Matrix of 4 Types of Identity
Financial exclusion and systemic vulnerability are the risks of cashlessness
PKI certs are a joke, edition 2943
4 Types of Identity
None of us love terrorists
How does the theory of terrorism stack up against AML? Badly - finally a case in Kenya: Dusit
Gresham's Law thesis is back - Malware bid to oust honest miners in Monero
ID Dox - now it's getting personal - Andreas spoofed
AES was worth $250 billion dollars
Market for Scans
Financial Cryptography and Data Security 2019
Zooko buys Groceries...
Shocking trade in stolen UK passports (really??)
FCA on Crypto: Just say no.
How Refugees are reducing the cost of processing refugees - for around $2000
Epidemic of cryptojacking can be traced to escaped NSA superweapon
Tesla’s cloud was used by hackers to mine cryptocurrency
when we teach everyone to trust ID documents...
Hackers selling access to Aadhar
Over 1.65 Million Computers Infected With Cryptocurrency Miners in 2017 So Far
Syrian Passports in hands of ISIS
FC2008 - 26th-Feb -- 2nd-March - Curaçao
EOS - An Introduction
SegWit and the dispersal of the transaction
9 years after the crisis - British bankers charged with fraud!
Identifying as an artist - using artistic tools to generate your photo for your ID
4th ed. Electronic Evidence now available
On a Principled Approach to Blockchain Governance - 7 Requirements
Oh no, not another bloody Satoshi sighting...
Robin Hood Talk - Identity - Who am I?
Today I’m trying to solve my messaging problem...
SHA1 collision attack - FINALLY after TWELVE years
N Reasons why Searching Electronic Devices makes Everyone Unsafe.
Smart Contracts and Smart Questions - does a submarine have a blowhole?
Fake US embassy provides full service
Corda Day - a new force
Electronic Signatures in Law - for Free!
Senegal to use eCurrencyMint for digital cash
Monetising the dispute
Bitfinex - Wolves and a sheep voting on what's for dinner
CfP FC 2017 - 3-7 April 2017 Malta
Corda: An Introduction (paper)
Ricardian Contracts in the media!
IP concerns over Ricardian contracts
Ethereum is one step away from creating a workable smart contracting community
Where is the Contract? - a short history of the contract in Financial Cryptography systems
Satoshi is dead - long live Satoshi - team leader comes out
OODA loop of breach patching - Adobe
Elinor Ostrom's 8 Principles for Managing A Commmons
FC2016 Barbados
the Satoshi effect - Bitcoin paper success against the academic review system
Ledger - a journal for cryptocurrency papers
FC wordcloud
When the security community eats its own...
Iceland puts more bankers in jail... what's your solution to the financial crisis?
Ledger: Call for Papers
FC2016 Barbados - call for papers
The Great Bitcoin Fork - heartbleed or bleeding hearts?
Fake Ids - comprehensive prices
The Nakamoto Signature
Cash seizure is a thing - maybe this picture will convince you
Issuance of assets, Genesis of transactions, contracting for swaps - all the same stuff
and Boom! The PetroYuan, or the end of dollar hegemony in a sign even they can understand...
Equity Crowd Funding - why it will change everything
Coase's Blockchain - the first half block - Vinay Gupta explains triple entry
A Beautiful Mind - John Nash 1928-2015
NASDAQ on the blockchain - why?
Using CommonAccord to build "First Class Persons"
Proof of Work is now being put to work - toasters!
The Sum of All Chains - Let's Converge!
Yanis Varoufakis proposes Greek tax receipts in Ricardian Contracts on a blockchain
Training Day 2: starring Bridges & Force
Smart contracts are a centralising force - exactly the opposite effect to the one you hoped for?
I'm so stupid - The market for aid is a Spence insufficient information market
Finally, someone is facing up to the critical problem of our age: Starfighter
Auditors grow a pair - Heta Bank to be wound up after external audit found a hole
The FATF and the War on the Poor: 0.2% effective against Money Launderers, 300% more effective against the poor than aid?
Google's bebapay to close down, Safaricom shows them how to do it
On the intersection of Ricardian and Smart Contracts
News that's news: Kenya's M-Kopa Solar Closes $12.45m
Hitler v. modern western state of the art transit payment systems: Hitler 1, rich white boys 0.
Scott on blockchains -- could these fussy smartcontracts change anything?
Gendal on blockchains -- what's the fuss? Could the blockchain change accounting?
Audit: when the Economist finally opens up the debate on the silent fraud of the century
OneRNG -- open source design for your random numbers
MITM watch - sitting in an English pub, get MITM'd
MITM watch - patching binaries at Tor exit nodes
Banking - licensed to cheat! And whether you'll get away with it.
Bitcoin and the Byzantine Generals Problem -- a Crusade is needed? A Revolution?
HR is broken - the recruiter honeypot
Alex explains ZIRP -- why 7 years of easy central bank money didn't go far
On googly questions -- the Dunning-Kruger effect
America's other financial crisis - student debt
In the Shadow of Central Banking
More on Useful Proof of Work
Proof of Work made useful -- auctioning off the calculation capacity is just another smart contract
On how to interface to regulation and law: follow Michael Jackson of Skype's advice
Heartbleed v Ethereum v Tezos: has the Open Source model utterly failed to secure the world's infrastructure? Or is there a missing trick here?
on trust, Trust, trusted, trustworthy and other words of power
How Central Banking magnifies the Crisis and ensures Depression
Casebook for a disaster: google's BebaPay and why it is wrong, wrong, wrong
Clinkle crinkle CLUNK
The end of Central Banking -- Germany moves on bail-in
FC2015 - Call for Papers
Signalling and MayDay PAC
Certicom fingered in conspiracy to insert back door in standards -- DUAL_EC patents!
Reset the Net. Don't ask for your privacy. Take it back.
Why triple-entry is interesting: when accounting is the weapon of choice
How much damage does one hacker do? FBI provides some estimates.
How to make scientifically verifiable randomness to generate EC curves -- the Hamlet variation on CAcert's root ceremony
BADA55 or 5ADA55 -- we can verifiably create random numbers
(B) The Business Choice of making a Business Investment in Bitcoin (part B of ABC)
No Accounting Skills? No Moral Reckoning
A triple-entry explanation for a minimum viable Blockchain
How many SSL MITMs are there? Here's a number: 0.2% !!!
(C) The ABC of Making the Bitcoin Investment Decision - part C first - Currency, buy the Coin!
podcasts on pre-Bitcoin from Bitcoin UK
Code as if everyone is the thief.
Shots over the bow -- Haiti joins with USA to open up payments for the people
A very fast history of cryptocurrencies BBTC -- before Bitcoin
The evil of cryptographic choice (2) -- how your Ps and Qs were mined by the NSA
The IETF's Security Area post-NSA - what is the systemic problem?
NSA caught again -- deliberate weakening of TLS revealed!?
Identity is the New Money -- new book from Dave Birch
Update on password management -- how to choose good ones
How Bitcoin just made a bid to join the mainstream -- the choice of SSL PKI may be strategic rather than tactical
Eat this, Bitcoin -- Ricardo now has cloud!
How MtGox Failed the Five Parties Governance Test
Why Dispute Resolution is hard -- but not so elusive as to escape solutions
If you only read one thing this weekend, read about the Vampire Squid
Bitcoin Verification Latency -- MtGox hit by market timing attack, squeezed between the water of impatience and the rock of transactional atomicity
Digital Evidence journal is now open source!
US State Department rolled, as NSA slides further off-mission. Shoulda used a BlackPhone :D
The financial rot just keeps getting worse -- FX is FuXed, the Old Lady's in on the FiX, and the fight against the devil volatility goes on?
FC++ -- Bitcoin Verification Latency -- The Achilles Heel for Time Sensitive Transactions
Hard Truths about the Hard Business of finding Hard Random Numbers
Who invented the shared repository idea: Bitcoin, Boyle, and history
Digital Currencies get their mojo back: the Ripple protocol
The Shamir-Grigg-Gutmann challenge -- DJB's counterexamples
MITMs conducted by the NSA - 50% success rate
The Ka-Ping challenge -- so you think you can spot a bug?
MITB defences of dual channel -- the end of a good run?
We are all Satoshi Nakamoto
Dan Bernstein rises to the Shamir-Grigg-Gutmann challenge: show me the money!
DJB on 'algorithm agility' -- it sucks
The NSA's golden age of SIGINT: declare war on commercial crypto
Bitcoin and how to integrate it into society
Bitcoin news -- malware, bots, raids, all as predicted, oh my!
The NSA will shape the worldwide commercial cryptography market to make it more tractable to...
