Internal walls...
Why not allow posters on internal walls only?
Posts by Jonathan
4 publicly visible posts • joined 6 Aug 2007
Bikini-clad pin-ups cover old school jailbreak
Technical problems mar Barclays' PINSentry roll-out
Monday 17th December 2007 11:37 GMT 
Hassle? Security?
Don't want to carry the reader between home and work? Just get two of them. Since it's a standards-based devices, the idea is that they'll eventually be commonplace, and you'll just have to carry your cards (which you carry anyway). You'll still have to take it when you travel, though.
SMS can be a good solution, but it doesn't work everywhere, doesn't work all the time, and doesn't work for everyone.
Using the reader for log-in is excellent, but leave the door open to advanced Trojan/man-in-the-middle attacks. But they've thought of that--it can also be used to authenticate specific payment details. In this mode, it offers extremely high security. Pre-printed password lists can't adapt in this way.
Finally, note that you don't need a PC to use the reader. In future, expect to see it used for mail-order and telephone-order shopping, and e-commerce applications. According to APACS figures, that's where the bulk of the fraud is.
Windows random number generator is so not random
Thursday 15th November 2007 09:42 GMT
A few points...
A few points:
- Yes, computers might be deterministic, finite state machines. But that doesn't mean cryptographically-secure sequences can't be generated algorithmically. In any case, the problem here is the sourcing and refreshing of the entropy, not the algorithm (although implementation in user-mode was perhaps a poor choice).
- Banks are generally very good at key management. Not all keys reside in a single place--for some applications, they need to be shared between systems, or backed up. Using XOR key shares with independent key custodians is best practice, and secures the entire credit card industry (including your PIN) for a start. Remember--it's manual procedures that establish trust and security, all this technical stuff just helps to preserve it afterwards.
- However, any bank resorting to coin tossing should be shot. Banks (and other serious users) use Hardware Security Modules, from vendors such as nCipher, Thales, Atalla (HP), Safenet and IBM. These provide hardware entropy sources, and also secure keys safely away from server memory.
- Intel chipsets have indeed included thermal-noise RNGs for years. Poor that Windows chooses not to take advantage.
False positives run amok in Vista anti-virus tests
Monday 6th August 2007 15:48 GMT
Vista and NOD32
Firstly, NOD32 is fantastic. I've used it for years. It's unobtrusive, small, uses far far fewer CPU cycles than anything else and what's more, it really, really works.
As for Vista--I remember exactly the same arguments when XP came out. To be fair, there have been far fewer compatibility issues this time around. And as with XP, you'll all be running Vista in the end...
Biting the hand that feeds IT
