Russian Dolls - a design pattern for end to end secure transactions
Thoughts on momentum accounting
Cryptojacking Malware Devs Sentenced to 20 Years in Prison
Financial exclusion and systemic vulnerability are the risks of cashlessness
None of us love terrorists
Gresham's Law thesis is back - Malware bid to oust honest miners in Monero
AES was worth $250 billion dollars
Market for Scans
Zooko buys Groceries...
Shocking trade in stolen UK passports (really??)
FCA on Crypto: Just say no.
Tesla’s cloud was used by hackers to mine cryptocurrency
when we teach everyone to trust ID documents...
Hackers selling access to Aadhar
Over 1.65 Million Computers Infected With Cryptocurrency Miners in 2017 So Far
FC2008 - 26th-Feb -- 2nd-March - Curaçao
SegWit and the dispersal of the transaction
Identifying as an artist - using artistic tools to generate your photo for your ID
4th ed. Electronic Evidence now available
Oh no, not another bloody Satoshi sighting...
Robin Hood Talk - Identity - Who am I?
Fake US embassy provides full service
Senegal to use eCurrencyMint for digital cash
Bitfinex - Wolves and a sheep voting on what's for dinner
CfP FC 2017 - 3-7 April 2017 Malta
Corda: An Introduction (paper)
IP concerns over Ricardian contracts
Ethereum is one step away from creating a workable smart contracting community
the Satoshi effect - Bitcoin paper success against the academic review system
FC wordcloud
When the security community eats its own...
The Great Bitcoin Fork - heartbleed or bleeding hearts?
The Nakamoto Signature
Cash seizure is a thing - maybe this picture will convince you
Issuance of assets, Genesis of transactions, contracting for swaps - all the same stuff
and Boom! The PetroYuan, or the end of dollar hegemony in a sign even they can understand...
Coase's Blockchain - the first half block - Vinay Gupta explains triple entry
Using CommonAccord to build "First Class Persons"
Proof of Work is now being put to work - toasters!
Yanis Varoufakis proposes Greek tax receipts in Ricardian Contracts on a blockchain
Training Day 2: starring Bridges & Force
Smart contracts are a centralising force - exactly the opposite effect to the one you hoped for?
The FATF and the War on the Poor: 0.2% effective against Money Launderers, 300% more effective against the poor than aid?
News that's news: Kenya's M-Kopa Solar Closes $12.45m
Hitler v. modern western state of the art transit payment systems: Hitler 1, rich white boys 0.
Scott on blockchains -- could these fussy smartcontracts change anything?
Gendal on blockchains -- what's the fuss? Could the blockchain change accounting?
OneRNG -- open source design for your random numbers
MITM watch - sitting in an English pub, get MITM'd
MITM watch - patching binaries at Tor exit nodes
Banking - licensed to cheat! And whether you'll get away with it.
Bitcoin and the Byzantine Generals Problem -- a Crusade is needed? A Revolution?
HR is broken - the recruiter honeypot
In the Shadow of Central Banking
Proof of Work made useful -- auctioning off the calculation capacity is just another smart contract
Heartbleed v Ethereum v Tezos: has the Open Source model utterly failed to secure the world's infrastructure? Or is there a missing trick here?
on trust, Trust, trusted, trustworthy and other words of power
Clinkle crinkle CLUNK
Signalling and MayDay PAC
Reset the Net. Don't ask for your privacy. Take it back.
Why triple-entry is interesting: when accounting is the weapon of choice
A triple-entry explanation for a minimum viable Blockchain
How many SSL MITMs are there? Here's a number: 0.2% !!!
(C) The ABC of Making the Bitcoin Investment Decision - part C first - Currency, buy the Coin!
podcasts on pre-Bitcoin from Bitcoin UK
Shots over the bow -- Haiti joins with USA to open up payments for the people
The evil of cryptographic choice (2) -- how your Ps and Qs were mined by the NSA
Identity is the New Money -- new book from Dave Birch
Update on password management -- how to choose good ones
Why Dispute Resolution is hard -- but not so elusive as to escape solutions
Digital Evidence journal is now open source!
FC++ -- Bitcoin Verification Latency -- The Achilles Heel for Time Sensitive Transactions
Hard Truths about the Hard Business of finding Hard Random Numbers
Who invented the shared repository idea: Bitcoin, Boyle, and history
Digital Currencies get their mojo back: the Ripple protocol
The Ka-Ping challenge -- so you think you can spot a bug?
MITB defences of dual channel -- the end of a good run?
We are all Satoshi Nakamoto
Bitcoin and how to integrate it into society
The NSA will shape the worldwide commercial cryptography market to make it more tractable to...
NSA v. the geeks v. google -- a picture is worth a thousand cribs
The Anatomy of an NSA intervention -- NIST & RSA fingered as breached
The NSA is lying again -- how STOOPID are we?
I’m Still Waiting for My Phone to Become My Wallet
FC2014 in Barbados 3-7 March
Why I am a fan of Alan Greenspan, still.
Did Alan Greenspan blow the bubble that blew up the world?
