Where the crypto rubber meets the Road of Finance...
E-gold founders to plead guilty?
Lewis Carroll on the mischief of signing
SEC bans illegal activity then permits it...
The Definition and Function of the Signature (drawn from Mason 2007)
SEC starts to investigate Bear Stearns. Or does it?
Mystified by subprime? ask the Telegraph...
Why do Banks lend poorly in the sub-prime market? Because they are not in Banking!
The sorry tale of the US Dollar's long downwards spiral -- how did this happen?
wheretofore Vista? Microsoft moves to deal with the end of the Windows franchise
DNS rebinding attack/patch: the germination of professional security cooperation?
Digital Evidence: Musing on the rocky path to wisdom
German court finds Bank responsible for malwared PC
Cross-border Notarisations and Digital Signatures
H4.2 -- Usability Determines the Number of Users
Why is is this blog secure? Because there is only one mode, and it is secure!
updating Top Tips for your security -- keep the Mac, Firefox 3, add NoScript?
Digital Evidence -- 26-27 June, London
Historical copy of PGP 5.0i for sale -- reminder of the war we lost
Digital Signing: new category for FC
Selling Security using Prospect Theory. Or not.
Hypothesis #4 -- The First Requirement of Security is Usability
Negroponte's judo flip on the PC industry
The Dutch show us how to make money: Peace and Cash Foundation
TLS/httpd finally to be fixed for general purpose website security
BarCampBankLondon: alternative finance workshop
Technologists on signatures: looking in the wrong place
Case Study 2: OpenSSL's patched-out randomness
Firefox 3 and the new "make a security exception" (+ 1 bug)
Information Security enters deadly embrace with Social Networking
Case study in risk management: Debian's patch to OpenSSL
Monetary Ontology
Phishing faceoff - Firefox 3 v. the market for your account
What makes a Security Project?
The Italian Job: highlights the gap between indirect and direct damage
H2.2 KISS -- Keep the Interface Stupidly Simple
USD reserve currency shift -- some numbers
Paypal -- Practical Approaches to Phishing -- open white paper
VCs have a self-destruction gene, let's tweak it
The Medium is the Message: what is the message of security today?
Fair Disclosure via blogs? Anyone listening to Pow, Splat, Blech?
The illusion of Urban Legends - the Dutch Revolving Bicycle Cycle
2 views on the RSA security conference: a war of signals?
Browser news: Fake subpoenas, the OODA waltz, and baby steps on the client side
On the search for the perfect Identity Biometric: scratch Iris
Proving that you know something about security...
Signs of Liability: 'Zero Day Threat' blames IT and Security industry
another way to track their citizens
An idea for opportunistic public key exchange
Pogo reports: big(gest) bank breach was covered up?
S/MIME: we don't need more reasons why it failed...
Liability for breaches: do we need new laws?
World's biggest PKI goes open source: DogTag is released
Trojan with Everything, To Go!
Format Wars: XML v. JSON
The Trouble with Threat Modelling
Is "National Security" a market for silver bullets?
Microsoft acquires Stefan Brands (patents and friends)
Economics not repealed, just slow: Paypal blames Browsers for Phishing
Attack on Brit retail payments -- some takeways
Principle of Redundancy
Say it ain't so? MITM protection on SSH shows its paces...
What is Apple doing with the iPhone?
FC2008 -- report by Dani Nagy
H2.1 Protocols Divide Naturally Into Two Parts
on Revocation of Signing Certs and Public Key Signing itself
How does the smart telco deal with the bounty in its hands?
Chip&PIN cards: 1 in 5 cloned?
SocGen - the FC solution, the core failure, and some short term hacks...
middle banking in a english muddle
Rumours of Skype + SSL breaches: same old story (MITB)
When the SLippery SLope beckons
Break the rules of governance and lose 4.9 billion...
How to improve the Standards Process: the Prisoner's Dilemma
#4.2 Simplicity is Inversely Proportional to the Number of Designers
What good are standards?
UK data breach counts another coup!
Why Security Modelling doesn't work -- the OODA loop of today's battle
2008 -- The Year of the Raven!
2007: year in review...
MITM spotted in Tor
CFP -- WEIS -- papers by 1st March 2008
How to crack RSA
Oddly good news week: Google announces a Caps library for Javascript
H1: OpenPGP becomes RFC4880. Consider Hypothesis #1: The One True Cipher Suite
Entire UK security industry is sent to Pogo's Swamp
Zopa and Listed Loans
My fake passports and me
Your online Identity supplier
Where the US Congress is going on virtual regulation
Storm Worm signals major new shift: a Sophisticated Enemy
Arbitration -- a community tool or a weapon?
Snake oil is snake oil?
Prepaid cards: offering the ECB a deal it cannot refuse
If Insurance is the Answer to Identity, what's the Question?
Threatwatch - more data on cost of your identity
The Failure of the Academic Contribution to Security Science
How S/MIME could suck slightly less with a simple GETSMIME
Identity news: Identity Forum, November 07 open for business, Second Life identifies with its users
Why are analyses of cash v. debit card so fundamentally flawed?
On the downside of the MBA-equiped CSO...
Threatwatch: US-SSNs melt for $50 in MacArthur Park
Open Governance - Vini Vidi Vici (Second Life, BAWAG)
Learning from Iraq and Failure
Threatwatch: Numbers on phishing, who's to blame, the unbearable loneliness of 4%
DNS Rebinding, and the drumroll of SHAME for MICROSOFT and APACHE
Skype on the test of a utility
SEPA meets Money 3.0 -- a trainwreck?
FUDWatch: NSA's shift to ECC, IESG lowers boom on cryptostrength, John Young on Fud versus Fud
The fundamental _barrier to entry_ in the business of payment systems
Susan Landau on threats to the USA: don't forget Pogo
The Uneasy Ride on the Cryptography Bandwaggon
Mozilla gets proactive about browser security?
