 |
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 04/10/14 12:35, Orchid Win7 v1 wrote:
> "Where issues of national security are concerned, the ciphers used are
> all government-approved, which means messages can be accessed if they
> need to be by the security services."
>
> Er, no, that is NOT what that actually means, no.
>
> OK, whoever wrote this piece doesn't seem to understand what they're
> talking about. I'm going to stop reading now.
Whilst I agree with your assessment of the original article, what I was
actually wanting comments on was the actual application. Clipka and
LeForgeron have hit the nail on the head.
John
--
Protect the Earth
It was not given to you by your parents
You hold it in trust for your children
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
What kind of newspaper is the standard?
Do they publish 'news-articles' that are paid for by a company?
This piece hardly sounds like journalism to me.
On 4-10-2014 1:57, Doctor John wrote:
> I've been using gpg for some years now. It works.
>
> Now Scentrics come up with,what they say is a more secure new method to
> prevent MITM attacks:
>
>
http://www.standard.co.uk/business/business-news/new-cybersecurity-breakthrough-by-london-tech-firm-scentrics-9772661.html
>
> Patent application here:
>
> http://www.faqs.org/patents/app/20140082348
>
> Comments?
>
> John (not convinced)
>
--
Everytime the IT department forbids something that a researcher deems
necessary for her work there will be another hole in the firewall.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 05/10/2014 10:46, andrel wrote:
> What kind of newspaper is the standard?
It depends on which side of the political divide you stand.
For instance. I would not read it with someone else's eyes. :-)
But then, that is only my opinion.
--
Regards
Stephen
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 05/10/14 10:46, andrel wrote:
> What kind of newspaper is the standard?
> Do they publish 'news-articles' that are paid for by a company?
> This piece hardly sounds like journalism to me.
>
The 'Stanny' is a freesheet owned by Russian exile Evgeny Lebedev; you
are right to be wary of its reporting.
It likes to portray itself as a campaigning journal (eg cycle safety,
education of the 'under classes' etc etc) but it also seems to have an
ulterior motive. That is why I flagged this article,
John
--
Protect the Earth
It was not given to you by your parents
You hold it in trust for your children
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 5-10-2014 15:32, Doctor John wrote:
> On 05/10/14 10:46, andrel wrote:
>> What kind of newspaper is the standard?
>> Do they publish 'news-articles' that are paid for by a company?
>> This piece hardly sounds like journalism to me.
>>
>
> The 'Stanny' is a freesheet
So it is quite likely the company paid for this 'news-article'.
> owned by Russian exile Evgeny Lebedev; you
> are right to be wary of its reporting.
> It likes to portray itself as a campaigning journal (eg cycle safety,
> education of the 'under classes' etc etc) but it also seems to have an
> ulterior motive. That is why I flagged this article,
When I read something like "Scentrics is attracting enormous interest
from giant tech companies in the US and Japan." then I ask myself
- what is enormous and what giant tech companies are they?
- was this copy/pasted from a press release by the company?
- why is this 'journalist' trying to increase the value of this company?
- is this company attracting new funding ATM?
- and now also, has the owner of the newspaper financial interests in
this company? (although it should have been my first question, I am
still not paranoid enough)
or "It’s a British success story, even if it’s destined to head
overseas. Oh, to be one of those who put their money in, or who worked
on it." Journalist much?
Where the irony is that there are indeed security issues on the
internet, and that they have to be solved by European companies. But, as
Andy also pointed out, the fact that they are working together with
American companies proves that this is not a correct solution. (Because
under US law secure internet is illegal.)
There are two simple rules for an application that allows secure storage
and transmission of data
1) no US company is involved
2) you can not make money with it (because as a company you don't have
access to the data and because you lost the US market)
--
Everytime the IT department forbids something that a researcher deems
necessary for her work there will be another hole in the firewall.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 06/10/14 11:28, andrel wrote:
> On 5-10-2014 15:32, Doctor John wrote:
>>
>> The 'Stanny' is a freesheet
>
> So it is quite likely the company paid for this 'news-article'.
>
See accounts extract below. I doubt that they could afford to pay.
>
> When I read something like "Scentrics is attracting enormous interest
> from giant tech companies in the US and Japan." then I ask myself
> - what is enormous and what giant tech companies are they?
> - was this copy/pasted from a press release by the company?
> - why is this 'journalist' trying to increase the value of this company?
> - is this company attracting new funding ATM?
> - and now also, has the owner of the newspaper financial interests in
> this company? (although it should have been my first question, I am
> still not paranoid enough)
>
They certainly need funding. Some extracts from their latest accounts:
Cash £18,665
Assets £362,028
Liabilities £747,302
> There are two simple rules for an application that allows secure storage
> and transmission of data
> 1) no US company is involved
> 2) you can not make money with it (because as a company you don't have
> access to the data and because you lost the US market)
>
I'm with you there :-)
John
--
Protect the Earth
It was not given to you by your parents
You hold it in trust for your children
Post a reply to this message
|
|
| |
| |
|
|
From: Francois Labreque
Subject: Re: I may be wrong about p2p security but ...