2 ways out of crushing debt
On casting the first cyber-stone, USA declares cyberwar. Everyone loses.
PRISM Confirmed: major US providers grant direct, live access to the NSA and FBI
All Your Skype Are Belong To Us
What makes financial cryptography the absolutely most fun field to be in?
A Bitcoin for your thoughts... (may regulators live in interesting times)
NATO opines on cyber-attacks -- Stuxnet was an act of force
After a decade of bad banking, finally some Good News: Cyprus forced to shut down a bad bank!
How much for an island in the sun, Mr Putin?
Cyprus deposit holders to take a 7-10% loss -- perversely this the right Cure, and it may Kill the Patient
It all started as a noble idea - Identity Cards in Uganda
How to use PGP to verify that an email is authentic
google leads the world in ... oddball interview questions... ?!? (part 1 in a rant on searching for your HR mission)
Deviant Identity - Facebook and the One True Account
Yet another CA snafu
Broadly Technical at Mobile Payments Startup (while musing on the impossibility of the reliable social network)
Facebook goes HTTPS-always - victory after a long hard decade
More STOP PRESS: A Ratings Agency has been brought to task!
Planet SSL: mostly harmless
More surreal events in the Crypto Cold War - the BitCoin blockade of Iran
STOP PRESS! An Auditor has been brought to task for a failed bank!
Four Planks to support the next evolution in secure browsing
Use another browser - Kaspersky follows suit
The Equity Debate
What's the takeaway on Audit?
Does this work? Signing with your face & thumb. The answer is ...
More context on why context undermines threat modelling...
Fans of Threat Modelling reach for their guns ... but can they afford the bullets?
Paypal go back to their roots - Paypal Here Again
Google thought about issuing a currency
Serious about user security? Plonk down a million in prizes....
Signatures on fax & email - if you did not intend to be bound, why did you bother to write it?
one week later - chewing on the last morsel of Trust in the PKI business
The Convergence of PKI
PKI and SSL - the jaws of trust snap shut
Why Threat Modelling fails in practice
the emerging market for corporate issuance of money
for bright times for CISOs ... turn on the light!
Why we got GFC-2
the five parties model, and SPDR GLD invites users to play spot-your-gold-bar
Why (my, all) financial systems fail -- information complexity
Audit redux.2 - and what happened to the missing MF Global client funds?
Advanced Persistent Threat (APT) - why did we resist so long?
Measuring Cyberfraud, the fall rate of sky, and other metrics from the market for Silver Bullets
_Currency Wars_
Phishing doesn't really happen? It's too small to measure?
HTTPS everywhere: Google, we salute you!
next-gen Stuxnet targets SCADA companies for intelligence
Liability & disclosure - the end of an era is in sight?
Founders of SSL call game over?
How Liability is going to kill what little is left of Internet security…
Regulating the future financial system - the double-entry headache needs a triple-entry aspirin
A tale of phishers, CAs, vendors and losers: I've come to eat your babies!
1st round in Internet Account Fraud World Cup: Customer 0, Bank 1, Attacker 300,000
RSA Pawned - Black Queen runs amoc behind US lines of defence
Declaration of Cyberwar - emerging hype cycle or growing nightmare?
#1 Censored Story - Dropping the Dollar
Hold the press! Corporates say that SSL is too slow to be used all the time?
Why The New Guy Can’t Code
Revising Top Tip #2 - Use another browser!
more on HTTPS everywhere -- US Senator writes to websites?!
The Zippo Lighter theory of the financial crisis (or, who do we want to blame?)
A small amount of Evidence. (In which, the end of banking and the rise of markets is suggested.)
What banking is. (Essential for predicting the end of finance as we know it.)
The Great Cyberheist
I am Spartacus! and other dramatic "Identity" scripts
Apple's Mac moment of truth arriving? Or just the silver bullet salesman?
philosophical question about strengths and attacks at impossible levels
62 Million Contracts are now no longer perfectable. Blame me?
Crypto-plumbers versus the Men in Black, round 16.
Internet Intellectuals, Media Security Reporting, and other explorations in the market for silver bullets
Security Planning - who watches the watchers?
In Santayana's market for alternative money, the future is within the Firm!
UN convention on Electronic Transactions: knowns and unknowns
Innovation: a word, a dream or a nightmare?
What would the auditor say to this?
memes in infosec IV - turn off HTTP, a small step towards "only one mode"
Niall Ferguson - Empires on the Edge of Chaos
Turning the Honeypot
memes in infosec II - War! Infosec is WAR!
Are we spending too little on security? Or are we spending too much??
The difference between 0 breaches and 0+delta breaches
Perspectives: the difference between the 1990s money guys and the 2000s p2p guys
blasts from the past -- old predictions come true
advertising fake passports and other puzzles?
SAP recovers a secret for keeping data safer than the standard relational database
When the Python meets the Mongoose ... the SEC and programming Asset Backed Securities
Pushing the CA into taking responsibility for the MITM
Why the browsers must change their old SSL security (?) model
Ernst & Young staring down the barrel that shot Arthur Andersen
The cost of playing red-footed football for European top-league clubs
the most magical question of all -- why are so many bright people fooling themselves about the science in information security?
load up on Steel, and shoot it out! PCI and the market for silver bullets
news v. not-news, the great phone-payments debate rumbles on
pushback against the external auditor (if they can do it, so can you!)