Shock of new Security Advice: "Consider a Mac!"
Verisign reminder of what data security really means
WebMoney does a gold unit
Microsoft asserts itself as an uber-CA
Security can only be message-based?
Doom and Gloom spreads, security revisionism suggests "H6.5: Be an adept!"
National insecurity - all your packets are belong to US
more on firing your MBA-less CSO
Know Your Enemy: Scott McNealy on security theater
If your CSO lacks an MBA, fire one of you
Threatwatch: how much to MITM, how quickly, how much lost
ROI: security people counting with fingers?
Breaching a telco, completely -- an exercise in breaches
Metricon 2.0 -- Boston, 7.Aug.2007 -- talks announced
CFP -- FC07 -- papers by 25th September
"Trusted-Hardcopy" -- more experiments with digitising paper and signatures
SWIFT breach -- class action suit, can we rely on government for privacy of financial data?
What is the DRM problem?
Identity resurges as a debate topic
PKI moving to adopt the plugin model -- realignment to security based on user-needs?
No such thing as provable security?
Choose your hatchet: when governance models collide
When to bolt on the security afterwards...
Is this Risk Management's Waterloo?
The Myth of the Superuser, and other frauds by the security community
And now the phoney war on cash (a.k.a., give us another subsidy, ma!)
K6 again, again and again. Therefore, H6.4 -- Compromise on Security before Delivery
US government seizes the gold in frozen acounts
H6.3 and the clash of worlds -- IESG v. iPods --- Security for the throwaway generation
Leadership, the very definition of fraud, and the court of security ideas
Solution to phishing -- an idea who's time has come?
H6.2 Most Standardised Security Protocols are Too Heavy
Threatwatch: Still searching for the economic MITM
WSJ: Soft evidence on a crypto-related breach
H6.1: Designing (Security) Without Requirements is like Building a Road Without a Route Map to a Destination You've Never Seen.
survey of RFC S/MIME signature handling
US moves to seize the gold
Hal Finney on 'AACS and Processing Key'
Message is the Center
more Tipping Point evidence - POS vendors sued
e-gold responds -- denies Criminal Charges
Dr Geer goes to Washington
Security Expertise from Cryptographers: the Signals of Hubris
e-gold founders indicted
US moves to freeze Gold payment reserves
Breached *and* sued -- is TJX the tipping point to liability alignment?
WEIS2007 - Econ Info Sec - programme announced
The Begining of Governance - the Egyptian Accountants
Counting Chickens at eTrade, bankruptcy in Europe, and costs in America
We pluck the lemons; you get the plums: the Lemon Maligned, in Wikipedia as in the security literature
On cleaning up the security mess: escaping the self-perpetuating trap of Fraud?
the plan to save Paypal: Skype revealed...
Our security sucks. Why can't we change? What's wrong with us?
Metricon 2.0 -- Boston, 7.Aug.2007
Does non-profit mean non-governance? Evidence from the fat, rich and naive business sector
H3 - there is only one mode, and it is secure
What to do about responsible disclosure?
The One True Identity -- cracks being examined, filled, and rotted out from the inside
Threatwatch: MITB spotted: MITM over SSL from within the browser
Threatwatch - bots, selling Ameritradelity, all your DNS belong to US
The Founder Paradox
Cost of an identity
Finally, someone gets done for Money Laundering....
An ordinary crime: stock manipulation
Feelings about Security
WebMoney Annual Report: competition with Belarus Government
Open Governance - using the 5th Party to protect the asset
Random stats on instant messaging (IM/chat) ...
U.S. Dollar Drops Against Counterfeit U.S. Dollar
Insider fraud -- innocent client networking or excessive liposuction?
Crypto Revisionism -- Hypothesis #6 -- It's your Job. Do it.
The alternative to FC is unprintable - Ahmadinejad and capital markets
Any good definitions of Phishing?
Threatwatch: $400 to 'own' your account
How to breach a company: Spies, Lies and KPMG
Why Linux doesn't care about governance...
On starting afresh with Security...
on Governance
Stakeholders in Security
EV - what was the reason, again?
EV - liability situation is SNAFU
NIST Competition to create new Hash algorithm
Critiquing the Mozo (draft) principles
Mozo posts some draft Principles
Nokia and Visa announce handset payment system
More on why Security isn't working -- it's in your Brain?
Tom Greco's blog
Pennies - RSA reveals attack kits? and Why Gift Cards,
The Year of the Platypus - 2007 predicted
Usable Security 2007 -- Preliminary Programme -- colocated with FC2007
Cat's Credit Card
FC07 Preliminary Programme - Leaving Room for the Bad Guys
Skype drops the payments bombshell
Now, *that's* how to do security...
Non-repudiation, Evidence and TLS: another fine mess I've got you into :-(
Changing the Mantra -- RFC 4732 on rethinking DOS
ATS and the death of a thousand tiny cuts
CFP - Computer Security Foundations
The year of the Bull: The predictable rampage in review ...
Who has a Core Competency in Security?
What is the point of encrypting information that is publicly visible?
CFP: 6W on the Economics of Information Security (WEIS 2007)
The Grnch writes: "Am I supposed to trust your opinion on cryptography?"
Extended Validation - setting the minimum liability, the CA trap, the market in browser governance
SWIFT breach - Big Brothers
Tracking Threats - how whistleblowers can avoid tracking by cell/mobile
SWIFT breach - SWIFT broke the law, the laws have changed, the ECB ducks responsibility
The Big Shift in Voice -- the deadly embrace of handset manufacturers and telcos
Evils of Crypto Buzzword Plague -- AES is Pareto-secure but ECB is not
Tracking email - the disappearing myth, the #1 threat, versus ultra rare sighting of eavesdropping attack
NZ on Identity
Audit Follies - Atlantic differences, branding UnTrust, thumbs on Sarbanes-Oxley, alternates...
