Search Results from Financial Cryptography
Some things I've seen that match predictions from a long time back, just weren't exciting enough to merit an entire blog post, but were sufficient to blow the trumpet in orchestra: Chris Skinner of The Finanser puts in his old...
Posted in Financial Cryptography on May 19, 2010 09:44 PM
Twan points to an odd thing from the Securities and Exchanges Commission in USA: We are proposing to require that most ABS issuers file a computer program that gives effect to the flow of funds, or “waterfall,” provisions of the...
Posted in Financial Cryptography on April 24, 2010 09:15 AM
In an influential paper, Prof Ross Anderson proposes that the _Market for Lemons_ is a good fit for infosec. I disagree, because that market is predicated on the seller being informed, and the buyer not. I suggest the sellers are...
Posted in Financial Cryptography on April 13, 2010 02:25 AM
A wave of stupidity is flooding through the USA mediawaves. Here's an example: A cyberattack disabled US cell phone networks, slowed Internet traffic to a crawl and crippled America's power grid Tuesday -- all in the interest of beefing up...
Posted in Financial Cryptography on February 22, 2010 04:59 PM
Which reminds me to push out yet another outrageous chapter in secure protocol design. In my hypothesis #4 on Protocol Design, I claim this: #4.3 Simplicity is Inversely Proportional to the Number of Designers Never doubt that a small group...
Posted in Financial Cryptography on December 7, 2009 09:04 AM
We often print numbers reported in the press and other places, because sometimes these are useful for dealing with the fantasies and fallacies common in this world. I wish they were more used! Stephen Mason and Roger Porkess have just...
Posted in Financial Cryptography on October 16, 2009 09:04 AM
Stephen Mason reports that MITB is in court: A gang of internet fraudsters used a sophisticated virus to con members of the public into parting with their banking details and stealing £600,000, a court heard today. Once the 'malicious software'...
Posted in Financial Cryptography on October 1, 2009 09:26 AM
So, if they are not doing audits and accounting, where does the accounting profession want to go? Perhaps unwittingly, TOdd provided the answer with that reference to the book Accounting Education: Charting the Course through a Perilous Future by W....
Posted in Financial Cryptography on September 18, 2009 09:13 AM
A month ago, the crypto-tea rooms were buzzing about the result in AES-256. Apparently, now weaker than AES-128. Can it be? Well, at first I thought this was impossible, because the cryptographers were not paniccing, they were simply admiring the...
Posted in Financial Cryptography on September 5, 2009 03:16 PM
Following yesterday's post, here's a today example of thinking about unknowns -- yesterday's, today's and tomorrow's. Currently the experts in crypto and protocol circles are championing "algorithm agility". Why? Because SHA1 is under a cloud, and MD5 is all-but-drowned. It...
Posted in Financial Cryptography on September 3, 2009 04:21 PM
I had been meaning to write something on audits when this dropped into the email box from Bruce Schneier, late last year, which gave me the perfect opening: How to Prevent Digital Snooping [snip] What these three incidents illustrate is...
Posted in Financial Cryptography on January 25, 2009 05:38 PM
Alex writes in comments a response to my "Business" post. As it is comprehensive and detailed, I'll re-post it here for reasons I can't exactly explain. Here goes, rest of words from Alex: I find that most people with InfoSec...
Posted in Financial Cryptography on January 23, 2009 11:28 AM
Skype loses some of its shine. Here's a list I've built up over the last year, others have better lists. the Chinese use it for targetting and eavesdropping. In other rumours, it has been said (!) that the intel agencies...
Posted in Financial Cryptography on January 22, 2009 01:41 PM
Ian says in comments to the post on "Business": Your emphasis - exactly. I read Frank's 'paper' yesterday and I read it very differently. You've missed emphasising "security is essentially risk management" in the first sentence. i.e. Frank IS saying...
Posted in Financial Cryptography on January 17, 2009 03:48 PM
The USA financial mess was seen taking a brief pause, with almost 24 hours going by without another new world record in greatest failures ever. Morgan Stanley gamely held on ... But even as we speak, they are preparing the...