Bowles case is more evidence: Britain takes another step to a hollowed-out state
H4.3 - Simplicity is Inversely Proportional to the Number of Designers
Phishing numbers
Breaches not as disclosed as much as we had hoped
Timeline for an SSL protocol breach -- what's the size of your OODA loop?
FC: better than freedom?
my War On SQL
The War on Drugs moves to endgame: the War on US Americans
Gold bullion market set to implode?
Councils engaged in "War on Rubbish Days" to thank the FATF for new seizure powers..
Audits VI: the wheel spins. Until?
Microsoft: the new IBM?
The Elliot Wave has arrived at stage 5, so it's all over for the dollar!
How the FATF brought down modern civilisation and sent us all to retire in Mexico
Washington DC discovers new economic force: the World
Man-in-the-Browser goes to court
Where does the accounting profession want to go, today?
Talks I'd kill to attend....
Audits V: Why did this happen to us ;-(
40 years on, packets still echo on, and we're still dropping the auth-shuns
Hide & seek in the terrorist battle
What-the-heck happened to AES-256?
Numbers: CAPTCHAs and Suicide Bombers
Robert Garigue and Charlemagne as a model of infosec
Goldman Sachs caught with their pants down?
Audits IV - How many rotten apples will spoil the barrel?
Webmoney's start in the 1998 crisis
another implausible reason to steal from iTunes?
Have the accountants sold out?
The Exquisite Torture of Best Practices
Are the "brightest minds in finance" finally onto something?
Conficker chooses Rivest!
We don't fear no black swan!
The mystery of Ireland's worst driver
The 20th Century of Central Banking is over.
H5: Security Begins at the Application and Ends at the Mind
Rumour: NSA offering 'billions' for Skype eavesdrop solution
this one's significant: 49 cities in 30 minutes!
Audits II: Two more scary words: Sarbanes-Oxley
"No, you don't understand sheep"
Brit Frauds, the Bezzle, and Signs of Rebellion in Heartland
WoW crosses GP: get rich quick in World of Warcraft
We may have risk, but _banking is risk_
the Business of Risk Management in Security -- a Response
Royal Bank of Scotland Falls 66% in One Day!
Getting the business into security, or is it...
What's missing in security: business
Fc'09 Barbados 23-26 February
Ecuador's default: how to tame the angry Rafael Correa
Unwinding secrecy -- how to do it?
Who would judge a contest for voting machines?
Unwinding secrecy -- busting the covert attack
Unwinding secrecy -- how far?
A voting design competition?
Clickjacking -- the new browser wipe-out
another quiet week in finance
Why hasn't eBay tanked?
Success has many fathers, but failure has the US taxpayer
Builders v. Breakers
reliance on security claims: what can go wrong?
WSJ finds someone to blame.... be skeptical, and tell the WSJ to grow up.
Should a security professional have a legal background?
Osama bin Laden gets a cosmetic makevover in his British Vanity Passport
_Electronic Signatures in Law_, Stephen Mason, 2007
Monetary affairs on free reign, but the horse has Boulton'd
SEC bans illegal activity then permits it...
SEC starts to investigate Bear Stearns. Or does it?
wheretofore Vista? Microsoft moves to deal with the end of the Windows franchise
DNS rebinding attack/patch: the germination of professional security cooperation?
Digital Evidence: Musing on the rocky path to wisdom
German court finds Bank responsible for malwared PC
Cross-border Notarisations and Digital Signatures
Why is is this blog secure? Because there is only one mode, and it is secure!
Digital Evidence -- 26-27 June, London
Historical copy of PGP 5.0i for sale -- reminder of the war we lost
Hypothesis #4 -- The First Requirement of Security is Usability
The Dutch show us how to make money: Peace and Cash Foundation
BarCampBankLondon: alternative finance workshop
Case Study 2: OpenSSL's patched-out randomness
Firefox 3 and the new "make a security exception" (+ 1 bug)
Case study in risk management: Debian's patch to OpenSSL
The Italian Job: highlights the gap between indirect and direct damage
H2.2 KISS -- Keep the Interface Stupidly Simple
USD reserve currency shift -- some numbers
The Medium is the Message: what is the message of security today?
The illusion of Urban Legends - the Dutch Revolving Bicycle Cycle
Browser news: Fake subpoenas, the OODA waltz, and baby steps on the client side
Proving that you know something about security...
another way to track their citizens
An idea for opportunistic public key exchange
Pogo reports: big(gest) bank breach was covered up?
S/MIME: we don't need more reasons why it failed...
Liability for breaches: do we need new laws?
World's biggest PKI goes open source: DogTag is released
Trojan with Everything, To Go!
Format Wars: XML v. JSON
The Trouble with Threat Modelling
Attack on Brit retail payments -- some takeways
Say it ain't so? MITM protection on SSH shows its paces...