Why security training is really important (and it ain't anything to do with security!)
How the Classical Scholars dropped security from the canon of Computer Science
The Last Link of Security
Mozilla moves on security
Threatwatch - the Feds are back, Israel finds it cuts both ways, Cybersecurity Enemy #1
SWIFT breach - Roundup - Good Morning Europe, BoE got out early, Simon Davies: "we won't be fooled again."
Threatwatch - sigint by Hezbollah, nyms by torture units, closed source weaponry
WESII - Programme - Economics of Securing the Information Infrastructure
FC'07 - call for papers - Financial Cryptography and Data Security
NFC - telco operators get another chance at innovation
The one secure mode; Thunderbird would meet Kerckhoffs' 6th; and how easy it is to make it secure...
Mozilla now has a "Chief Security Something"
Introducing the new HavenCo location...
Universal Music throws in the towel, price of music drops to $0.00
SHA1 weakened further in new attacks
Fraudwatch - how much a Brit costs, how to be a 419-er, Sarbanes-Oxley rises as fraud rises, the real Piracy
Identity v. anonymity -- that is not the question
Naming the unnamable, "We have a problem, Houston," who blinks first? and who replaces President Bush?
Privacy v. LEO interests -- too simple an approach?
Slapdown - US Court rules against Bush wiretaps
Fraudwatch - Chip&PIN one-sided story, banks and deception and liability shifts
Usable Security (USEC'07)
Sarbanes-Oxley is what you get when you don't do FC
Thank AOL for bringing us this example of datamining
SWIFT breach - leverage v. due process, Spy v. Spy, audit v. Ajax, three questions for SWIFT
IdentityWatch: Cloning the RFID, swimming the channel on the cheap, the Russian view, AML success rate, and the genesis of Id Theft?
Payments and Settlements News - No. 42
smart cards with displays - at last!
FC'07 - call for papers
Firefox as a mainstream security risk - three threats
Case Study: Thunderbird's brittle security as proof of Iang's 3rd Hypothesis in secure design: there is only one mode, and it's secure.
More Brittle Security -- Agriculture
SWIFT breach - the 'squeeze', justice not being done, the Europeans wake up to "restaurant economics" a.k.a. industrial espionage
ePSO - european Payments and Settlements News - No 41
Threatwatch - "you again operate impulsively in the manner"
SWIFT breach - embarrassed Europeans, outrageous acting in Congress, the aggreated abuses, camelgate, and the institutionalised defrauding of American values
on Leadership - Plants, weeds, and harnessing Stop Energy in your pet Triffid
Threatwatch - 2-factor tokens attacked by phishers - another "must-have" security tool shown to be fighting the last war
Galileo (EuroGPS) cracked
Phishing for SNI progress - tantalisingly close?
SWIFT breach - canonically novel theories in law revealed
DDA cards may address the UK Chip&Pin woes
on Leadership - how to achieve the impossible with the five phases of _win-win_
SWIFT breach - softly softly, catchee monkey?
Apple to help Microsoft with "security neutrality"?
on Leadership - negotiating the RTFM into the realm of forgotten schoolyard jokes
on Leadership - tech teams and the RTFM factor
It's official! SSH whips HTTPS butt! (in small minor test of no import....)
Sealand - more pictures
on Leadership - roles around the May Pole
How many people are turned away by the FC certificate?
Roundup on SWIFT breach -- limits claimed are already breached -- US citizens are the victims
FC++3 - Advances in Financial Cryptography, Number Three
FC++3 - Dr Mark Miller - Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control
FC++3 - Concepts against Man-in-the-Browser Attacks
FC++3 - The Market for Silver Bullets
Sealand burnt out - aid sent by neigbour UK - security guard airlifted
SWIFT breached - Big Badda Boom - will this hasten dollar shift?
Identity 7, watchlist error rate, $300 to get off the watchlist
The Fed knows - more evidence that the Fed is managing the washback
Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security
White Helicopter - Is eavesdropping a "Clear and Present Danger" - the definition of a validated threat?
Black Helicopter #2 (ThreatWatch) - It's official - Internet Eavesdropping is now a present danger!
Black Helicoptor #1 - Is the data theft epidemic more than coincidental?
Microsoft - will they bungle the security game?
Naked Payments IV - let's all go naked
USD shift in reserve currency status confirmed - call it 10% per year
Naked Payments III - the well-dressed bank
Naked Payments II - uncovering alternates, merchants v. issuers, Brits bungle the risk, and just what are MBAs good for?
Naked Payments I - New ISO standard for payments security - the Emperor's new clothes?
How cheap is it to get companies to escrow records for LEAs?
Firefox to check in with Google-central - Is Mozilla in unconstrained commercial rampage already?
CryptoKids, education or propaganda, ECC, speed or agenda capture?
Courts as Franchises - the origins of private law as peer-to-peer government
ThreatWatch - the war on our own fears
Dodgy practices - and how to defend against them with Audits
Verisign sued over dodgy security practices
Users do not need online banking
British Columbia Supreme Court rules that you should lie back and enjoy it
How much is all my email worth?
Is VeriSign's buyout of GeoTrust anti-competitive?
CFP - W. Economics of Securing the Information Infrastructure
Opera talks softly about user security
ThreatWatch - markets in loss, Visa's take, 419 "chairmen"
It is no longer acceptable to be complex
Spring is here - that means Pressed Flowers
Indistinguishable from random...
When they cross the line...
This Modern World - First they say they don't collect that data....
CA market consolidates - Verisign to buy Geotrust
Freshfaced risks: Licensed to Secure, 007 seconds out of College, a Risky Future indeed!