NSA v. the geeks v. google -- a picture is worth a thousand cribs
Why the NSA loves the one-security-model HTTPS fanaticism of the Internet
Confirmed: the US DoJ will not put the bankers in jail, no matter how deep the fraud
NIST should publish Suite A
The evil of cryptographic choice -- how defaults destroy the security equation
Measuring the corruption that is audit -- experimental data
The NSA's breach of RSA Inc's crypto: what to do? Where do we stand? My Answer: avoid American crypto
The Anatomy of an NSA intervention -- NIST & RSA fingered as breached
Research on Trust -- the numbers matter
The OODA thought cycle of the security world is around a decade -- Silent Circle releases a Secure Chat that deletes messages
google's oddball questions (3) How to break out of the worst of HR's best practices (part 3 of 3 part rant)
The NSA is lying again -- how STOOPID are we?
I’m Still Waiting for My Phone to Become My Wallet
The failure of cyber defence - the mindset is against it
FC2014 in Barbados 3-7 March
Why I am a fan of Alan Greenspan, still.
Did Alan Greenspan blow the bubble that blew up the world?
2 ways out of crushing debt
On casting the first cyber-stone, USA declares cyberwar. Everyone loses.
PRISM Confirmed: major US providers grant direct, live access to the NSA and FBI
All Your Skype Are Belong To Us
What makes financial cryptography the absolutely most fun field to be in?
Extraordinary revelations of British Banks, Bad Behaviour, Fraud, FSA un-regulation, and more!
MayDay! MayDay! British Banking Launches new crisis of titanic proportions...
LBMA, Swiss National Bank are now seizing client gold?
On banks dumping ties to dodgy corrupt practices...
Can you think out of the blender? and other oddball questions (Part 2)
A Bitcoin for your thoughts... (may regulators live in interesting times)
NATO opines on cyber-attacks -- Stuxnet was an act of force
After a decade of bad banking, finally some Good News: Cyprus forced to shut down a bad bank!
How much for an island in the sun, Mr Putin?
Bank Holiday in Cyprus
Cyprus deposit holders to take a 7-10% loss -- perversely this the right Cure, and it may Kill the Patient
It all started as a noble idea - Identity Cards in Uganda
How to use PGP to verify that an email is authentic
google leads the world in ... oddball interview questions... ?!? (part 1 in a rant on searching for your HR mission)
H4.4 - No Committees! (sorry, too late for OAuth)
Deviant Identity - Facebook and the One True Account
We need banks to fail. What other language speaks?
Women make us smarter?
The Great Data Privacy Battle of the 2010s
Yet another CA snafu
Why Central Banking will fail in the next N years -- and how Central Bankers might prepare us for it.
Broadly Technical at Mobile Payments Startup (while musing on the impossibility of the reliable social network)
Auditors sued - the jig may be up on the false reliance game
Time for another One True Crypto Suite ?
Facebook goes HTTPS-always - victory after a long hard decade
Some One Thing you know, you have, you are
More STOP PRESS: A Ratings Agency has been brought to task!
Price Discovery is Hard.
Finally, the media gets it: The cyber-jihad that the NSA bought to hometown America
Planet SSL: mostly harmless
It's now official - Central Banks are not working to save the economy
More surreal events in the Crypto Cold War - the BitCoin blockade of Iran
SHA3 announced by NIST: KECCAK (pronounced Catch-Ack in English)
STOP PRESS! An Auditor has been brought to task for a failed bank!
Gold and Tungsten - a fearful mix
Four Planks to support the next evolution in secure browsing
Use another browser - Kaspersky follows suit
¡Olé! Privacy Between a pair of star-crossed lovers
Auditors All Fall Down; PFGBest and MF Global Frauds Reveal Weak Watchdogs
Another "official" result: USA+Israel unilaterally launched cyberwar against Iran
Banks will take responsibility for online fraud
The Equity Debate
Emerging subtle requirements: pretending to be Skype
DSD launches Cyber Warfare - on my machine...
What's the takeaway on Audit?
Does this work? Signing with your face & thumb. The answer is ...
More context on why context undermines threat modelling...
Fans of Threat Modelling reach for their guns ... but can they afford the bullets?
Paypal go back to their roots - Paypal Here Again
Measuring the OODA loop of security thinking -- Can you say - firewalls & SSL?
Trust me, I'm a banker - how do Alice and Bob trade in a trust-failed world?
Google thought about issuing a currency
Serious about user security? Plonk down a million in prizes....
Signatures on fax & email - if you did not intend to be bound, why did you bother to write it?
FC++: Bitcoin & Gresham's Law - the economic inevitability of Collapse
one week later - chewing on the last morsel of Trust in the PKI business
The Convergence of PKI
PKI and SSL - the jaws of trust snap shut
Why did VISA pull the plug and leave the "little people" high and dry?
Why Threat Modelling fails in practice
the emerging market for corporate issuance of money
for bright times for CISOs ... turn on the light!
Why we got GFC-2
Causes of GFC-1 - the death of the partner
the five parties model, and SPDR GLD invites users to play spot-your-gold-bar
Why (my, all) financial systems fail -- information complexity
Two-channel breached: a milestone in threat evaluation, and a floor on monetary value
Audit redux.2 - and what happened to the missing MF Global client funds?
Audit redux - KPMG reveals... FRAUD? You be the Jury!
Advanced Persistent Threat (APT) - why did we resist so long?
Mexico sends the war into Texas, but it's too late to call out the National Guard
Confidence in banking: the €500 supernote, or, we're all money launderers now
Measuring Cyberfraud, the fall rate of sky, and other metrics from the market for Silver Bullets
_Currency Wars_
Phishing doesn't really happen? It's too small to measure?
HTTPS everywhere: Google, we salute you!
next-gen Stuxnet targets SCADA companies for intelligence
Liability & disclosure - the end of an era is in sight?
Founders of SSL call game over?
Global Jobbing
How Liability is going to kill what little is left of Internet security…
Regulating the future financial system - the double-entry headache needs a triple-entry aspirin
A tale of phishers, CAs, vendors and losers: I've come to eat your babies!
ZRTP and the H3 experience
BitCoin - the bad news
Is BitCoin a triple entry system?
Bitcoin and tulip bulbs
1st round in Internet Account Fraud World Cup: Customer 0, Bank 1, Attacker 300,000
RSA Pawned - Black Queen runs amoc behind US lines of defence
Declaration of Cyberwar - emerging hype cycle or growing nightmare?
#1 Censored Story - Dropping the Dollar
Gold can only be bought with cash. Please Select!
Lords: Auditors guilty of 'dereliction of duty'
Hold the press! Corporates say that SSL is too slow to be used all the time?
Why The New Guy Can’t Code
"Members of the media are not included."
Did you read your adverse Audit Review?
If data breaches are feared more than hackers, what is the perverse result?
Revising Top Tip #2 - Use another browser!
more on HTTPS everywhere -- US Senator writes to websites?!
Zuckerberg urged to go social... by hacking the lending space?
The Zippo Lighter theory of the financial crisis (or, who do we want to blame?)
Ernst & Young called to account -- should Audit firms be investigated for their role in the crisis?
"Compound threats" to appear in 2011 ?
Threatwatch: taking money & code from "interested parties" (OpenBSD + FBI = backdoors)
Mervyn King calls us to the Old Lady's deathbed?
Teaching p2p? You betcha!
A small amount of Evidence. (In which, the end of banking and the rise of markets is suggested.)
What caused the financial crisis. (Laying bare the end of banking.)
What banking is. (Essential for predicting the end of finance as we know it.)
The Great Cyberheist
NSA loses the crown jewels, or, Law of Unintended Consequences meets Flights of Brittleness
I am Spartacus! and other dramatic "Identity" scripts
VeriSign takes the "Trust" out of "SSL certificates"
perception versus action, when should Apple act?
Apple's Mac moment of truth arriving? Or just the silver bullet salesman?
Skype -- the mobile leader?!
philosophical question about strengths and attacks at impossible levels
Cryptographic Numerology - our number is up
62 Million Contracts are now no longer perfectable. Blame me?
Feel the dark side of Intellectual Property Rights. You know you want to....
Crypto-plumbers versus the Men in Black, round 16.
The Facebook model succeeds. Next steps: copying, responding, losing.
Internet Intellectuals, Media Security Reporting, and other explorations in the market for silver bullets
threatwatch: 1st signs of attacks on certificates?
Security Planning - who watches the watchers?
In Santayana's market for alternative money, the future is within the Firm!
UN convention on Electronic Transactions: knowns and unknowns
profound misunderstandability in your employee's psyche
Innovation: a word, a dream or a nightmare?
What would the auditor say to this?
memes in infosec IV - turn off HTTP, a small step towards "only one mode"
Niall Ferguson - Empires on the Edge of Chaos
Apple to do payments?