Posted in Financial Cryptography on September 21, 2008 03:31 PM
Gunnar lauds a post on why there are few architects in the security world: Superb post by Mark on what I think is the biggest problem we have in security. One thing you learn in consulting is that no matter...
Posted in Financial Cryptography on September 20, 2008 05:59 AM
People on the crypto list were asking whether prices of street sales of insecurity could tell us stuff, like the drugs czars get from the price of street drugs. Dan Geer reports that the current cost of US passports is:...
Posted in Financial Cryptography on September 11, 2008 07:07 AM
The following is either explicitly taken from Stephen Mason (2007), Electronic Signatures in Law, Tottel, 2nd edition; or implicitly builds on that book. The Definition of the Signature A definition of a signature is: a token of the intent of...
Posted in Financial Cryptography on July 20, 2008 07:01 PM
Life is slowly improving with that old tired security model called secure browsing. Here's a roundup: Firefox have their new security UI in place whereby you can click on exceptions to store the certificates as accepted and trust by you...
Posted in Financial Cryptography on June 6, 2008 10:21 AM
One of the frequently lamented complaints of PKI is that it simply didn't scale (IT talk for not delivering enough grunt to power a big user base), and there was no evidence to the contrary. Well, that's not quite true,...
Posted in Financial Cryptography on March 20, 2008 04:08 AM
This would be almost boring except for the numbers involved. The Economist writes: TROUBLE had been expected but nothing like this. Widespread concerns that Société Générale, a large French bank, had more subprime-related problems to reveal were proved right on...
Posted in Financial Cryptography on January 24, 2008 03:14 PM
Still reeling at the shock of that question, it feels like time to introduce another hypothesis: #4.2 Simplicity is Inversely Proportional to the Number of Designers Never doubt that a small group of thoughtful, committed citizens can change the world....
Posted in Financial Cryptography on January 11, 2008 02:35 PM
Some good news: after a long hard decade, OpenPGP is now on standards track. That means that it is a standard, more or less, for the rest of us, and the IETF process will make it a "full standard" according...
Posted in Financial Cryptography on November 8, 2007 11:08 AM
Jonath over at Mozilla takes up the flame and publishes lots of stats on the current state of SSL, phishing and other defences. Headline issues: Number of SSL sites: 600,000 from Netcraft Cost of phishing to US: $2.1 billion dollars....
Posted in Financial Cryptography on August 23, 2007 09:06 AM
Over at Dave's digital money blog, he keeps writing financial cryptography posts ... which saves the blog from doing it! Last night he opined on whether he could construct a new high level view of the changes to money: The...
Posted in Financial Cryptography on August 16, 2007 04:43 AM
Dave Birch reads Leo van Hove's new article "Central Banks and Payment Instruments: a Serious Case of Schizophrenia": This article analyses the competition between cash and payment cards against the backdrop of the dual role of central banks - as...
Posted in Financial Cryptography on August 12, 2007 02:02 PM
From the where did you read it first? department here comes an interesting claim: Beyond obvious tips like activating firewalls, shutting computers down when not in use, and exercising caution when downloading software or using public computers, Consumer Reports offered...
Posted in Financial Cryptography on August 9, 2007 07:36 AM
Thoughts from the modern world: My incompetence with electronics and computers has always been offset by help from friends in the software industry. The lesson I learned from trying to work with an older-generation iPod is different. Technologies of different...
Posted in Financial Cryptography on May 11, 2007 09:13 AM
Unconfirmed claims are being made on WSJ that the hackers in the TJX case did the following: sat in a carpark and listened into a store's wireless net. cracked the WEP encryption. scarfed up user names and passwords .... used...
Posted in Financial Cryptography on May 7, 2007 02:27 PM
As inspired by this paper on S/MIME signing, I (quickly) surveyed what the RFCs say about S/MIME signature semantics. In brief, RFCs suggest that the signature is for the purpose of: integrity of content or message authenticity of the sender...