US and EU cooperating on phone tracking
Tracking you, tracking me, tracking everyone
Markets in Imperfect Information - Lemons, Limes and Silver Bullets
Money costs: a dollar, a penny, a system, an experience
3 of the big 4 - all doing payment systems
Tracking Threats - USA Telco, Inc., shares billing records with NSA, Pretexters, foreign governments, anyone, really
JIBC April 2006 - "Security Revisionism"
Chip-and-Pin terminals were replaced by "repairworkers" ?
Reliable Connections Are Not
Payment systems - the explosion of 1995 is happening in 2006
Petrol firm suspends chip-and-pin
Security Soap Opera - (Central) banks don't (want to) know, MS prefers Brand X, airlines selling your identity, first transaction trojan
Shifting the Burden - legal tactics from the contracts world
Fido reads your mind
News and Views - Mozo, Elliptics, eBay + fraud, naïve use of TLS and/or tokens...
Unique Transaction Numbers in SWIFT
Is Provenzano a Kindergarten Cryptographer?
Numbers on British Fraud and Debt
Security Gymnastics - Risk-based from RSA, security model rebuilding from MS, and taking revocation to the next level?
Voting and more from the Red Queen
Separation of Roles - an example
Court rules email addresses are not signatures, and signs death warrant for Digital Signatures.
Worldwide Internet boom to finish by 2009
Threatwatch - Voice Threat Models are Snafu - Situation Normal All F***ed Up
Why audits are so important
Notary Publics to Cryptographers - keep yur grubby mits off!
Threatwatch - pricing the password crack
Votes are coins stamped with the Red Queen's head
ThreatWatch - Sony is your friend, Game Over?, Meccano costs, and it'll all be better in two years
4th April, 1984
Thank Skype for not listening
Random Pennies
Professional Associations in IT Security
Call for Nominations - 2006 PET AWARD
How does the dominatrix of the open source world encourage her clients to pay for their pain?
Prof. Iang
Meccano Trojans coming to a desktop near you
Digital Money 29th, 30th
Threatwatch - trojan hijacking, proxy victims, breaching conflicts of legal interest, semi-opaque blue hats
Just another day in the office of Identity Control
NIST opens new DSA format for comments
ThreatWatch - the Mac gets hacked
FraudWatch - Chip&Pin, a new tenner (USD10)
"doing the CA statement shuffle" and other dances
Google strives for hard cold cash
News on payments: mobile/cell, Skype, Google
Identity on the move III - some ramblings on "we'll get it right this time, honest injun!"
Identity on the move II - Microsoft's "Identity Metasystem" TM, R, Passport-redux
Identity on the move I - Stefan Brands on user-centric identity management
new cert for FC
iVirus, Mr & Mrs Smythe, Shaking the Incumbents, Ping on convenience, Gmail on inconvenience
High Assurance - summary of the Due Diligence
Major Browsers and CAs announce Balkanisation of Internet Security
Branded Experiments
More dots than you or I can understand (Internet Threat Level is Systemic)
Birch on Blogs, decimal points matter with houses, too, and Bill Gates predicted...
Todd Boyle: value of transactions versus security model
SSL phishing, Microsoft moves to brand, and nyms
Brand matters (IE7, Skype, Vonage, Mozilla)
The Market Price of a Vulnerability
Picturing her location
Edgar Rice Burroughs on Complementary Currency
The last (US) telegram, another FV copycat, another signature snafu
A Nokia Without A Phone
Threatwatch - tracking you, tracking me, tracking us all
The Price for Your Identity
Negotiation and the rule of three favours
Startups, Free Banking, Gift cards
Why passports will have RFIDs
US District Court uses digital signatures
G&SR / e-gold case in Washington DC court
DigSig News - Notaries apply for an old Franchise, Colorado does PK with BRNs, old anecdote
Szabo on the Contract v. the Note
The node is the threat: Mozilla, the CIA, Skype, Symantec, Sony, .... and finally a WIRE THREAT: Bush
How Many Transactions?
Bill Monk - LETS goes commercial
Remittances - the bane of the Anti-Money Laundering Authorities
Exploit Feeds - a public service or a commodity with a price?
Arbitration Arises on the net
RSA comes clean: MITM on the rise, Hardware Tokens don't cut it, Certificate Model to be Replaced!
Our Private Bayesian Rules Engine
easy call #1 - USG to maintain control of Internet
Open governance, bicycle helmets and certifying authorities
Non-profits and Fraud - case #1
e-gold under attack
Rights in the New Year
13 reasons why security is not a "Requirement"
Paymer Anatomy - anyone an issuer
GP4.3 - Growth and Fraud - Case #3 - Phishing
Netcraft - 450 phishing cases using SSL / HTTPS certs
2006 - The Year of the Bull
How the Chinese avoided insider fraud for over a millenium - The Chinese Remainder Theorem
Early History of SSL - guess who invented the colour bar?
GP4.2 - Growth and Fraud - Case #2 - e-gold
Brickbats and Plaudits
Merry Xmas all
A new security metric?
A VPN for the common man!
GP4.1 - Growth and Fraud - Case #1 - Mutual Funds
Diamond governance
eCash is prior art to Amazon one click?
GP3 - Growth and Fraud - How to Book a Table
OpenPGP supports any Trust Model that you desire!
Sighting of near-extinct beast - the profitable crypto attacker
2005 in review - The Year I lost my Identity
GP2 - Growth and Fraud - Instructing Security at GP
FUDWatch - US Treasury builds up for intervention in Internet Governance?
GP1 - Growth and Fraud - Meet at the Grigg Point
How much will it cost you to lose your customer's data?