What is Apple doing with the iPhone?
FC2008 -- report by Dani Nagy
H2.1 Protocols Divide Naturally Into Two Parts
SocGen - the FC solution, the core failure, and some short term hacks...
middle banking in a english muddle
Rumours of Skype + SSL breaches: same old story (MITB)
When the SLippery SLope beckons
How to improve the Standards Process: the Prisoner's Dilemma
UK data breach counts another coup!
Why Security Modelling doesn't work -- the OODA loop of today's battle
MITM spotted in Tor
Oddly good news week: Google announces a Caps library for Javascript
H1: OpenPGP becomes RFC4880. Consider Hypothesis #1: The One True Cipher Suite
Zopa and Listed Loans
My fake passports and me
Your online Identity supplier
Storm Worm signals major new shift: a Sophisticated Enemy
Arbitration -- a community tool or a weapon?
Prepaid cards: offering the ECB a deal it cannot refuse
If Insurance is the Answer to Identity, what's the Question?
Threatwatch - more data on cost of your identity
The Failure of the Academic Contribution to Security Science
How S/MIME could suck slightly less with a simple GETSMIME
Identity news: Identity Forum, November 07 open for business, Second Life identifies with its users
Why are analyses of cash v. debit card so fundamentally flawed?
Threatwatch: Numbers on phishing, who's to blame, the unbearable loneliness of 4%
DNS Rebinding, and the drumroll of SHAME for MICROSOFT and APACHE
Skype on the test of a utility
SEPA meets Money 3.0 -- a trainwreck?
The fundamental _barrier to entry_ in the business of payment systems
Susan Landau on threats to the USA: don't forget Pogo
The Uneasy Ride on the Cryptography Bandwaggon
Shock of new Security Advice: "Consider a Mac!"
WebMoney does a gold unit
Microsoft asserts itself as an uber-CA
Security can only be message-based?
National insecurity - all your packets are belong to US
If your CSO lacks an MBA, fire one of you
Threatwatch: how much to MITM, how quickly, how much lost
ROI: security people counting with fingers?
Metricon 2.0 -- Boston, 7.Aug.2007 -- talks announced
Identity resurges as a debate topic
No such thing as provable security?
Choose your hatchet: when governance models collide
When to bolt on the security afterwards...
The Myth of the Superuser, and other frauds by the security community
And now the phoney war on cash (a.k.a., give us another subsidy, ma!)
US government seizes the gold in frozen acounts
Solution to phishing -- an idea who's time has come?
H6.2 Most Standardised Security Protocols are Too Heavy
Threatwatch: Still searching for the economic MITM
WSJ: Soft evidence on a crypto-related breach
survey of RFC S/MIME signature handling
US moves to seize the gold
Hal Finney on 'AACS and Processing Key'
more Tipping Point evidence - POS vendors sued
Security Expertise from Cryptographers: the Signals of Hubris
e-gold founders indicted
US moves to freeze Gold payment reserves
Breached *and* sued -- is TJX the tipping point to liability alignment?
The Begining of Governance - the Egyptian Accountants
Counting Chickens at eTrade, bankruptcy in Europe, and costs in America
the plan to save Paypal: Skype revealed...
Our security sucks. Why can't we change? What's wrong with us?
Does non-profit mean non-governance? Evidence from the fat, rich and naive business sector
H3 - there is only one mode, and it is secure
Threatwatch: MITB spotted: MITM over SSL from within the browser
Cost of an identity
Finally, someone gets done for Money Laundering....
An ordinary crime: stock manipulation
Feelings about Security
Random stats on instant messaging (IM/chat) ...
U.S. Dollar Drops Against Counterfeit U.S. Dollar
Insider fraud -- innocent client networking or excessive liposuction?
Crypto Revisionism -- Hypothesis #6 -- It's your Job. Do it.
The alternative to FC is unprintable - Ahmadinejad and capital markets
Why Linux doesn't care about governance...
Stakeholders in Security
EV - what was the reason, again?
EV - liability situation is SNAFU
Critiquing the Mozo (draft) principles
Nokia and Visa announce handset payment system
More on why Security isn't working -- it's in your Brain?
Tom Greco's blog
Pennies - RSA reveals attack kits? and Why Gift Cards,
The Year of the Platypus - 2007 predicted
Usable Security 2007 -- Preliminary Programme -- colocated with FC2007
Skype drops the payments bombshell
Now, *that's* how to do security...
Changing the Mantra -- RFC 4732 on rethinking DOS
ATS and the death of a thousand tiny cuts
CFP - Computer Security Foundations
CFP: 6W on the Economics of Information Security (WEIS 2007)
SWIFT breach - Big Brothers
Tracking Threats - how whistleblowers can avoid tracking by cell/mobile
SWIFT breach - SWIFT broke the law, the laws have changed, the ECB ducks responsibility
Audit Follies - Atlantic differences, branding UnTrust, thumbs on Sarbanes-Oxley, alternates...