Turning the Honeypot
I Love Gold
memes in infosec III - Perimiter defences against the unknown, invisible, unmeasurable...
memes in infosec II - War! Infosec is WAR!
Hacking the Apple, when where how... and whether we care why?
Are we spending too little on security? Or are we spending too much??
Beyond Architecture: the City Planner of today's high-density Information Business
memes in infosec I - Eve and Mallory are missing, presumed dead
The difference between 0 breaches and 0+delta breaches
Perspectives: the difference between the 1990s money guys and the 2000s p2p guys
NewGenDosh: Flattr
Kickstarter and task markets
gold coin under the hammer
new attacks on AES
The Baby Back Ribbed Theory of Architecture
questioning infosec -- don't buy into professionalism, certifications, and other silver bullets
blasts from the past - Verisign sells its CA division?
blasts from the past -- old predictions come true
advertising fake passports and other puzzles?
Why Open + Internet + Brand can changes the Governance map for CAs
SAP recovers a secret for keeping data safer than the standard relational database
The Python and the Mongoose: it helps if you know the rules of engagement
When the Python meets the Mongoose ... the SEC and programming Asset Backed Securities
Ruminations on the State of the Security Nation
Pushing the CA into taking responsibility for the MITM
Why the browsers must change their old SSL security (?) model
Ernst & Young staring down the barrel that shot Arthur Andersen
US officials move to infect Populace with 5T00P.1D virus -- google, bombs, Mozilla, oil & barrels of stupidity
The cost of playing red-footed football for European top-league clubs
EV's green cert is breached (of course) (SNAFU)
the most magical question of all -- why are so many bright people fooling themselves about the science in information security?
load up on Steel, and shoot it out! PCI and the market for silver bullets
news v. not-news, the great phone-payments debate rumbles on
pushback against the external auditor (if they can do it, so can you!)
a new way of auditing (A-VII-i)
Audits VII: the future of the Audit is in your hands
Bowles case is more evidence: Britain takes another step to a hollowed-out state
H4.3 - Simplicity is Inversely Proportional to the Number of Designers
Phishing numbers
Unix turns 40 -- the patience of Sun Tzu
Breaches not as disclosed as much as we had hoped
Google and Finance 2.0? Nope, sorry. They lack the competency of demythicalisation.
Timeline for an SSL protocol breach -- what's the size of your OODA loop?
FC: better than freedom?
my War On SQL
The War on Drugs moves to endgame: the War on US Americans
Gold bullion market set to implode?
Councils engaged in "War on Rubbish Days" to thank the FATF for new seizure powers..
Audits VI: the wheel spins. Until?
Microsoft: the new IBM?
"PINs, ATMs and liability" (London)
Denial of Service is the greatest bug of most security systems
The new coin of the NSA is also the new coin of the economy
The Elliot Wave has arrived at stage 5, so it's all over for the dollar!
Chip & pin fallacies
taking phishing to the next level
Hard(er) data on the big shift for the dollar
How the FATF brought down modern civilisation and sent us all to retire in Mexico
Washington DC discovers new economic force: the World
Man-in-the-Browser goes to court
Where does anyone (young) want to go, today?
Where does the accounting profession want to go, today?
TOdd on Audits V: why oh why?
Talks I'd kill to attend....
OSS on how to run a business
Audits V: Why did this happen to us ;-(
40 years on, packets still echo on, and we're still dropping the auth-shuns
Hide & seek in the terrorist battle
What-the-heck happened to AES-256?
Numbers: CAPTCHAs and Suicide Bombers
How to avoid Yesterday's Unknowns - Algorithm Agility in Protocols
Robert Garigue and Charlemagne as a model of infosec
trouble in PKI land
Goldman Sachs caught with their pants down?
Audits IV - How many rotten apples will spoil the barrel?
Webmoney's start in the 1998 crisis
alternative monies for peace?
China regulates virtual money
Cost of your PC
Bullion and Bandits: The Rise and Fall of Another Visionary
another implausible reason to steal from iTunes?
Auditor(s) to be held to account? - CardSystems and Savvis
Have the accountants sold out?
The Inverted Pyramid of Identity
How to succeed in Security
The Exquisite Torture of Best Practices
Are the "brightest minds in finance" finally onto something?
Conficker chooses Rivest!
... and then granny loses her house!
We don't fear no black swan!
Identity & Privacy (conference) 14-15 May
Audits III: we don't know enough even to know what we don't know
The mystery of Ireland's worst driver
on H5: how to inject security into the SQL database
The 20th Century of Central Banking is over.
H5: Security Begins at the Application and Ends at the Mind
Rumour: NSA offering 'billions' for Skype eavesdrop solution
this one's significant: 49 cities in 30 minutes!
Audits II: Two more scary words: Sarbanes-Oxley
The un-internalised cost of your data breach
"No, you don't understand sheep"
Risk is business: why mathematical models will not analyse security
Brit Frauds, the Bezzle, and Signs of Rebellion in Heartland
Canonical Hashes over video? Be skeptical.
WoW crosses GP: get rich quick in World of Warcraft
Audits I: A Word on the Limits -- Madoff
We may have risk, but _banking is risk_
BarCampBank - informal finance rantathon in London
the Business of Risk Management in Security -- a Response
Skype: the gloss is losing its shine
Royal Bank of Scotland Falls 66% in One Day!
Selgin on the subtle competition between "official" and "alternative" currencies
Microsoft: Phishing losses greatly over-estimated
Getting the business into security, or is it...
What's missing in security: business
Fc'09 Barbados 23-26 February
Ecuador's default: how to tame the angry Rafael Correa
identity theft numbers (odd source, unusual targets)
Happy 3653rd transacting day to WebMoney!
an infinite number of maths students...
Security is a subset of Reliability
Unwinding secrecy -- how to do it?
Who would judge a contest for voting machines?
Unwinding secrecy -- busting the covert attack
Unwinding secrecy -- how far?
A voting design competition?
What happened in security over the last 10 years?
Browser Security UI: the horns of the dilemma
Clickjacking -- the new browser wipe-out
another quiet week in finance
Why hasn't eBay tanked?
Success has many fathers, but failure has the US taxpayer
Builders v. Breakers
Macs for security (now, with new improved NSA hardening tips!)
reliance on security claims: what can go wrong?
US passports in 36 lots?
WSJ finds someone to blame.... be skeptical, and tell the WSJ to grow up.
The Mess: looking for someone to blame?
When risks go south: FM&FM to be nationalized
Yet more evidence: your CISO needs an MBA
Discovery, the bright new sword of the digital judiciary!
Should a security professional have a legal background?
Another gold issuer finds himself temporarily unavailable ...
Silver bullets, silver homers
When rogue system administrators lock out Managers
Osama bin Laden gets a cosmetic makevover in his British Vanity Passport
_Electronic Signatures in Law_, Stephen Mason, 2007
Monetary affairs on free reign, but the horse has Boulton'd
Blank UK passports in bulk
E-gold founders to plead guilty?
Lewis Carroll on the mischief of signing
SEC bans illegal activity then permits it...
The Definition and Function of the Signature (drawn from Mason 2007)
SEC starts to investigate Bear Stearns. Or does it?
Mystified by subprime? ask the Telegraph...
Why do Banks lend poorly in the sub-prime market? Because they are not in Banking!
The sorry tale of the US Dollar's long downwards spiral -- how did this happen?
wheretofore Vista? Microsoft moves to deal with the end of the Windows franchise
DNS rebinding attack/patch: the germination of professional security cooperation?
Digital Evidence: Musing on the rocky path to wisdom
German court finds Bank responsible for malwared PC
Cross-border Notarisations and Digital Signatures
H4.2 -- Usability Determines the Number of Users
Why is is this blog secure? Because there is only one mode, and it is secure!
updating Top Tips for your security -- keep the Mac, Firefox 3, add NoScript?
Digital Evidence -- 26-27 June, London
Historical copy of PGP 5.0i for sale -- reminder of the war we lost
Digital Signing: new category for FC
Selling Security using Prospect Theory. Or not.
Hypothesis #4 -- The First Requirement of Security is Usability
Negroponte's judo flip on the PC industry
The Dutch show us how to make money: Peace and Cash Foundation
TLS/httpd finally to be fixed for general purpose website security
BarCampBankLondon: alternative finance workshop
Technologists on signatures: looking in the wrong place
Case Study 2: OpenSSL's patched-out randomness
Firefox 3 and the new "make a security exception" (+ 1 bug)
Information Security enters deadly embrace with Social Networking
Case study in risk management: Debian's patch to OpenSSL
Monetary Ontology
Phishing faceoff - Firefox 3 v. the market for your account
What makes a Security Project?