The Kula Ring - Nick Szabo on why two counter-rotating circulations
Who v. Who - more on the dilemma of the classical attacker
Browser Manufacturers share anti-phishing tricks - Farce, Soap, and 3 great things
Frank Hecker goes to the Mountain - mapping the structure of the Certificate Authority
Security is failing - more evidence from Sony
After 10 years, a new policy on adding CAs
2 articles on OB - leadership, respect, unstructurelessness
Amazon starts a Task Market
anti-forensics - why do vapourware security tools sell so well?
ACM Interactions - special issue on Security
Musings on IP - one good way for DRM and one bad way?
CFP for iTrust in May 2006
Phishing for News..
Sony v. their customers - who's attacking who?
The Economist on the FATF - a net 'bad'
Breaking Payment Systems and other bog standard essentials
Microsoft scores in anti-phishing!
Security Professionals Advised to Button Lips
What happens when you don't do due diligence...
Penny Payment Systems
The Perfect Phish - all conditions are now in place
Roundup on News
Ben Laurie on Identity
Conferences coming up... and this weekend is Pooool
Developers 'should be liable' for security holes
The Mojo Nation Story - Part 2
eBay migrates to the Payments business
The Mojo Nation Story
It's official - doing due diligence is a criminal offence!
SSL v2 SNAFU
Is technical trading a Schelling point?
Schelling points
Happy World Standards Day
'bonus pater familias'
Journal of Internet Banking and Commerce
On Digital Cash-like Payment Systems
Blaming the Banks won't work
The Tipping Point - How Good Companies Go Bad and Executives Become Rogues
Security Software faces rising barriers
Extra Financial Cryptographic Engineering
Wikicrypto
Microsoft, Office SP2, anti-phishing, security patches, the real situation, and the arms race.
Phishing in Pogo's Swamp
Dave Birch on Payment Tokens
PayPal protected with Trustbar and Petnames
RSA keys - crunchable at 1024?
Spooks' corner: listening to typing, Spycatcher, and talking to Tolkachev
Open Source Insurance, Dumb Things, Shuttle Reliability
IP on IP
SSL v2 Must Die - Notice of Extinction to be issued
KPMG establishes the price of the get-out-of-jail card
The HR Malaise in Britain - 25% of CVs are fiction
How to Build a Secure Credit Card Authoriser - 5 mins biz plan
New Threats on the Airwaves
The Rise and Absorption of Paypal - a lesson for offshore
Microsoft to release 'Phishing Filter'
Application mirroring - In which I strike another blow against the System Programmer's Guild
Buying ID documents
Computer characters mugged in virtual crime spree
Notes on security defences
Notes on today's market for threats
Security Systems that fall in a heap if actually challenged...
SHA1 attack updated at Crypto, US responds by stifling research
WoT in Pictures, p2p lending, mailtapping
Is Security Compatible with Commerciality?
A Small Experiment with Voting - Mana v. Medici
tracking tokens
The Phishing Borg - now absorbing IM, spam, viruses, lawyers, courts and you
FC conference returns to Anguilla
The Favour Economy - Pressed Flowers get Laminated
Disclosure, Victims, and Browsers reveal anti-phishing approaches
Payment news - two classic story endings and a new start
London to issue own money
How to do Hayekian Private Issuance
"Acceptable Risk" - a Euphemism for Selling Fraud?
Cash - so hard to trace, so hard to untrace
Accountancy Firms - too big to fail
Liability for Software - is the end of the Security Industry a bad thing or a good thing?
Fear-commerce, something called Virtualisation, and Identity Doublethink.
George's story - watching my Ameritrade account get phished out in 3 minutes
Learning from Failure
Mozilla drops Open in favour of Smoke Filled Rooms
Definitions, competition-by-regulation, and Justice-by-Press-Release
Ian Grigg - Triple Entry Accounting
Nick Szabo - Scarce Objects
Marc Stiegler - An Introduction to Petname Systems
Advances in Financial Cryptography - Volume Two
Skype - a prince but still covered in warts
Google payment system confirmed - let the trimming of tall poppies begin
US Banks lobby to enter Real Estate - Hubris or an Invitation to end the Franchise?
USA credit system is totally compromised, security-wise
Google to do a payments system?
Hype is free, Common Sense costs Pennies
Miller & Shapiro on Hayek's market - explaining object orientations
A hand of Pennies
Killing for Pennies, and is AOL, the "gateway drug", cause or cure?
New Best Practice for security: Avoid "Best Practices"
Virus-safe Computing - HP Labs article
Identity is an asset. Assets mean theft ... and Trade!
Save Thyself - Russia's WebMoney Payment System (translated)
A shortcut for bootstrapping trust
Software Licensing and the Know-how to Issue
Two Hot Whistleblowers
IFCA's Discussion Maillist for Financial Cryptography
Industrial Espionage using Trojan horses
Loss Expectancy in NPV calculations
America asks "Why us?"
The Crypto Wars are On/Off/On/Off...
ShadowCrew - more advanced than you think
The Suits Own You - FBI hacking wireless LANs
To live in interesting times - open Identity systems
Click-fraud goes to court
Open Publication experiments - FC++ and JIE
$850 million dollar email had Perfect Forward Secrecy
SSL for FC - not such good news
Penny-eating worms, and how crypto should be
Microsoft Rumours Lacking Strong Digital Signature
Advances in Financial Cryptography - "First Issue"
On Secure Knowledge-Based Authentication
Avoiding Liability: An Alternative Route to More Secure Products
Pareto-Secure
FUDWatch - VoIP success attracts the security parasites
Games, P2P and currency ...
Threats are two a penny
Getting Apache to encrypt
Securing with SSL - an experiment
Damaged Pennies
Lies, Uncertainty and Job Interviews
Security as a "Consumer Choice" model or as a sales (SANS) model?