How the Classical Scholars dropped security from the canon of Computer Science
The Last Link of Security
Mozilla moves on security
Threatwatch - the Feds are back, Israel finds it cuts both ways, Cybersecurity Enemy #1
SWIFT breach - Roundup - Good Morning Europe, BoE got out early, Simon Davies: "we won't be fooled again."
Threatwatch - sigint by Hezbollah, nyms by torture units, closed source weaponry
WESII - Programme - Economics of Securing the Information Infrastructure
The one secure mode; Thunderbird would meet Kerckhoffs' 6th; and how easy it is to make it secure...
Universal Music throws in the towel, price of music drops to $0.00
Naming the unnamable, "We have a problem, Houston," who blinks first? and who replaces President Bush?
Privacy v. LEO interests -- too simple an approach?
Slapdown - US Court rules against Bush wiretaps
Usable Security (USEC'07)
Sarbanes-Oxley is what you get when you don't do FC
Thank AOL for bringing us this example of datamining
SWIFT breach - leverage v. due process, Spy v. Spy, audit v. Ajax, three questions for SWIFT
IdentityWatch: Cloning the RFID, swimming the channel on the cheap, the Russian view, AML success rate, and the genesis of Id Theft?
FC'07 - call for papers
Case Study: Thunderbird's brittle security as proof of Iang's 3rd Hypothesis in secure design: there is only one mode, and it's secure.
More Brittle Security -- Agriculture
SWIFT breach - the 'squeeze', justice not being done, the Europeans wake up to "restaurant economics" a.k.a. industrial espionage
Threatwatch - "you again operate impulsively in the manner"
SWIFT breach - embarrassed Europeans, outrageous acting in Congress, the aggreated abuses, camelgate, and the institutionalised defrauding of American values
Threatwatch - 2-factor tokens attacked by phishers - another "must-have" security tool shown to be fighting the last war
Galileo (EuroGPS) cracked
SWIFT breach - canonically novel theories in law revealed
DDA cards may address the UK Chip&Pin woes
SWIFT breach - softly softly, catchee monkey?
on Leadership - tech teams and the RTFM factor
It's official! SSH whips HTTPS butt! (in small minor test of no import....)
Sealand - more pictures
on Leadership - roles around the May Pole
How many people are turned away by the FC certificate?
FC++3 - Concepts against Man-in-the-Browser Attacks
FC++3 - The Market for Silver Bullets
Sealand burnt out - aid sent by neigbour UK - security guard airlifted
Identity 7, watchlist error rate, $300 to get off the watchlist
The Fed knows - more evidence that the Fed is managing the washback
White Helicopter - Is eavesdropping a "Clear and Present Danger" - the definition of a validated threat?
Black Helicopter #2 (ThreatWatch) - It's official - Internet Eavesdropping is now a present danger!
Naked Payments IV - let's all go naked
USD shift in reserve currency status confirmed - call it 10% per year
Naked Payments I - New ISO standard for payments security - the Emperor's new clothes?
CryptoKids, education or propaganda, ECC, speed or agenda capture?
Courts as Franchises - the origins of private law as peer-to-peer government
ThreatWatch - the war on our own fears
Dodgy practices - and how to defend against them with Audits
Users do not need online banking
British Columbia Supreme Court rules that you should lie back and enjoy it
How much is all my email worth?
CFP - W. Economics of Securing the Information Infrastructure
Opera talks softly about user security
It is no longer acceptable to be complex
Spring is here - that means Pressed Flowers
Indistinguishable from random...
When they cross the line...
Markets in Imperfect Information - Lemons, Limes and Silver Bullets
Money costs: a dollar, a penny, a system, an experience
JIBC April 2006 - "Security Revisionism"
Reliable Connections Are Not
Petrol firm suspends chip-and-pin
Security Soap Opera - (Central) banks don't (want to) know, MS prefers Brand X, airlines selling your identity, first transaction trojan
Fido reads your mind
News and Views - Mozo, Elliptics, eBay + fraud, naïve use of TLS and/or tokens...
Unique Transaction Numbers in SWIFT
Numbers on British Fraud and Debt
Security Gymnastics - Risk-based from RSA, security model rebuilding from MS, and taking revocation to the next level?
Voting and more from the Red Queen
Separation of Roles - an example
Worldwide Internet boom to finish by 2009
Threatwatch - Voice Threat Models are Snafu - Situation Normal All F***ed Up
Why audits are so important
Threatwatch - pricing the password crack
ThreatWatch - Sony is your friend, Game Over?, Meccano costs, and it'll all be better in two years
4th April, 1984
Call for Nominations - 2006 PET AWARD
How does the dominatrix of the open source world encourage her clients to pay for their pain?
Digital Money 29th, 30th
Just another day in the office of Identity Control
NIST opens new DSA format for comments
"doing the CA statement shuffle" and other dances
Google strives for hard cold cash
News on payments: mobile/cell, Skype, Google
Identity on the move II - Microsoft's "Identity Metasystem" TM, R, Passport-redux
Identity on the move I - Stefan Brands on user-centric identity management
new cert for FC
Branded Experiments
More dots than you or I can understand (Internet Threat Level is Systemic)
Birch on Blogs, decimal points matter with houses, too, and Bill Gates predicted...
