsing, instant messaging, and other applications. We estimate there are some 50,000 Tor users currently,...
Posted in Financial Cryptography on August 20, 2005 10:00 AM
Skype might be justly lauded in these pages for doing something that only one other product has ever done - getting crypto to the masses in a usable fashion. And it is fair to say that Skype is a killer...
Posted in Financial Cryptography on June 22, 2005 01:08 PM
VoIP has been an unmitigated success, once Vonage and Skype sorted out basic business models that their predecessors (remember SpeakFreely, PGPFone?) did not get right. And everyone loves a story of connivery and hacker attacks. Now the security industry is...
Posted in Financial Cryptography on May 11, 2005 08:30 AM
Cubicle packaged up the available analysis on Skype and came up with a bunch of risks which the spreading VoIP app imposes on the poor corporate victims of free telecoms. The bottom line was that the risks remain low; although...
Posted in Financial Cryptography on April 7, 2005 03:07 PM
Skype's success has caused people to start looking at the security angle. One easy claim is that because it is not open source, then it's not secure. Well, maybe. What one can say is that the open source advantage to...
Posted in Financial Cryptography on February 13, 2005 06:41 PM
The Year of the Phish has passed us by, and we can relax in our new life swimming in fear of the net. Everyone now knows about the threats, even the users, but what they don't know is what happens...
Posted in Financial Cryptography on January 9, 2005 05:22 PM
Adam picked up an article analysing Skype. For those on the cutting edge, you already know that Skype is sweeping the boards in VOIP, or turning your computer into a phone. Download it today ... if you have a Mac....
Posted in Financial Cryptography on January 8, 2005 08:15 PM
In the US, the FCC has voted to enforce CALEA - wiretap rules - on VoIP operators [1] [2]. These businesses (like Vonage) provide Internet calls to their switches and then onto the public network. They are fantastically successful, because...
Posted in Financial Cryptography on August 9, 2004 04:09 AM
This Slate article "Can They Hear You Now?" details how a Kazaa-style VoIP operator called Skype has emerged. What type of encryption is used? Skype uses AES (Advanced Encryption Standard) - also known as Rijndel - which is also used...
Posted in Financial Cryptography on February 25, 2004 12:10 PM