Tracking Reputation - CACert
HCI/security - start with Kerckhoffs' 6 principles
New Machine for FC
Pennies on the CV
PKI News
Dave Birch - the case for RFIDs is cost
Spitzer - securing your data to become a crime?
First Impressions on reading Spence on Signaling
Conferences as Scams
The Twilight Zone
A Penny at a Time
Going Binary, half a bit at a time
GeoTrust says existing PKI practices are worthless
How much is your finger worth?
Big Bad Black Market
Penny Chat
KPMG warned browser manufacturers in 2002
Forbes - The Wages of Sin
Cubicle adds to Security Research on Skype
The Next Corporate Liability Wave?
Lopez v. BoA leads to rising bank FUD, if not clues
Amit Yoran - biggest fubar is 'certification'
Pennygate
JIE - Contracts in Cyberspace
Old tech never dies - fax machines
Odd things going on at ICANN
Nicking folk's identities is easy, says researcher
AIG scandal - when it's ok for a company to commit a crime
Advances in Financial Cryptography
Microsoft to use blinded sigs?
New Password Cracking Threat: Grid + your laptop
Security Signals - Schneier reviews Ciphire email system
Security Signals - Certifications for Experts
IP versus Economics - the Google Trademarks disputes
Euromail - Slate's Eric Weiner asks a question?
Mad March of Disclosures - the post-Choicepoint world
S/MIME - breaching the barrier to sign
A penny here...
Digitally-Signed Mail in e-Commerce - FC05 survey
Overzealous sentencing leads to reduction in security
VCs Suck, but you can still store your data on FreeBSD
(SEC orders that) Mutual Funds Reveal Clients' Data on Web
Mozilla wobbles on the ball of security
A Pennyworth of thoughts
FUDWatch - NYT breathless on wireless terrorism
For a few Pennies more...
Open Governance spotted over at ICANN?
Christopher Allen on the constance of Fear
Open Peer Review
A Fistful of Pennies...
Lessig says 'never again' to copyright demons
Observations on the CA market - Verisign to sell out?
More Pennies
Digital Money Forum - London - this week
How to Break MD5 and Other Hash Functions
What users think about web security
Cryptographers have a Responsibility to Explain Results
Pennies
Identity Theft exists because Identity is Valuable
For download: Draft manuscript on Electronic Money and Privacy
Tegam uses courts to signal bad security
On Quintessenz and the Biometric Consortium
PayPal plus eBay - it's FC, not banking
Airlines Aim for Expense Reduction in Payments (FC != banking)
NSA gets data mined - not the right crowd to steal a payment system from
FC discussion list
What is FC (iv) - The Payment is the Message
FC exile finds home as Caribbean Brit
Short ones...
What is FC (iii) - Start from the Top.
What is FC? (ii) - Debunking the 'Bank' View
Money Matters and the Modern Webcomic
What is Financial Cryptography? - a rant in 4 parts
Is SHA-1 Pareto-secure?
FC - top picks for papers
Bank of America to draw heat from ChoicePoint
Software by the Bootcamp method
Email no longer reliable
Cybercash on Vacation - ruminations on FC
Random phishing news
Microsoft's negative rep leads to startling new security strategy
Choicepoint - 700 identities attacked
Vero - using ATMs to automate cheque cashing
IEEE's Economics of Information Security
Choicepoint - "largest database on earth can't say what happened"
Choicepoint - full blown scandal?
A Blackbird Moment - Microsoft confirms phishing is an attack on the browser
The Goal of Security
New-look passports - The Economist stands before the Identity Juggernaut
Massive data heist at Choicepoint exposes soft underbelly
Idle speculation - I wonder if the NSA knew this all along?
Collision Search Attacks on SHA1 - the Shandong note
Designing Risk Transfer Instruments for Internet Risk
Shandong team attacks SHA-1
Plans for Scams
Disclosure - "no stupid embargos" says Linus
The Weakest Link
Smartphone attacks - a timeline
Full disclosure: for and against
Skype challenges Open Source Security
Passport/Liberty leads to convergance with privacy community
Reg SHO Threshold Securities get Listed in Open Governance site
Top 18 Security Papers - add "the 3 laws of security"
US approves National Identity Card
Social re-engineering
First case of a digital signature repudiation?
Open disclosure - OpenPGP reports minor attack
As the SarbOx screw tightens, the foreigners pack their bags
A hybrid Nym / Centralised Identity?
4 Corners in Identity
1st case against bank for online banking fraud?
Firefox first blood - bug allows any domain to be "owned"
The secret list of ID theft victims
Mozilla nears formal policy on new CAs
Musing on the CA debate: ICANN, NTK, Firefox and the devaluation of Trust (tm)!
VeriSign and Conflicts of Interest
Microsoft back in the currency game - Loyalty Points for using groupware
Blogs on Crypto
Cyota reports "almost 5% have been hooked in phishing"
Schneier reports on DHS committee - hope for Open Governance yet
Security Breach Disclosure is required for the consumer to adjust risk assessment
How Ideas Evolve as a Shared Resource
RFID attacked - to impact Passport Debate
CostaGold case Settles - Leaving Ugly Dilemma for Open Governance Issuers
The Authur Anderson Factor - Riggs Bank
The Coming Collapse of the Dollar
OSGold's bank to be sued - should have used 5PM
Towards an Economic Analysis of Disclosure
Unintended Consequences and the Case of the $100 Superbill
The Green Shoots of Opportunistic Cryptography
DIMACS Workshop on Information Markets
The market punishes bad news, not bad not-news
Poll predicts Instant Messaging to take over
Do security breaches drop the share value?
Thunderbird Gains Phishing Dectection (Too)
FC05 Registration Deadline
BlogShares - fantasy trading in blogs and ideas
The Free Lunch Is Over: A Fundamental Turn Toward Concurrency in Software
Eudora overcomes stupidity to tackle phishing
Electronic Contracting (WEC '05)
The Big Lie - does it apply to 2005's security problems?