Todd Boyle: value of transactions versus security model
Brand matters (IE7, Skype, Vonage, Mozilla)
The Market Price of a Vulnerability
Picturing her location
Edgar Rice Burroughs on Complementary Currency
The last (US) telegram, another FV copycat, another signature snafu
A Nokia Without A Phone
The Price for Your Identity
Negotiation and the rule of three favours
US District Court uses digital signatures
G&SR / e-gold case in Washington DC court
DigSig News - Notaries apply for an old Franchise, Colorado does PK with BRNs, old anecdote
Szabo on the Contract v. the Note
The node is the threat: Mozilla, the CIA, Skype, Symantec, Sony, .... and finally a WIRE THREAT: Bush
How Many Transactions?
Bill Monk - LETS goes commercial
Remittances - the bane of the Anti-Money Laundering Authorities
Exploit Feeds - a public service or a commodity with a price?
Arbitration Arises on the net
easy call #1 - USG to maintain control of Internet
Open governance, bicycle helmets and certifying authorities
Non-profits and Fraud - case #1
Rights in the New Year
13 reasons why security is not a "Requirement"
Paymer Anatomy - anyone an issuer
GP4.3 - Growth and Fraud - Case #3 - Phishing
2006 - The Year of the Bull
Early History of SSL - guess who invented the colour bar?
Brickbats and Plaudits
A VPN for the common man!
Diamond governance
GP3 - Growth and Fraud - How to Book a Table
OpenPGP supports any Trust Model that you desire!
How much will it cost you to lose your customer's data?
Who v. Who - more on the dilemma of the classical attacker
Frank Hecker goes to the Mountain - mapping the structure of the Certificate Authority
Security is failing - more evidence from Sony
After 10 years, a new policy on adding CAs
Amazon starts a Task Market
anti-forensics - why do vapourware security tools sell so well?
Sony v. their customers - who's attacking who?
The Economist on the FATF - a net 'bad'
Breaking Payment Systems and other bog standard essentials
Microsoft scores in anti-phishing!
Security Professionals Advised to Button Lips
What happens when you don't do due diligence...
Penny Payment Systems
Roundup on News
Ben Laurie on Identity
The Mojo Nation Story
It's official - doing due diligence is a criminal offence!
Is technical trading a Schelling point?
Schelling points
Journal of Internet Banking and Commerce
On Digital Cash-like Payment Systems
Blaming the Banks won't work
The Tipping Point - How Good Companies Go Bad and Executives Become Rogues
Security Software faces rising barriers
Extra Financial Cryptographic Engineering
PayPal protected with Trustbar and Petnames
RSA keys - crunchable at 1024?
Spooks' corner: listening to typing, Spycatcher, and talking to Tolkachev
Open Source Insurance, Dumb Things, Shuttle Reliability
IP on IP
SSL v2 Must Die - Notice of Extinction to be issued
KPMG establishes the price of the get-out-of-jail card
The HR Malaise in Britain - 25% of CVs are fiction
How to Build a Secure Credit Card Authoriser - 5 mins biz plan
The Rise and Absorption of Paypal - a lesson for offshore
Microsoft to release 'Phishing Filter'
Application mirroring - In which I strike another blow against the System Programmer's Guild
Buying ID documents
Notes on security defences
Notes on today's market for threats
WoT in Pictures, p2p lending, mailtapping
Is Security Compatible with Commerciality?
A Small Experiment with Voting - Mana v. Medici
tracking tokens
The Phishing Borg - now absorbing IM, spam, viruses, lawyers, courts and you
The Favour Economy - Pressed Flowers get Laminated
Payment news - two classic story endings and a new start
How to do Hayekian Private Issuance
"Acceptable Risk" - a Euphemism for Selling Fraud?
Liability for Software - is the end of the Security Industry a bad thing or a good thing?
Fear-commerce, something called Virtualisation, and Identity Doublethink.
Mozilla drops Open in favour of Smoke Filled Rooms
Definitions, competition-by-regulation, and Justice-by-Press-Release
Ian Grigg - Triple Entry Accounting
Nick Szabo - Scarce Objects
Skype - a prince but still covered in warts
USA credit system is totally compromised, security-wise
Hype is free, Common Sense costs Pennies
Killing for Pennies, and is AOL, the "gateway drug", cause or cure?
Identity is an asset. Assets mean theft ... and Trade!
Save Thyself - Russia's WebMoney Payment System (translated)
A shortcut for bootstrapping trust
Software Licensing and the Know-how to Issue
Two Hot Whistleblowers
IFCA's Discussion Maillist for Financial Cryptography
Loss Expectancy in NPV calculations
America asks "Why us?"
The Crypto Wars are On/Off/On/Off...
To live in interesting times - open Identity systems
$850 million dollar email had Perfect Forward Secrecy
SSL for FC - not such good news
Penny-eating worms, and how crypto should be
Microsoft Rumours Lacking Strong Digital Signature
FUDWatch - VoIP success attracts the security parasites
Games, P2P and currency ...