The Italian Job: highlights the gap between indirect and direct damage
H2.2 KISS -- Keep the Interface Stupidly Simple
USD reserve currency shift -- some numbers
Paypal -- Practical Approaches to Phishing -- open white paper
VCs have a self-destruction gene, let's tweak it
The Medium is the Message: what is the message of security today?
Fair Disclosure via blogs? Anyone listening to Pow, Splat, Blech?
The illusion of Urban Legends - the Dutch Revolving Bicycle Cycle
2 views on the RSA security conference: a war of signals?
Browser news: Fake subpoenas, the OODA waltz, and baby steps on the client side
On the search for the perfect Identity Biometric: scratch Iris
Proving that you know something about security...
Signs of Liability: 'Zero Day Threat' blames IT and Security industry
another way to track their citizens
An idea for opportunistic public key exchange
Pogo reports: big(gest) bank breach was covered up?
S/MIME: we don't need more reasons why it failed...
Liability for breaches: do we need new laws?
World's biggest PKI goes open source: DogTag is released
Trojan with Everything, To Go!
Format Wars: XML v. JSON
The Trouble with Threat Modelling
Is "National Security" a market for silver bullets?
Microsoft acquires Stefan Brands (patents and friends)
Economics not repealed, just slow: Paypal blames Browsers for Phishing
Attack on Brit retail payments -- some takeways
Principle of Redundancy
Say it ain't so? MITM protection on SSH shows its paces...
What is Apple doing with the iPhone?
FC2008 -- report by Dani Nagy
H2.1 Protocols Divide Naturally Into Two Parts
on Revocation of Signing Certs and Public Key Signing itself
How does the smart telco deal with the bounty in its hands?
Chip&PIN cards: 1 in 5 cloned?
SocGen - the FC solution, the core failure, and some short term hacks...
middle banking in a english muddle
Rumours of Skype + SSL breaches: same old story (MITB)
When the SLippery SLope beckons
Break the rules of governance and lose 4.9 billion...
How to improve the Standards Process: the Prisoner's Dilemma
#4.2 Simplicity is Inversely Proportional to the Number of Designers
What good are standards?
UK data breach counts another coup!
Why Security Modelling doesn't work -- the OODA loop of today's battle
2008 -- The Year of the Raven!
2007: year in review...
MITM spotted in Tor
CFP -- WEIS -- papers by 1st March 2008
How to crack RSA
Oddly good news week: Google announces a Caps library for Javascript
H1: OpenPGP becomes RFC4880. Consider Hypothesis #1: The One True Cipher Suite
Entire UK security industry is sent to Pogo's Swamp
Zopa and Listed Loans
My fake passports and me
Your online Identity supplier
Where the US Congress is going on virtual regulation
Storm Worm signals major new shift: a Sophisticated Enemy
Arbitration -- a community tool or a weapon?
Snake oil is snake oil?
Prepaid cards: offering the ECB a deal it cannot refuse
If Insurance is the Answer to Identity, what's the Question?
Threatwatch - more data on cost of your identity
The Failure of the Academic Contribution to Security Science
How S/MIME could suck slightly less with a simple GETSMIME
Identity news: Identity Forum, November 07 open for business, Second Life identifies with its users
Why are analyses of cash v. debit card so fundamentally flawed?
On the downside of the MBA-equiped CSO...
Threatwatch: US-SSNs melt for $50 in MacArthur Park
Open Governance - Vini Vidi Vici (Second Life, BAWAG)
Learning from Iraq and Failure
Threatwatch: Numbers on phishing, who's to blame, the unbearable loneliness of 4%
DNS Rebinding, and the drumroll of SHAME for MICROSOFT and APACHE
Skype on the test of a utility
SEPA meets Money 3.0 -- a trainwreck?
FUDWatch: NSA's shift to ECC, IESG lowers boom on cryptostrength, John Young on Fud versus Fud
The fundamental _barrier to entry_ in the business of payment systems
Susan Landau on threats to the USA: don't forget Pogo
The Uneasy Ride on the Cryptography Bandwaggon
Mozilla gets proactive about browser security?
Shock of new Security Advice: "Consider a Mac!"
Verisign reminder of what data security really means
WebMoney does a gold unit
Microsoft asserts itself as an uber-CA
Security can only be message-based?
Doom and Gloom spreads, security revisionism suggests "H6.5: Be an adept!"
National insecurity - all your packets are belong to US
more on firing your MBA-less CSO
Know Your Enemy: Scott McNealy on security theater
If your CSO lacks an MBA, fire one of you
Threatwatch: how much to MITM, how quickly, how much lost
ROI: security people counting with fingers?
Breaching a telco, completely -- an exercise in breaches
Metricon 2.0 -- Boston, 7.Aug.2007 -- talks announced
CFP -- FC07 -- papers by 25th September
"Trusted-Hardcopy" -- more experiments with digitising paper and signatures
SWIFT breach -- class action suit, can we rely on government for privacy of financial data?
What is the DRM problem?
Identity resurges as a debate topic
PKI moving to adopt the plugin model -- realignment to security based on user-needs?
No such thing as provable security?
Choose your hatchet: when governance models collide
When to bolt on the security afterwards...
Is this Risk Management's Waterloo?
The Myth of the Superuser, and other frauds by the security community
And now the phoney war on cash (a.k.a., give us another subsidy, ma!)
K6 again, again and again. Therefore, H6.4 -- Compromise on Security before Delivery
US government seizes the gold in frozen acounts
H6.3 and the clash of worlds -- IESG v. iPods --- Security for the throwaway generation
Leadership, the very definition of fraud, and the court of security ideas
Solution to phishing -- an idea who's time has come?
H6.2 Most Standardised Security Protocols are Too Heavy
Threatwatch: Still searching for the economic MITM
WSJ: Soft evidence on a crypto-related breach
H6.1: Designing (Security) Without Requirements is like Building a Road Without a Route Map to a Destination You've Never Seen.
survey of RFC S/MIME signature handling
US moves to seize the gold
Hal Finney on 'AACS and Processing Key'
Message is the Center
more Tipping Point evidence - POS vendors sued
e-gold responds -- denies Criminal Charges
Dr Geer goes to Washington
Security Expertise from Cryptographers: the Signals of Hubris
e-gold founders indicted
US moves to freeze Gold payment reserves
Breached *and* sued -- is TJX the tipping point to liability alignment?
WEIS2007 - Econ Info Sec - programme announced
The Begining of Governance - the Egyptian Accountants
Counting Chickens at eTrade, bankruptcy in Europe, and costs in America
We pluck the lemons; you get the plums: the Lemon Maligned, in Wikipedia as in the security literature
On cleaning up the security mess: escaping the self-perpetuating trap of Fraud?
the plan to save Paypal: Skype revealed...
Our security sucks. Why can't we change? What's wrong with us?
Metricon 2.0 -- Boston, 7.Aug.2007
Does non-profit mean non-governance? Evidence from the fat, rich and naive business sector
H3 - there is only one mode, and it is secure
What to do about responsible disclosure?
The One True Identity -- cracks being examined, filled, and rotted out from the inside
Threatwatch: MITB spotted: MITM over SSL from within the browser
Threatwatch - bots, selling Ameritradelity, all your DNS belong to US
The Founder Paradox
Cost of an identity
Finally, someone gets done for Money Laundering....
An ordinary crime: stock manipulation
Feelings about Security
WebMoney Annual Report: competition with Belarus Government
Open Governance - using the 5th Party to protect the asset
Random stats on instant messaging (IM/chat) ...
U.S. Dollar Drops Against Counterfeit U.S. Dollar
Insider fraud -- innocent client networking or excessive liposuction?
Crypto Revisionism -- Hypothesis #6 -- It's your Job. Do it.
The alternative to FC is unprintable - Ahmadinejad and capital markets
Any good definitions of Phishing?
Threatwatch: $400 to 'own' your account
How to breach a company: Spies, Lies and KPMG
Why Linux doesn't care about governance...
On starting afresh with Security...
on Governance
Stakeholders in Security
EV - what was the reason, again?
EV - liability situation is SNAFU
NIST Competition to create new Hash algorithm
Critiquing the Mozo (draft) principles
Mozo posts some draft Principles
Nokia and Visa announce handset payment system
More on why Security isn't working -- it's in your Brain?
Tom Greco's blog
Pennies - RSA reveals attack kits? and Why Gift Cards,
The Year of the Platypus - 2007 predicted
Usable Security 2007 -- Preliminary Programme -- colocated with FC2007
Cat's Credit Card
FC07 Preliminary Programme - Leaving Room for the Bad Guys
Skype drops the payments bombshell
Now, *that's* how to do security...
Non-repudiation, Evidence and TLS: another fine mess I've got you into :-(
Changing the Mantra -- RFC 4732 on rethinking DOS
ATS and the death of a thousand tiny cuts
CFP - Computer Security Foundations
The year of the Bull: The predictable rampage in review ...