Posted in Financial Cryptography on May 5, 2007 09:23 AM
In the ongoing saga of "what is security?" and more importantly, "why is it such a crock?" Bruce Schneier weighs in with some ruminations on "feelings" or perceptions, leading to an investigation of psychology. I think the perceptional face of...
Posted in Financial Cryptography on March 10, 2007 12:20 PM
Sometimes someone writes a sweeping article that just happens to include why Financial Cryptography is so important, and also so misunderstood. Here's an article by Reuven Brenner (posted by RAH): What happens when societies either do not have or destroy...
Posted in Financial Cryptography on February 25, 2007 12:25 PM
Lynn mentioned in comments yesterday: I guess I have to admit to being on a roll. :-) Lynn grasped the nexus between the tea-room and the systems room yesterday: One of the big issues is inadequate design and/or assumptions ......
Posted in Financial Cryptography on October 6, 2006 02:35 PM
"Hackers clone e-passports" from wired reports that the RFID in the new passport formfactor can be cloned for peanuts: Grunwald says it took him only two weeks to figure out how to clone the passport chip. Most of that time...
Posted in Financial Cryptography on August 4, 2006 08:42 AM
SWIFT was extorted to hand over the data. According to two Austrian reports: "Einverständnis wurde abgepresst" Per Gerichtsbeschluss sollte der gesamte Datenverkehr in der US-Zentrale von SWIFT beschlagnahmt werden, falls SWIFT nicht freiwillig eine bestimmte Zahl von Datensätzen liefere -...
Posted in Financial Cryptography on July 22, 2006 02:42 PM
In the breach that keeps on breaching, I suggested that the reason the Bush administration was nervous of the program was that the Europeans might be embarrassed via public opinion to put in place real governance. I was close (dead...
Posted in Financial Cryptography on July 7, 2006 01:57 AM
This may be the first of its kind. I've long predicted this response to ropey SSL industry practice, but unfortunately, today, I have no time to comment! (Note - FC is moving ... expect some disruption.) Firm leads $200M suit...
Posted in Financial Cryptography on May 31, 2006 10:13 AM
By now, all know about Plamegate, the Valerie Plame affair. It seems that the White House leaked information in order to suppress an alternate view to the approved intelligence story. As they leaked actual intelligence information to do this, the...
Posted in Financial Cryptography on May 16, 2006 04:11 AM
America moves a bit closer to using cells (mobiles outside the US) for payment. What I find curious is why banks don't simply use their customer's phones as two-factor tokens. It can't be any more sophisticated than selling a ring...
Posted in Financial Cryptography on March 2, 2006 08:54 AM
Todd Critiques! iang wrote: > Financial Cryptography Update: Brand matters (IE7, Skype, Vonage, Mozilla) > [........] > No, brand is a shorthand, a simple visual symbol that points to the > entire underlying security model. Conventional bricks&mortar > establishments use...
Posted in Financial Cryptography on February 14, 2006 12:19 PM
The case against G&SR, operators of the e-gold payment system, has been filed in Washington DC courts. Here are some of the filings, apparently from the PACER system, which is a US Government site for court documents. Complaint Doc3 Doc4...
Posted in Financial Cryptography on January 26, 2006 12:20 PM
Adam points to Ethan's musings on the dire need to move many small payments across borders. It's a good analysis, he gets it right. Remittances has been huge business for a long time. However it didn't burst onto the international...
Posted in Financial Cryptography on January 17, 2006 05:55 AM
We would be remiss if we didn't also measure the theory of GP (GP1, GP2, GP3) against that old hobby horse, phishing. When ecommerce burst on the scene as an adjunct to browsing, it pretty quickly emerged as "taking credit...
Posted in Financial Cryptography on December 30, 2005 07:51 PM
I've been thinking about software liability a bit and just the other day had a bit of a revelation. If security software came with liability it would destroy the security industry. That's the good news :-) The bad news is...
Posted in Financial Cryptography on July 8, 2005 09:56 AM
Whitfield Diffie is again interviewed, and this time the interviewer gave him the full benefit of a leading question: A running joke is that whatever year we're in is "The Year of PKI," meaning the technology has yet to live...