Damaged Pennies
Lies, Uncertainty and Job Interviews
HCI/security - start with Kerckhoffs' 6 principles
New Machine for FC
First Impressions on reading Spence on Signaling
The Twilight Zone
A Penny at a Time
Going Binary, half a bit at a time
Penny Chat
Forbes - The Wages of Sin
Cubicle adds to Security Research on Skype
The Next Corporate Liability Wave?
Lopez v. BoA leads to rising bank FUD, if not clues
Odd things going on at ICANN
Advances in Financial Cryptography
Microsoft to use blinded sigs?
New Password Cracking Threat: Grid + your laptop
Security Signals - Schneier reviews Ciphire email system
Security Signals - Certifications for Experts
Euromail - Slate's Eric Weiner asks a question?
Mad March of Disclosures - the post-Choicepoint world
S/MIME - breaching the barrier to sign
Digitally-Signed Mail in e-Commerce - FC05 survey
VCs Suck, but you can still store your data on FreeBSD
Mozilla wobbles on the ball of security
For a few Pennies more...
Open Governance spotted over at ICANN?
Christopher Allen on the constance of Fear
Open Peer Review
Observations on the CA market - Verisign to sell out?
Digital Money Forum - London - this week
How to Break MD5 and Other Hash Functions
What users think about web security
Cryptographers have a Responsibility to Explain Results
For download: Draft manuscript on Electronic Money and Privacy
Tegam uses courts to signal bad security
PayPal plus eBay - it's FC, not banking
Airlines Aim for Expense Reduction in Payments (FC != banking)
FC exile finds home as Caribbean Brit
Short ones...
What is FC (iii) - Start from the Top.
Money Matters and the Modern Webcomic
Is SHA-1 Pareto-secure?
FC - top picks for papers
Bank of America to draw heat from ChoicePoint
Software by the Bootcamp method
Microsoft's negative rep leads to startling new security strategy
IEEE's Economics of Information Security
Choicepoint - "largest database on earth can't say what happened"
Choicepoint - full blown scandal?
New-look passports - The Economist stands before the Identity Juggernaut
Collision Search Attacks on SHA1 - the Shandong note
Plans for Scams
Disclosure - "no stupid embargos" says Linus
The Weakest Link
Smartphone attacks - a timeline
Skype challenges Open Source Security
Passport/Liberty leads to convergance with privacy community
US approves National Identity Card
Social re-engineering
First case of a digital signature repudiation?
1st case against bank for online banking fraud?
Mozilla nears formal policy on new CAs
Musing on the CA debate: ICANN, NTK, Firefox and the devaluation of Trust (tm)!
VeriSign and Conflicts of Interest
Cyota reports "almost 5% have been hooked in phishing"
How Ideas Evolve as a Shared Resource
RFID attacked - to impact Passport Debate
CostaGold case Settles - Leaving Ugly Dilemma for Open Governance Issuers
The Authur Andersen Factor - Riggs Bank
Towards an Economic Analysis of Disclosure
Unintended Consequences and the Case of the $100 Superbill
DIMACS Workshop on Information Markets
The market punishes bad news, not bad not-news
Do security breaches drop the share value?
FC05 Registration Deadline
BlogShares - fantasy trading in blogs and ideas
Eudora overcomes stupidity to tackle phishing
Electronic Contracting (WEC '05)
Internet 'Phishing' Scams Getting More Devious
Online or Invisible - the case for open publication
T-mobile cracker also hacks Proportionality with Embarrassment
Identity Theft: Why Hollywood has to take one for the team.
Skype analysed - Jedi Knights of the Crypto Rebellion, Score 1
The Case Of The Bandwidth Burglar
Accountants list the tech problems, Security and Sarbanes-Oxley take pole positions
Frank Abagnale at CSI - Know me if you can
Chip&Pin liability shifts from UK bank to retailer
Journal of Internet Banking and Commerce
Happy New Year
Netcraft breaks ranks and points the crooked black claw of doom at the SSL security model
2004 Financial Report of the United States Government - How Big?
The Guru Code - a great technique for something that never happens!
FC'05 programme - announced
STORK - strategic roadmap for crypto - New Trends in Cryptology
New job quiz: what's this post mean then?
User education: worse than useless
Nyms sighted in authentication software
Security Coding Best Practices - Java adds yet another little check, and boom...
Mexico flirts with the silver unit - a good base for digital issuance
Email is dying ... Stats from Postini
2006, and beyond...
Engineering for Failure
2005 - The Year of the Snail
2004 - The Year of the Phish
SDP1 - Secure Datagram Protocol #1
DIY fingerprint idea thwarts ID thieves
eBay's Spanish rebellion - have they hit the transactional Brick Wall?
Mini Research Project: Sarbanes Oxley 404 Horror Stories
NY Fed hit by inside saboteur?
Kids' Secret Cells - defeating security by learning
Surprise and Shock! Identity smart cards that work on a national level!