Who has a Core Competency in Security?
What is the point of encrypting information that is publicly visible?
CFP: 6W on the Economics of Information Security (WEIS 2007)
The Grnch writes: "Am I supposed to trust your opinion on cryptography?"
Extended Validation - setting the minimum liability, the CA trap, the market in browser governance
SWIFT breach - Big Brothers
Tracking Threats - how whistleblowers can avoid tracking by cell/mobile
SWIFT breach - SWIFT broke the law, the laws have changed, the ECB ducks responsibility
The Big Shift in Voice -- the deadly embrace of handset manufacturers and telcos
Evils of Crypto Buzzword Plague -- AES is Pareto-secure but ECB is not
Tracking email - the disappearing myth, the #1 threat, versus ultra rare sighting of eavesdropping attack
NZ on Identity
Audit Follies - Atlantic differences, branding UnTrust, thumbs on Sarbanes-Oxley, alternates...
Why security training is really important (and it ain't anything to do with security!)
How the Classical Scholars dropped security from the canon of Computer Science
The Last Link of Security
Mozilla moves on security
Threatwatch - the Feds are back, Israel finds it cuts both ways, Cybersecurity Enemy #1
SWIFT breach - Roundup - Good Morning Europe, BoE got out early, Simon Davies: "we won't be fooled again."
Threatwatch - sigint by Hezbollah, nyms by torture units, closed source weaponry
WESII - Programme - Economics of Securing the Information Infrastructure
FC'07 - call for papers - Financial Cryptography and Data Security
NFC - telco operators get another chance at innovation
The one secure mode; Thunderbird would meet Kerckhoffs' 6th; and how easy it is to make it secure...
Mozilla now has a "Chief Security Something"
Introducing the new HavenCo location...
Universal Music throws in the towel, price of music drops to $0.00
SHA1 weakened further in new attacks
Fraudwatch - how much a Brit costs, how to be a 419-er, Sarbanes-Oxley rises as fraud rises, the real Piracy
Identity v. anonymity -- that is not the question
Naming the unnamable, "We have a problem, Houston," who blinks first? and who replaces President Bush?
Privacy v. LEO interests -- too simple an approach?
Slapdown - US Court rules against Bush wiretaps
Fraudwatch - Chip&PIN one-sided story, banks and deception and liability shifts
Usable Security (USEC'07)
Sarbanes-Oxley is what you get when you don't do FC
Thank AOL for bringing us this example of datamining
SWIFT breach - leverage v. due process, Spy v. Spy, audit v. Ajax, three questions for SWIFT
IdentityWatch: Cloning the RFID, swimming the channel on the cheap, the Russian view, AML success rate, and the genesis of Id Theft?
Payments and Settlements News - No. 42
smart cards with displays - at last!
FC'07 - call for papers
Firefox as a mainstream security risk - three threats
Case Study: Thunderbird's brittle security as proof of Iang's 3rd Hypothesis in secure design: there is only one mode, and it's secure.
More Brittle Security -- Agriculture
SWIFT breach - the 'squeeze', justice not being done, the Europeans wake up to "restaurant economics" a.k.a. industrial espionage
ePSO - european Payments and Settlements News - No 41
Threatwatch - "you again operate impulsively in the manner"
SWIFT breach - embarrassed Europeans, outrageous acting in Congress, the aggreated abuses, camelgate, and the institutionalised defrauding of American values
on Leadership - Plants, weeds, and harnessing Stop Energy in your pet Triffid
Threatwatch - 2-factor tokens attacked by phishers - another "must-have" security tool shown to be fighting the last war
Galileo (EuroGPS) cracked
Phishing for SNI progress - tantalisingly close?
SWIFT breach - canonically novel theories in law revealed
DDA cards may address the UK Chip&Pin woes
on Leadership - how to achieve the impossible with the five phases of _win-win_
SWIFT breach - softly softly, catchee monkey?
Apple to help Microsoft with "security neutrality"?
on Leadership - negotiating the RTFM into the realm of forgotten schoolyard jokes
on Leadership - tech teams and the RTFM factor
It's official! SSH whips HTTPS butt! (in small minor test of no import....)
Sealand - more pictures
on Leadership - roles around the May Pole
How many people are turned away by the FC certificate?
Roundup on SWIFT breach -- limits claimed are already breached -- US citizens are the victims
FC++3 - Advances in Financial Cryptography, Number Three
FC++3 - Dr Mark Miller - Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control
FC++3 - Concepts against Man-in-the-Browser Attacks
FC++3 - The Market for Silver Bullets
Sealand burnt out - aid sent by neigbour UK - security guard airlifted
SWIFT breached - Big Badda Boom - will this hasten dollar shift?
Identity 7, watchlist error rate, $300 to get off the watchlist
The Fed knows - more evidence that the Fed is managing the washback
Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security
White Helicopter - Is eavesdropping a "Clear and Present Danger" - the definition of a validated threat?
Black Helicopter #2 (ThreatWatch) - It's official - Internet Eavesdropping is now a present danger!
Black Helicoptor #1 - Is the data theft epidemic more than coincidental?
Microsoft - will they bungle the security game?
Naked Payments IV - let's all go naked
USD shift in reserve currency status confirmed - call it 10% per year
Naked Payments III - the well-dressed bank
Naked Payments II - uncovering alternates, merchants v. issuers, Brits bungle the risk, and just what are MBAs good for?
Naked Payments I - New ISO standard for payments security - the Emperor's new clothes?
How cheap is it to get companies to escrow records for LEAs?
Firefox to check in with Google-central - Is Mozilla in unconstrained commercial rampage already?
CryptoKids, education or propaganda, ECC, speed or agenda capture?
Courts as Franchises - the origins of private law as peer-to-peer government
ThreatWatch - the war on our own fears
Dodgy practices - and how to defend against them with Audits
Verisign sued over dodgy security practices
Users do not need online banking
British Columbia Supreme Court rules that you should lie back and enjoy it
How much is all my email worth?
Is VeriSign's buyout of GeoTrust anti-competitive?
CFP - W. Economics of Securing the Information Infrastructure
Opera talks softly about user security
ThreatWatch - markets in loss, Visa's take, 419 "chairmen"
It is no longer acceptable to be complex
Spring is here - that means Pressed Flowers
Indistinguishable from random...
When they cross the line...
This Modern World - First they say they don't collect that data....
CA market consolidates - Verisign to buy Geotrust
Freshfaced risks: Licensed to Secure, 007 seconds out of College, a Risky Future indeed!
US and EU cooperating on phone tracking
Tracking you, tracking me, tracking everyone
Markets in Imperfect Information - Lemons, Limes and Silver Bullets
Money costs: a dollar, a penny, a system, an experience
3 of the big 4 - all doing payment systems
Tracking Threats - USA Telco, Inc., shares billing records with NSA, Pretexters, foreign governments, anyone, really
JIBC April 2006 - "Security Revisionism"
Chip-and-Pin terminals were replaced by "repairworkers" ?
Reliable Connections Are Not
Payment systems - the explosion of 1995 is happening in 2006
Petrol firm suspends chip-and-pin
Security Soap Opera - (Central) banks don't (want to) know, MS prefers Brand X, airlines selling your identity, first transaction trojan
Shifting the Burden - legal tactics from the contracts world
Fido reads your mind
News and Views - Mozo, Elliptics, eBay + fraud, naïve use of TLS and/or tokens...
Unique Transaction Numbers in SWIFT
Is Provenzano a Kindergarten Cryptographer?
Numbers on British Fraud and Debt
Security Gymnastics - Risk-based from RSA, security model rebuilding from MS, and taking revocation to the next level?
Voting and more from the Red Queen
Separation of Roles - an example
Court rules email addresses are not signatures, and signs death warrant for Digital Signatures.
Worldwide Internet boom to finish by 2009
Threatwatch - Voice Threat Models are Snafu - Situation Normal All F***ed Up
Why audits are so important
Notary Publics to Cryptographers - keep yur grubby mits off!
Threatwatch - pricing the password crack
Votes are coins stamped with the Red Queen's head
ThreatWatch - Sony is your friend, Game Over?, Meccano costs, and it'll all be better in two years
4th April, 1984
Thank Skype for not listening
Random Pennies
Professional Associations in IT Security
Call for Nominations - 2006 PET AWARD
How does the dominatrix of the open source world encourage her clients to pay for their pain?
Prof. Iang
Meccano Trojans coming to a desktop near you
Digital Money 29th, 30th
Threatwatch - trojan hijacking, proxy victims, breaching conflicts of legal interest, semi-opaque blue hats
Just another day in the office of Identity Control
NIST opens new DSA format for comments
ThreatWatch - the Mac gets hacked
FraudWatch - Chip&Pin, a new tenner (USD10)
"doing the CA statement shuffle" and other dances
Google strives for hard cold cash
News on payments: mobile/cell, Skype, Google
Identity on the move III - some ramblings on "we'll get it right this time, honest injun!"