Internet 'Phishing' Scams Getting More Devious
Online or Invisible - the case for open publication
T-mobile cracker also hacks Proportionality with Embarrassment
Dr. Ron Paul understands the forces behind identity theft
Schneier joins the DHS-WG - a new attack on open governance?
Security by Obscurity blooper - Cameras caught on Google
Identity Theft: Why Hollywood has to take one for the team.
Skype analysed - Jedi Knights of the Crypto Rebellion, Score 1
The Case Of The Bandwidth Burglar
Accountants list the tech problems, Security and Sarbanes-Oxley take pole positions
Frank Abagnale at CSI - Know me if you can
Chip&Pin liability shifts from UK bank to retailer
Security Signalling - the market for Lemmings
Journal of Internet Banking and Commerce
Happy New Year
Netcraft breaks ranks and points the crooked black claw of doom at the SSL security model
2004 Financial Report of the United States Government - How Big?
The Guru Code - a great technique for something that never happens!
Simple Tips on Computer Security
FC'05 programme - announced
From the "real threats" department: Wanted: Chief Espionage Officer
STORK - strategic roadmap for crypto - New Trends in Cryptology
New job quiz: what's this post mean then?
User education: worse than useless
FC'05 (the conference) posts the programme!
Nyms sighted in authentication software
SkunkWorks that works - The Graphing Calculator Story
Security Coding Best Practices - Java adds yet another little check, and boom...
Mexico flirts with the silver unit - a good base for digital issuance
Email is dying ... Stats from Postini
The One True Number: "9210: the zip code of another IT-soap"
Google Labs Aptitude Test: The Cats are Firmly in Charge
PKI's mission: sell certs or die in the attempt!
2006, and beyond...
Microsoft proceeds with strategic withdrawal
Engineering for Failure
The SEC's NMS: One Price to rule them all, One Price to find them, One Price to bring them all and in the market bind them
Andy Grove: CYA is now the board's main job
2005 - The Year of the Snail
2004 - The Year of the Phish
Economics is isomorphic with risk?
"Amateurs study cryptography; professionals study economics."
SDP1 - Secure Datagram Protocol #1
Burglary that called in its own "burglary in progress..."
DIY fingerprint idea thwarts ID thieves
eBay's Spanish rebellion - have they hit the transactional Brick Wall?
Bank coverups no longer acceptable in retail payment systems
Mini Research Project: Sarbanes Oxley 404 Horror Stories
NY Fed hit by inside saboteur?
Kids' Secret Cells - defeating security by learning
A further challenge to Strong Identity - Nerve Coupled Cooperating Humans
First time a digital signature has been affirmed by court?
Surprise and Shock! Identity smart cards that work on a national level!
Raising awareness in Dispute Resolution
Opportunistic Cryptography is now Acceptable
Al Qaeda's use of cryptography - scant evidence
e-gold to track Cisco extortioner
Using Payment Systems to avoid tax
Halloween and The Candy Economy
Nokia to trial integrated phone/RFID payment system
Encrypt everything...
Check 21 - "What's a check?"
Games being leaked by employees - where's the value?
Online gaming? How about online trading...
Security Signalling - sucking on the lemon
New Tack Wins Prisoner's Dilemma
Austria issues 100,000 Euro coin
Neal Stephenson on Money
Phishing - companies are mostly powerless
The Arab Cryptanalysts
The Coordination Problem
de Soto's _The Mystery of Capital_ afflicted by poor title
The Medici Effect
Great intro to social engineering - "Catch me if you can"
SANS - top 20 solutions confirms no solution for phishing yet!
Know your enemy - Interview with a hacker
Hurricanes reduce Spam
The Uses of Corruption
offshore recovery - now with "local jurisdiction"
Amit Yoran - cybersecurity czar - resigns!
Identity theft - buy a Mac, download Firefox
Microsoft's dilemma - they finally changed the mantra!
The DDOS dilemma - change the mantra
Eavesdropping threats: Listening to chat
WebTrust: "It's about not causing popups..."
To Kill an Avatar
The Node is the Threat
Normal Accident Theory
CPUs are now a duopoly market
Paypal fines arbitrageurs
CPUs going dual core
Financial Cryptography v. The Enterprise
DNS spoofing - spoke too soon?
Sarbanes-Oxley - what the insiders already know
VeriSign's conflict of interest creates new threat
Hayek says "Buy Dinar"
Phishing Kits
Privatising Cash
Paranoia Goes Better With Coke
Using PGP with an USB smartcard token
An Overview of Steganography for the Computer Forensics Examiner
SHA0 is cracked
How much to crack a PIN code entry device?
crypto wars - NSA the victor
Cellphones on aircraft
Kerckhoffs' 6 principles from 1883
DoCoMo releases first 3G mobile wallet phone
FCC votes to tap Internet calls
When is a phish not a phish?
Professional email snooping
e-gold stomps on phishing?
Geeks take Sarbanes-Oxley to task?
The protocol wars
Big Brother Awards
Unix's founding fathers
Eavesdropping III - do customers get badly hurt?
In Search of Eve - the upper boundary on Mallory
Ordinary Threats
Trust and Trustees
Hubristic Cryptography
History of OpenPGP
New Attack on Secure Browsing
Conducting blackmail with private payment systems - Daft!
VeriCola
Jabber does Simple Crypto - Yoo Hoo!
The Ricardian Contract
Security Industry - a question of history
GoldMoney challenges for pole position
Real Time Java is coming...