Opportunistic Cryptography is now Acceptable
e-gold to track Cisco extortioner
Using Payment Systems to avoid tax
Halloween and The Candy Economy
Nokia to trial integrated phone/RFID payment system
Security Signalling - sucking on the lemon
Neal Stephenson on Money
Phishing - companies are mostly powerless
The Arab Cryptanalysts
SANS - top 20 solutions confirms no solution for phishing yet!
The Uses of Corruption
offshore recovery - now with "local jurisdiction"
Amit Yoran - cybersecurity czar - resigns!
Identity theft - buy a Mac, download Firefox
Microsoft's dilemma - they finally changed the mantra!
The DDOS dilemma - change the mantra
WebTrust: "It's about not causing popups..."
To Kill an Avatar
CPUs are now a duopoly market
Paypal fines arbitrageurs
CPUs going dual core
DNS spoofing - spoke too soon?
Sarbanes-Oxley - what the insiders already know
Phishing Kits
Privatising Cash
Paranoia Goes Better With Coke
SHA0 is cracked
How much to crack a PIN code entry device?
Cellphones on aircraft
Kerckhoffs' 6 principles from 1883
Professional email snooping
e-gold stomps on phishing?
Geeks take Sarbanes-Oxley to task?
Big Brother Awards
Eavesdropping III - do customers get badly hurt?
In Search of Eve - the upper boundary on Mallory
Ordinary Threats
Trust and Trustees
New Attack on Secure Browsing
Conducting blackmail with private payment systems - Daft!
Jabber does Simple Crypto - Yoo Hoo!
The Ricardian Contract
Putting the chat back into IM
Electronic Money is Traceable Money
Question on the state of the security industry
Peppercoin - credit card facilitations
The Legacy of ASCII
P2P's Tragedy of the Commons
Forging the Euro
Independent Chairmen
Phishing II - Front Page News
Phishing I - Penny Black leads to Billion Dollar Loss
Semblance of order amid the chaos
FBI asks US Congress to repeal laws of physics
U.S. banks fail to attract immigrant remittance business
Not news - AV producers slip as Microsoft "competes"
Big and Brotherly
Compliance Persons Of The Year
New public DRM technique from the Central Banks
Trust Cannot be Outsourced
Turing Lecture by Adi Shamir
Identity Theft - the American Disease
The Myth of Systemic Risk
Paypal moves further away from money
Mutual Funds - Timestamping
Mutual Funds - the Softball Option
EU seeks quantum cryptography response to Echelon
SSL secure browsing - attack tree Mindmap
Open Governance Mindmap
Secret Ballot Receipts and Transparent Integrity
"How is a capability different to an object?"
Cost of Phishing - Case in Texas
Definition of Capabilities
QC - another hype cycle
Rates I - US moves to raise rates
DPA patents
Comdot from Beepcard
LD2 - Liberty Bimetallism
Spammers have stats?
AES now rated to "Top Secret"
"The Ricardian Contract"
Security Modelling
The Future of Phishing
Media shift - Cellphones go soapie
The Dollar on the Move
CA policy news
Reinventing Contract
Online Gambling Payments - Looking for a Home?
Terror network was tracked by cellphone chips
Standardising accounts
NeuClear - new wiki site
Fannie Mae no longer backed by the G-Man?
How Predictive are Idea Markets?
PayPal Probed for Anti-Fraud Efforts
PayPal Probed for Anti-Fraud Efforts
G30 - Accounting not to blame?
Anti-Phishing WG
Phishing - and now the "solutions providers"
RFIDs in US notes?
Browser Threat Model
SSLBar + Fingerprints = GoogleCA
BSD - the world's safest OS
Are debit cards safe?
OPEC Has Already Turned to the Euro
GoldMoney hits the Tonne
CAcert debate leads rethink for SSL certs
FC 2004
Where the money is - Europe
CodeCon 2004
Measuring Fraud in DGCs
Cheap Hardware Tokens
A (US) Law Dictionary
Adobe Helped Gov't Fight Counterfeiting
The Web's New Currency
The Fraud of Insider-Trading Law
1st ever eMoney Licence?
The Payments System in Transition
[Enhyper Knowledgebase] News for 30-Dec-2003
Repudiating non-repudiation
Six Degrees of Kevin Bacon
Microfinance Impact Assessments
NeuClear in the 7 Layer model of Financial Cryptography
FC04 - accepted papers
Keeping Secrets - Crypto gets a Demand-side Boost
RFIDs enter the payments field
Fighting the worms of mass destruction
What is Pseudonymity?
Governance or Regulation - You Pick?
ARMISTICE: Real-time Distributed Risk Management
The First IEEE International Workshop on Electronic Contracting (WEC)
Scaling up Micro Financial Services: An Overview of Challenges and Opportunities
High Frequency Data - an Essential Resource
The Good, The Bad, and the Ugly
Infinite Bandwidth
War Against the Dollar, the Pillar of United States Power
Economists explore betting markets as prediction tools
Making microfinance work in the Middle East and Africa
Using SMS Challenge/Response to Secure Web Sites
The Origin of Money and its Value
Peppercoin lacks spice
The Contract is the Keystone of Issuance
The Insecurity of FC
FC Blogged