Identity on the move II - Microsoft's "Identity Metasystem" TM, R, Passport-redux
Identity on the move I - Stefan Brands on user-centric identity management
new cert for FC
iVirus, Mr & Mrs Smythe, Shaking the Incumbents, Ping on convenience, Gmail on inconvenience
High Assurance - summary of the Due Diligence
Major Browsers and CAs announce Balkanisation of Internet Security
Branded Experiments
More dots than you or I can understand (Internet Threat Level is Systemic)
Birch on Blogs, decimal points matter with houses, too, and Bill Gates predicted...
Todd Boyle: value of transactions versus security model
SSL phishing, Microsoft moves to brand, and nyms
Brand matters (IE7, Skype, Vonage, Mozilla)
The Market Price of a Vulnerability
Picturing her location
Edgar Rice Burroughs on Complementary Currency
The last (US) telegram, another FV copycat, another signature snafu
A Nokia Without A Phone
Threatwatch - tracking you, tracking me, tracking us all
The Price for Your Identity
Negotiation and the rule of three favours
Startups, Free Banking, Gift cards
Why passports will have RFIDs
US District Court uses digital signatures
G&SR / e-gold case in Washington DC court
DigSig News - Notaries apply for an old Franchise, Colorado does PK with BRNs, old anecdote
Szabo on the Contract v. the Note
The node is the threat: Mozilla, the CIA, Skype, Symantec, Sony, .... and finally a WIRE THREAT: Bush
How Many Transactions?
Bill Monk - LETS goes commercial
Remittances - the bane of the Anti-Money Laundering Authorities
Exploit Feeds - a public service or a commodity with a price?
Arbitration Arises on the net
RSA comes clean: MITM on the rise, Hardware Tokens don't cut it, Certificate Model to be Replaced!
Our Private Bayesian Rules Engine
easy call #1 - USG to maintain control of Internet
Open governance, bicycle helmets and certifying authorities
Non-profits and Fraud - case #1
e-gold under attack
Rights in the New Year
13 reasons why security is not a "Requirement"
Paymer Anatomy - anyone an issuer
GP4.3 - Growth and Fraud - Case #3 - Phishing
Netcraft - 450 phishing cases using SSL / HTTPS certs
2006 - The Year of the Bull
How the Chinese avoided insider fraud for over a millenium - The Chinese Remainder Theorem
Early History of SSL - guess who invented the colour bar?
GP4.2 - Growth and Fraud - Case #2 - e-gold
Brickbats and Plaudits
Merry Xmas all
A new security metric?
A VPN for the common man!
GP4.1 - Growth and Fraud - Case #1 - Mutual Funds
Diamond governance
eCash is prior art to Amazon one click?
GP3 - Growth and Fraud - How to Book a Table
OpenPGP supports any Trust Model that you desire!
Sighting of near-extinct beast - the profitable crypto attacker
2005 in review - The Year I lost my Identity
GP2 - Growth and Fraud - Instructing Security at GP
FUDWatch - US Treasury builds up for intervention in Internet Governance?
GP1 - Growth and Fraud - Meet at the Grigg Point
How much will it cost you to lose your customer's data?
The Kula Ring - Nick Szabo on why two counter-rotating circulations
Who v. Who - more on the dilemma of the classical attacker
Browser Manufacturers share anti-phishing tricks - Farce, Soap, and 3 great things
Frank Hecker goes to the Mountain - mapping the structure of the Certificate Authority
Security is failing - more evidence from Sony
After 10 years, a new policy on adding CAs
2 articles on OB - leadership, respect, unstructurelessness
Amazon starts a Task Market
anti-forensics - why do vapourware security tools sell so well?
ACM Interactions - special issue on Security
Musings on IP - one good way for DRM and one bad way?
CFP for iTrust in May 2006
Phishing for News..
Sony v. their customers - who's attacking who?
The Economist on the FATF - a net 'bad'
Breaking Payment Systems and other bog standard essentials
Microsoft scores in anti-phishing!
Security Professionals Advised to Button Lips
What happens when you don't do due diligence...
Penny Payment Systems
The Perfect Phish - all conditions are now in place
Roundup on News
Ben Laurie on Identity
Conferences coming up... and this weekend is Pooool
Developers 'should be liable' for security holes
The Mojo Nation Story - Part 2
eBay migrates to the Payments business
The Mojo Nation Story
It's official - doing due diligence is a criminal offence!
Is technical trading a Schelling point?
Schelling points
Happy World Standards Day
'bonus pater familias'
Journal of Internet Banking and Commerce
On Digital Cash-like Payment Systems
Blaming the Banks won't work
The Tipping Point - How Good Companies Go Bad and Executives Become Rogues
Security Software faces rising barriers
Extra Financial Cryptographic Engineering
Microsoft, Office SP2, anti-phishing, security patches, the real situation, and the arms race.
Phishing in Pogo's Swamp
Dave Birch on Payment Tokens
PayPal protected with Trustbar and Petnames
RSA keys - crunchable at 1024?
Spooks' corner: listening to typing, Spycatcher, and talking to Tolkachev
Open Source Insurance, Dumb Things, Shuttle Reliability
IP on IP
SSL v2 Must Die - Notice of Extinction to be issued
KPMG establishes the price of the get-out-of-jail card
The HR Malaise in Britain - 25% of CVs are fiction
How to Build a Secure Credit Card Authoriser - 5 mins biz plan
New Threats on the Airwaves
The Rise and Absorption of Paypal - a lesson for offshore
Microsoft to release 'Phishing Filter'
Application mirroring - In which I strike another blow against the System Programmer's Guild
Buying ID documents
Computer characters mugged in virtual crime spree
Notes on security defences
Notes on today's market for threats
Security Systems that fall in a heap if actually challenged...
SHA1 attack updated at Crypto, US responds by stifling research
WoT in Pictures, p2p lending, mailtapping
Is Security Compatible with Commerciality?
A Small Experiment with Voting - Mana v. Medici
tracking tokens
The Phishing Borg - now absorbing IM, spam, viruses, lawyers, courts and you
FC conference returns to Anguilla
The Favour Economy - Pressed Flowers get Laminated
Disclosure, Victims, and Browsers reveal anti-phishing approaches
Payment news - two classic story endings and a new start
London to issue own money
How to do Hayekian Private Issuance
"Acceptable Risk" - a Euphemism for Selling Fraud?
Cash - so hard to trace, so hard to untrace
Accountancy Firms - too big to fail
Liability for Software - is the end of the Security Industry a bad thing or a good thing?
Fear-commerce, something called Virtualisation, and Identity Doublethink.
George's story - watching my Ameritrade account get phished out in 3 minutes
Learning from Failure
Mozilla drops Open in favour of Smoke Filled Rooms
Definitions, competition-by-regulation, and Justice-by-Press-Release
Ian Grigg - Triple Entry Accounting
Nick Szabo - Scarce Objects
Marc Stiegler - An Introduction to Petname Systems
Advances in Financial Cryptography - Volume Two
Skype - a prince but still covered in warts
Google payment system confirmed - let the trimming of tall poppies begin
US Banks lobby to enter Real Estate - Hubris or an Invitation to end the Franchise?
USA credit system is totally compromised, security-wise
Google to do a payments system?
Hype is free, Common Sense costs Pennies
Miller & Shapiro on Hayek's market - explaining object orientations
A hand of Pennies
Killing for Pennies, and is AOL, the "gateway drug", cause or cure?
New Best Practice for security: Avoid "Best Practices"
Virus-safe Computing - HP Labs article
Identity is an asset. Assets mean theft ... and Trade!
Save Thyself - Russia's WebMoney Payment System (translated)
A shortcut for bootstrapping trust
Software Licensing and the Know-how to Issue
Two Hot Whistleblowers
IFCA's Discussion Maillist for Financial Cryptography
Industrial Espionage using Trojan horses
Loss Expectancy in NPV calculations
America asks "Why us?"
The Crypto Wars are On/Off/On/Off...
ShadowCrew - more advanced than you think
The Suits Own You - FBI hacking wireless LANs
To live in interesting times - open Identity systems
Click-fraud goes to court
Open Publication experiments - FC++ and JIE
$850 million dollar email had Perfect Forward Secrecy
SSL for FC - not such good news
Penny-eating worms, and how crypto should be
Microsoft Rumours Lacking Strong Digital Signature
Advances in Financial Cryptography - "First Issue"
On Secure Knowledge-Based Authentication
Avoiding Liability: An Alternative Route to More Secure Products
FUDWatch - VoIP success attracts the security parasites
Games, P2P and currency ...