Putting the chat back into IM
Electronic Money is Traceable Money
Question on the state of the security industry
Peppercoin - credit card facilitations
Proceedings of 1st Annual BuggyWhip Conference
The Legacy of ASCII
P2P's Tragedy of the Commons
Taxing Issuers
Micropayments, Nanoprofits, Macrolosses
Forging the Euro
Independent Chairmen
Phishing II - Front Page News
Phishing I - Penny Black leads to Billion Dollar Loss
Semblance of order amid the chaos
DTCC accused of counterfeiting shares
FBI asks US Congress to repeal laws of physics
U.S. banks fail to attract immigrant remittance business
Not news - AV producers slip as Microsoft "competes"
Phishing an epidemic, Browsers still snoozing
WYTM - who are you?
Big and Brotherly
Compliance Persons Of The Year
New public DRM technique from the Central Banks
Trust Cannot be Outsourced
Turing Lecture by Adi Shamir
Identity Theft - the American Disease
The Myth of Systemic Risk
Paypal moves further away from money
Peter Coffee on how to lose a security debate
FC05 - Dominica - March 2005
Mutual Funds - Timestamping
Mutual Funds - the Softball Option
EU seeks quantum cryptography response to Echelon
US intelligence exposed as student decodes Iraq memo
SSL secure browsing - attack tree Mindmap
Open Governance Mindmap
Ross Anderson's "Economics and Security Resource Page"
EC opens ears on e-money directive
Sassy Teenager Stars in Virus Soap
Secret Ballot Receipts and Transparent Integrity
"How is a capability different to an object?"
Cost of Phishing - Case in Texas
Bufflets
Neu5PM
Definition of Capabilities
QC - another hype cycle
Rates II - Mortgages and Musical Chairs
Rates I - US moves to raise rates
Tumbleweed casts CA-signed cert lure
DPA patents
Comdot from Beepcard
El Qaeda substitution ciphers
LD3 - At the Breakfast Table
LD2 - Liberty Bimetallism
LD1 - Inflation Proof Currency Set to Double
Sharing Files is still a "Hard App"
Spammers have stats?
AES now rated to "Top Secret"
"The Ricardian Contract"
When Play Money Becomes Real
Playing Favorites
Security Modelling
The Future of Phishing
cybersecurity FUD
Media shift - Cellphones go soapie
The Dollar on the Move
Biggest scandal is only starting...
Dr. Self-signed or How CAs Learned to Stop Worrying and Love the Cert
Spammer's Porsche up for grabs
CA policy news
Reinventing Contract
The Digital Silk Road
Online Gambling Payments - Looking for a Home?
"Micropayments for Peer-to-Peer Systems"
Terror network was tracked by cellphone chips
Centralised Insecurity
U.S. info-sharing program draws fire
Standardising accounts
Backing - Defined
NeuClear - new wiki site
Civilian lists films as IPOs
Fannie Mae no longer backed by the G-Man?
Nigerian scammers now using the Queen's English
How Predictive are Idea Markets?
PayPal Probed for Anti-Fraud Efforts
PayPal Probed for Anti-Fraud Efforts
G30 - Accounting not to blame?
Anti-Phishing WG
Phishing - and now the "solutions providers"
Cash no longer free?
RFIDs in US notes?
Heavy Films
Browser Threat Model
SSLBar + Fingerprints = GoogleCA
p2p crypto VoIP - Skype
BSD - the world's safest OS
Candid ATM Camera
XML Voucher
DRM is FBI's 3rd highest priority?
Are debit cards safe?
From Bretton Woods to GW-II
Soft Dollars under attack
OPEC Has Already Turned to the Euro
Book-Entry Securities
PayPal acquires eMoney Licence
The Ricardian Contract
Crash-only Software
Workshop on Sensitive Data
GoldMoney hits the Tonne
CAcert debate leads rethink for SSL certs
e-gold targeted by worm
Stock Trading Attacks
FC 2004
Rock and Roll
Paysec 2004
Using Software to Sniff Out Fraud
Mutual Funds and Financial Flaws
Financial Derivative Contracts
Where the money is - Europe
CodeCon 2004
Measuring Fraud in DGCs
Adult Website Prepaid Cards
Cheap Hardware Tokens
A (US) Law Dictionary
Adobe Helped Gov't Fight Counterfeiting
The Web's New Currency
The Fraud of Insider-Trading Law
1st ever eMoney Licence?
Dutch Retail Payments
The Payments System in Transition
[Enhyper Knowledgebase] News for 30-Dec-2003
Repudiating non-repudiation
Six Degrees of Kevin Bacon
Microfinance Impact Assessments
NeuClear in the 7 Layer model of Financial Cryptography
FC04 - accepted papers
Keeping Secrets - Crypto gets a Demand-side Boost
RFIDs enter the payments field
NASDAQ Practices Their Vectoring of Systemic Risk
Fighting the worms of mass destruction
What is Pseudonymity?
Workshop on Electronic Contracting
Governance or Regulation - You Pick?
ARMISTICE: Real-time Distributed Risk Management
The First IEEE International Workshop on Electronic Contracting (WEC)
Scaling up Micro Financial Services: An Overview of Challenges and Opportunities
High Frequency Data - an Essential Resource
The Good, The Bad, and the Ugly
Principles and Practices of Microfinance Governance
Infinite Bandwidth
War Against the Dollar, the Pillar of United States Power
Economists explore betting markets as prediction tools
Breaching those Barriers to Entry
[Mises] Carl Menger: The Nature of Value
The Value of Issuance
On The Resolution of Disputes
Getting Out in Front of Financial Privacy
Coin Sets
Making microfinance work in the Middle East and Africa
Using SMS Challenge/Response to Secure Web Sites
The Origin of Money and its Value
Nobody ever got Fired for Buying Microsoft!
Peppercoin lacks spice
The Contract is the Keystone of Issuance
The Insecurity of FC
Auction Types
Events Circuit
Say hello to success
FC Blogged