Posted in Financial Cryptography on April 24, 2005 09:15 AM
Elliot Spitzer's office of the Attorney General has introduced a package of legislation intended to "rein in identity theft." Well, good luck! But here's one thing that won't help: Facilitating prosecutions against computer hackers by creating specific criminal penalties for...
Posted in Financial Cryptography on April 19, 2005 06:09 AM
The Champion of NerdHerders points to the pathological habit of nerds-gone-binary to do either all of it or nothing. It's true, that we all face this inability to create a sensible compromise and to recognise when our binary extremes are...
Posted in Financial Cryptography on April 13, 2005 09:55 AM
Online fraud has been organised, industrialised, institutionalised and big for some time now. When I tell people that they just look blank, they have no conception of what this means. In a nutshell, it means they're making money, scads of...
Posted in Financial Cryptography on April 11, 2005 02:10 PM
Hop on a plane, land, and discover Adam has posted 13 blog entries, including one that asks for more topics! Congrats on 500 posts! He posts on some testimony: " the only part of our national security apparatus that actually...
Posted in Financial Cryptography on March 3, 2005 08:30 AM
In another win for open governance, Nasdaq Trader has listed all the stocks that it found has breached the "failed to deliver" limits of the SEC. How embarrassing! Which is the exact point - just how many of the trades...
Posted in Financial Cryptography on February 12, 2005 10:29 AM
Another case of the One True Number syndrome: If you are one of those mystified as to why phishing is so talked about, read this article. Or, if confused as to why computer scientists get angry when governments talk about...
Posted in Financial Cryptography on February 7, 2005 06:05 AM
It seems that no sooner than I'd got the polemic on Why Hollywood has to take one for the team off my chest, Dr Ron Paul, a Representative in the US Congress, proposed legislation to the US Congress to ban...
Posted in Financial Cryptography on January 14, 2005 11:49 AM
The Year of the Phish has passed us by, and we can relax in our new life swimming in fear of the net. Everyone now knows about the threats, even the users, but what they don't know is what happens...
Posted in Financial Cryptography on January 9, 2005 05:22 PM
What could be called the "one true number" syndrome has been spotted by Simon Lelieveldt over on his blog. He points to this paper 9210: the zip code of another IT-soap: "Nine-to-ten (9210) refers to the problem that the Dutch...
Posted in Financial Cryptography on December 15, 2004 09:12 AM
Frans Johansson on the Medici Effect By exploring the intersections between different disciplines and cultures, one may discover the next groundbreaking ideas. Frans Johansson is a consultant and author of the new book, "The Medici Effect," published by Harvard Business...
Posted in Financial Cryptography on October 12, 2004 04:48 PM
Sarbanes-Oxley is the act to lay down the law in financial reporting. It's causing a huge shakeup in compliance. On the face of it, better rules and more penalties should be good, but that's not the case here. Unfortunately, the...
Posted in Financial Cryptography on September 3, 2004 05:34 AM
I had heard about Stockgate a while back when the Nanopierce lawsuit was filed. At the time, it looked like a hopeful settlement deal, but now more details have come to light [1]. And what details! This may well be...
Posted in Financial Cryptography on June 22, 2004 07:26 AM
The White House administration has apparently defied the US Congress and kept the controversial "Total Information Awareness" going as a secret project. A politics journal called Capitol Hill Blue has exposed what it claims is the TIA project operating with...
Posted in Financial Cryptography on June 10, 2004 04:57 PM
The great shifts in currency politics go on - this polemic "Bretton Woods and the Forgotten Concept of International Seigniorage" is on the background of the USD since Bretton Woods, leading up to the recent Iraq invasion. Evidence seems to...
Posted in Financial Cryptography on February 23, 2004 09:16 AM
http://www.glenbrook.com/opinions/financial-privacy.html Momentum towards stronger financial privacy for consumers in the United States has picked up a lot of steam over the last 30 days. While most welcome the change, some financial institutions are still tentative about the new direction, others...
Posted in Financial Cryptography on October 9, 2003 07:07 AM