Threats are two a penny
Getting Apache to encrypt
Securing with SSL - an experiment
Damaged Pennies
Lies, Uncertainty and Job Interviews
Security as a "Consumer Choice" model or as a sales (SANS) model?
Tracking Reputation - CACert
HCI/security - start with Kerckhoffs' 6 principles
New Machine for FC
Pennies on the CV
PKI News
Dave Birch - the case for RFIDs is cost
Spitzer - securing your data to become a crime?
First Impressions on reading Spence on Signaling
Conferences as Scams
The Twilight Zone
A Penny at a Time
Going Binary, half a bit at a time
GeoTrust says existing PKI practices are worthless
How much is your finger worth?
Big Bad Black Market
Penny Chat
KPMG warned browser manufacturers in 2002
Forbes - The Wages of Sin
Cubicle adds to Security Research on Skype
The Next Corporate Liability Wave?
Lopez v. BoA leads to rising bank FUD, if not clues
Amit Yoran - biggest fubar is 'certification'
JIE - Contracts in Cyberspace
Old tech never dies - fax machines
Odd things going on at ICANN
Nicking folk's identities is easy, says researcher
AIG scandal - when it's ok for a company to commit a crime
Advances in Financial Cryptography
Microsoft to use blinded sigs?
New Password Cracking Threat: Grid + your laptop
Security Signals - Schneier reviews Ciphire email system
Security Signals - Certifications for Experts
IP versus Economics - the Google Trademarks disputes
Euromail - Slate's Eric Weiner asks a question?
Mad March of Disclosures - the post-Choicepoint world
S/MIME - breaching the barrier to sign
A penny here...
Digitally-Signed Mail in e-Commerce - FC05 survey
Overzealous sentencing leads to reduction in security
VCs Suck, but you can still store your data on FreeBSD
(SEC orders that) Mutual Funds Reveal Clients' Data on Web
Mozilla wobbles on the ball of security
A Pennyworth of thoughts
FUDWatch - NYT breathless on wireless terrorism
For a few Pennies more...
Open Governance spotted over at ICANN?
Christopher Allen on the constance of Fear
Open Peer Review
A Fistful of Pennies...
Lessig says 'never again' to copyright demons
Observations on the CA market - Verisign to sell out?
More Pennies
Digital Money Forum - London - this week
How to Break MD5 and Other Hash Functions
What users think about web security
Cryptographers have a Responsibility to Explain Results
Identity Theft exists because Identity is Valuable
For download: Draft manuscript on Electronic Money and Privacy
Tegam uses courts to signal bad security
On Quintessenz and the Biometric Consortium
PayPal plus eBay - it's FC, not banking
Airlines Aim for Expense Reduction in Payments (FC != banking)
NSA gets data mined - not the right crowd to steal a payment system from
FC discussion list
What is FC (iv) - The Payment is the Message
FC exile finds home as Caribbean Brit
Short ones...
What is FC (iii) - Start from the Top.
What is FC? (ii) - Debunking the 'Bank' View
Money Matters and the Modern Webcomic
What is Financial Cryptography? - a rant in 4 parts
Is SHA-1 Pareto-secure?
FC - top picks for papers
Bank of America to draw heat from ChoicePoint
Software by the Bootcamp method
Email no longer reliable
Cybercash on Vacation - ruminations on FC
Random phishing news
Microsoft's negative rep leads to startling new security strategy
Choicepoint - 700 identities attacked
Vero - using ATMs to automate cheque cashing
IEEE's Economics of Information Security
Choicepoint - "largest database on earth can't say what happened"
Choicepoint - full blown scandal?
A Blackbird Moment - Microsoft confirms phishing is an attack on the browser
The Goal of Security
New-look passports - The Economist stands before the Identity Juggernaut
Massive data heist at Choicepoint exposes soft underbelly
Idle speculation - I wonder if the NSA knew this all along?
Collision Search Attacks on SHA1 - the Shandong note
Designing Risk Transfer Instruments for Internet Risk
Shandong team attacks SHA-1
Plans for Scams
Disclosure - "no stupid embargos" says Linus
The Weakest Link
Smartphone attacks - a timeline
Full disclosure: for and against
Skype challenges Open Source Security
Passport/Liberty leads to convergance with privacy community
Reg SHO Threshold Securities get Listed in Open Governance site
Top 18 Security Papers - add "the 3 laws of security"
US approves National Identity Card
Social re-engineering
First case of a digital signature repudiation?
Open disclosure - OpenPGP reports minor attack
As the SarbOx screw tightens, the foreigners pack their bags
A hybrid Nym / Centralised Identity?
4 Corners in Identity
1st case against bank for online banking fraud?
Firefox first blood - bug allows any domain to be "owned"
The secret list of ID theft victims
Mozilla nears formal policy on new CAs
Musing on the CA debate: ICANN, NTK, Firefox and the devaluation of Trust (tm)!
VeriSign and Conflicts of Interest
Microsoft back in the currency game - Loyalty Points for using groupware
Blogs on Crypto
Cyota reports "almost 5% have been hooked in phishing"
Schneier reports on DHS committee - hope for Open Governance yet
Security Breach Disclosure is required for the consumer to adjust risk assessment
How Ideas Evolve as a Shared Resource
RFID attacked - to impact Passport Debate
CostaGold case Settles - Leaving Ugly Dilemma for Open Governance Issuers
The Authur Andersen Factor - Riggs Bank
The Coming Collapse of the Dollar
OSGold's bank to be sued - should have used 5PM
Towards an Economic Analysis of Disclosure
Unintended Consequences and the Case of the $100 Superbill
The Green Shoots of Opportunistic Cryptography
DIMACS Workshop on Information Markets
The market punishes bad news, not bad not-news
Poll predicts Instant Messaging to take over
Do security breaches drop the share value?
Thunderbird Gains Phishing Detection (Too)
FC05 Registration Deadline
BlogShares - fantasy trading in blogs and ideas
The Free Lunch Is Over: A Fundamental Turn Toward Concurrency in Software
Eudora overcomes stupidity to tackle phishing
Electronic Contracting (WEC '05)
The Big Lie - does it apply to 2005's security problems?
Internet 'Phishing' Scams Getting More Devious
Online or Invisible - the case for open publication
T-mobile cracker also hacks Proportionality with Embarrassment
Dr. Ron Paul understands the forces behind identity theft
Schneier joins the DHS-WG - a new attack on open governance?
Security by Obscurity blooper - Cameras caught on Google
Identity Theft: Why Hollywood has to take one for the team.
Skype analysed - Jedi Knights of the Crypto Rebellion, Score 1
The Case Of The Bandwidth Burglar
Accountants list the tech problems, Security and Sarbanes-Oxley take pole positions
Frank Abagnale at CSI - Know me if you can
Chip&Pin liability shifts from UK bank to retailer
Security Signalling - the market for Lemmings
Journal of Internet Banking and Commerce
Happy New Year
Netcraft breaks ranks and points the crooked black claw of doom at the SSL security model
2004 Financial Report of the United States Government - How Big?
The Guru Code - a great technique for something that never happens!
Simple Tips on Computer Security
FC'05 programme - announced
From the "real threats" department: Wanted: Chief Espionage Officer
STORK - strategic roadmap for crypto - New Trends in Cryptology
New job quiz: what's this post mean then?
User education: worse than useless
FC'05 (the conference) posts the programme!
Nyms sighted in authentication software
SkunkWorks that works - The Graphing Calculator Story
Security Coding Best Practices - Java adds yet another little check, and boom...
Mexico flirts with the silver unit - a good base for digital issuance
Email is dying ... Stats from Postini
The One True Number: "9210: the zip code of another IT-soap"
Google Labs Aptitude Test: The Cats are Firmly in Charge
PKI's mission: sell certs or die in the attempt!
2006, and beyond...
Microsoft proceeds with strategic withdrawal
Engineering for Failure
The SEC's NMS: One Price to rule them all, One Price to find them, One Price to bring them all and in the market bind them
Andy Grove: CYA is now the board's main job
2005 - The Year of the Snail
2004 - The Year of the Phish
Economics is isomorphic with risk?
"Amateurs study cryptography; professionals study economics."
SDP1 - Secure Datagram Protocol #1
Burglary that called in its own "burglary in progress..."
DIY fingerprint idea thwarts ID thieves
eBay's Spanish rebellion - have they hit the transactional Brick Wall?
Bank coverups no longer acceptable in retail payment systems
Mini Research Project: Sarbanes Oxley 404 Horror Stories
NY Fed hit by inside saboteur?
Kids' Secret Cells - defeating security by learning
A further challenge to Strong Identity - Nerve Coupled Cooperating Humans
First time a digital signature has been affirmed by court?
Surprise and Shock! Identity smart cards that work on a national level!
Raising awareness in Dispute Resolution
Opportunistic Cryptography is now Acceptable
Al Qaeda's use of cryptography - scant evidence
e-gold to track Cisco extortioner
Using Payment Systems to avoid tax
Halloween and The Candy Economy
Nokia to trial integrated phone/RFID payment system
Encrypt everything...
Check 21 - "What's a check?"
Games being leaked by employees - where's the value?
Online gaming? How about online trading...
Security Signalling - sucking on the lemon
New Tack Wins Prisoner's Dilemma
Austria issues 100,000 Euro coin
Neal Stephenson on Money
Phishing - companies are mostly powerless
The Arab Cryptanalysts
The Coordination Problem
de Soto's _The Mystery of Capital_ afflicted by poor title
The Medici Effect
Great intro to social engineering - "Catch me if you can"
SANS - top 20 solutions confirms no solution for phishing yet!
Know your enemy - Interview with a hacker
Hurricanes reduce Spam
The Uses of Corruption
offshore recovery - now with "local jurisdiction"
Amit Yoran - cybersecurity czar - resigns!
Identity theft - buy a Mac, download Firefox
Microsoft's dilemma - they finally changed the mantra!
The DDOS dilemma - change the mantra
Eavesdropping threats: Listening to chat
WebTrust: "It's about not causing popups..."
To Kill an Avatar
The Node is the Threat
Normal Accident Theory
CPUs are now a duopoly market
Paypal fines arbitrageurs
CPUs going dual core
Financial Cryptography v. The Enterprise
DNS spoofing - spoke too soon?
Sarbanes-Oxley - what the insiders already know
VeriSign's conflict of interest creates new threat
Hayek says "Buy Dinar"
Phishing Kits
Privatising Cash
Paranoia Goes Better With Coke
Using PGP with an USB smartcard token
An Overview of Steganography for the Computer Forensics Examiner
SHA0 is cracked
How much to crack a PIN code entry device?
crypto wars - NSA the victor
Cellphones on aircraft
Kerckhoffs' 6 principles from 1883
DoCoMo releases first 3G mobile wallet phone
FCC votes to tap Internet calls
When is a phish not a phish?
Professional email snooping
e-gold stomps on phishing?
Geeks take Sarbanes-Oxley to task?
The protocol wars
Big Brother Awards
Unix's founding fathers
Eavesdropping III - do customers get badly hurt?
In Search of Eve - the upper boundary on Mallory
Ordinary Threats
Trust and Trustees
Hubristic Cryptography
History of OpenPGP
New Attack on Secure Browsing
Conducting blackmail with private payment systems - Daft!
Jabber does Simple Crypto - Yoo Hoo!
The Ricardian Contract
Security Industry - a question of history
GoldMoney challenges for pole position
Real Time Java is coming...
Putting the chat back into IM
Electronic Money is Traceable Money
Question on the state of the security industry
Peppercoin - credit card facilitations
Proceedings of 1st Annual BuggyWhip Conference
The Legacy of ASCII
P2P's Tragedy of the Commons
Taxing Issuers
Micropayments, Nanoprofits, Macrolosses
Forging the Euro
Independent Chairmen
Phishing II - Front Page News
Phishing I - Penny Black leads to Billion Dollar Loss
Semblance of order amid the chaos
DTCC accused of counterfeiting shares
FBI asks US Congress to repeal laws of physics
U.S. banks fail to attract immigrant remittance business
Not news - AV producers slip as Microsoft "competes"
Phishing an epidemic, Browsers still snoozing
WYTM - who are you?
Big and Brotherly
Compliance Persons Of The Year
New public DRM technique from the Central Banks
Trust Cannot be Outsourced
Turing Lecture by Adi Shamir
Identity Theft - the American Disease
The Myth of Systemic Risk
Paypal moves further away from money
Peter Coffee on how to lose a security debate
FC05 - Dominica - March 2005
Mutual Funds - Timestamping
Mutual Funds - the Softball Option
EU seeks quantum cryptography response to Echelon
US intelligence exposed as student decodes Iraq memo
SSL secure browsing - attack tree Mindmap
Open Governance Mindmap
Ross Anderson's "Economics and Security Resource Page"
EC opens ears on e-money directive
Sassy Teenager Stars in Virus Soap
Secret Ballot Receipts and Transparent Integrity
"How is a capability different to an object?"
Cost of Phishing - Case in Texas
Definition of Capabilities
QC - another hype cycle
Rates II - Mortgages and Musical Chairs
Rates I - US moves to raise rates
Tumbleweed casts CA-signed cert lure
DPA patents
Comdot from Beepcard
El Qaeda substitution ciphers
LD3 - At the Breakfast Table
LD2 - Liberty Bimetallism
LD1 - Inflation Proof Currency Set to Double
Sharing Files is still a "Hard App"
Spammers have stats?
AES now rated to "Top Secret"
"The Ricardian Contract"
When Play Money Becomes Real
Playing Favorites
Security Modelling
The Future of Phishing
cybersecurity FUD
Media shift - Cellphones go soapie
The Dollar on the Move
Biggest scandal is only starting...
Dr. Self-signed or How CAs Learned to Stop Worrying and Love the Cert
Spammer's Porsche up for grabs
CA policy news
Reinventing Contract
The Digital Silk Road
Online Gambling Payments - Looking for a Home?
"Micropayments for Peer-to-Peer Systems"
Terror network was tracked by cellphone chips
Centralised Insecurity
U.S. info-sharing program draws fire
Standardising accounts
Backing - Defined
NeuClear - new wiki site
Civilian lists films as IPOs
Fannie Mae no longer backed by the G-Man?
Nigerian scammers now using the Queen's English
How Predictive are Idea Markets?
PayPal Probed for Anti-Fraud Efforts
PayPal Probed for Anti-Fraud Efforts
G30 - Accounting not to blame?
Anti-Phishing WG
Phishing - and now the "solutions providers"
Cash no longer free?
RFIDs in US notes?
Heavy Films
Browser Threat Model
SSLBar + Fingerprints = GoogleCA
p2p crypto VoIP - Skype
BSD - the world's safest OS
Candid ATM Camera
XML Voucher
DRM is FBI's 3rd highest priority?
Are debit cards safe?
From Bretton Woods to GW-II
Soft Dollars under attack
OPEC Has Already Turned to the Euro
Book-Entry Securities
PayPal acquires eMoney Licence
The Ricardian Contract
Crash-only Software
Workshop on Sensitive Data
GoldMoney hits the Tonne
CAcert debate leads rethink for SSL certs
e-gold targeted by worm
Stock Trading Attacks
FC 2004
Rock and Roll
Paysec 2004
Using Software to Sniff Out Fraud
Mutual Funds and Financial Flaws
Financial Derivative Contracts
Where the money is - Europe
CodeCon 2004
Measuring Fraud in DGCs
Adult Website Prepaid Cards
Cheap Hardware Tokens
A (US) Law Dictionary
Adobe Helped Gov't Fight Counterfeiting
The Web's New Currency
The Fraud of Insider-Trading Law
1st ever eMoney Licence?
Dutch Retail Payments
The Payments System in Transition
[Enhyper Knowledgebase] News for 30-Dec-2003
Repudiating non-repudiation
Six Degrees of Kevin Bacon
Microfinance Impact Assessments
NeuClear in the 7 Layer model of Financial Cryptography
FC04 - accepted papers
Keeping Secrets - Crypto gets a Demand-side Boost
RFIDs enter the payments field
NASDAQ Practices Their Vectoring of Systemic Risk
Fighting the worms of mass destruction
What is Pseudonymity?
Workshop on Electronic Contracting
Governance or Regulation - You Pick?
ARMISTICE: Real-time Distributed Risk Management
The First IEEE International Workshop on Electronic Contracting (WEC)
Scaling up Micro Financial Services: An Overview of Challenges and Opportunities
High Frequency Data - an Essential Resource
The Good, The Bad, and the Ugly
Principles and Practices of Microfinance Governance
Infinite Bandwidth
War Against the Dollar, the Pillar of United States Power
Economists explore betting markets as prediction tools
Breaching those Barriers to Entry
[Mises] Carl Menger: The Nature of Value
The Value of Issuance
On The Resolution of Disputes
Getting Out in Front of Financial Privacy
Coin Sets
Making microfinance work in the Middle East and Africa
Using SMS Challenge/Response to Secure Web Sites
The Origin of Money and its Value
Nobody ever got Fired for Buying Microsoft!
Peppercoin lacks spice
The Contract is the Keystone of Issuance
The Insecurity of FC
Auction Types
Events Circuit
Say hello to success
FC Blogged