Date: 6 Oct 2014 07:48:40
Message: <54328198$1@news.povray.org>
|
|
|
| |
| |
|
|
Le 2014-10-03 19:57, Doctor John a écrit :
> I've been using gpg for some years now. It works.
>
> Now Scentrics come up with,what they say is a more secure new method to
> prevent MITM attacks:
>
It's actually the opposite. Their patent is to specifially allow MITM
attacks (from Law Enforcement).
From the patent application:
BACKGROUND OF THE INVENTION
[0002] 1. Technical Field
[0003] This invention relates to a system and method for allowing an
authorized third party to access encrypted electronic messages sent to
or from a mobile device.
[0004] 2. Background Information
[0005] Portable devices for sending and receiving messages, e.g. by
email, are very popular. The Blackberry® range of devices, produced by
the company Research In Motion, is one example.
[0006] Typically, when an email addressed to the user of such a portable
device is received at a suitably-configured mail server, such as a mail
server inside a corporate firewall at the user's place of employment,
the email is encrypted and then forwarded over the wired Internet to a
network operation center (NOC) operated by the email service provider.
The NOC is in contact with the user's mobile device, and pushes the
email to the device via a wireless telecoms network local to the user.
The message is decrypted at the mobile device and displayed to the user.
[0007] When the user sends an email from the mobile device, it travels
to the NOC and then on to the relevant mail server, which delivers it to
the intended recipient.
[0008] Usually the messages are cryptographically encrypted at least
while in transit between the NOC and the mobile device, thereby
preventing any third party from being able to access the message content
by intercepting or eavesdropping on the communication. In this way the
privacy of the sender and recipient of the message can be protected. In
a corporate setting, encryption is usually established between the
corporate mail server and the mobile device.
[0009] However, there are circumstances in which it is desirable for an
authorized third party, other than the sender, the recipient or the
messaging service provider, to be able to decrypt the message. For
example, a national law-enforcement or security body may, on occasion,
wish to access messages in order to carry out its duties effectively;
e.g. to intercept messages being sent or received by a known or
suspected criminal in the country.
[0010] Such interception is not possible when the messages are sent or
received strongly encrypted between a portable device, and an NOC or
mail server which is located outside the jurisdiction of the relevant
authority.
[0011] Although governments may request messaging service providers to
provide access to encryption keys or decrypted messages, the service
providers are typically either reluctant or unable to do so. For
example, where end-to-end encryption is used between a corporate mail
server and a portable device, a messaging service provider may not
itself have access to the necessary decryption keys for accessing a
decrypted message.
[0012] The present invention seeks to provide a mechanism that addresses
these difficulties.
--
/*Francois Labreque*/#local a=x+y;#local b=x+a;#local c=a+b;#macro P(F//
/* flabreque */L)polygon{5,F,F+z,L+z,L,F pigment{rgb 9}}#end union
/* @ */{P(0,a)P(a,b)P(b,c)P(2*a,2*b)P(2*b,b+c)P(b+c,<2,3>)
/* gmail.com */}camera{orthographic location<6,1.25,-6>look_at a }
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Am 06.10.2014 13:48, schrieb Francois Labreque:
> Le 2014-10-03 19:57, Doctor John a écrit :
>> I've been using gpg for some years now. It works.
>>
>> Now Scentrics come up with,what they say is a more secure new method to
>> prevent MITM attacks:
>>
>
> It's actually the opposite. Their patent is to specifially allow MITM
> attacks (from Law Enforcement).
For a bit of nitpicking, from the quoted portion of the patent
application it's not clear whether it is actually a MITM attack or just
plain eavesdropping with a backdoor to the cryptographic stuff.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>> Now Scentrics come up with,what they say is a more secure new method to
>> prevent MITM attacks:
>
> It's actually the opposite. Their patent is to specifially allow MITM
> attacks (from Law Enforcement).
0wn3d.
Post a reply to this message
|
|
| |
| |
|
|
From: Francois Labreque
Subject: Re: I may be wrong about p2p security but ...
Date: 7 Oct 2014 08:51:16
Message: <5433e1c4@news.povray.org>
|
|
|
| |
| |
|
|
Le 2014-10-06 09:53, clipka a écrit :
> Am 06.10.2014 13:48, schrieb Francois Labreque:
>> Le 2014-10-03 19:57, Doctor John a écrit :
>>> I've been using gpg for some years now. It works.
>>>
>>> Now Scentrics come up with,what they say is a more secure new method to
>>> prevent MITM attacks:
>>>
>>
>> It's actually the opposite. Their patent is to specifially allow MITM
>> attacks (from Law Enforcement).
>
> For a bit of nitpicking, from the quoted portion of the patent
> application it's not clear whether it is actually a MITM attack or just
> plain eavesdropping with a backdoor to the cryptographic stuff.
>
You're right, it's not really a MITM attack, but the end result is the
same.
--
/*Francois Labreque*/#local a=x+y;#local b=x+a;#local c=a+b;#macro P(F//
/* flabreque */L)polygon{5,F,F+z,L+z,L,F pigment{rgb 9}}#end union
/* @ */{P(0,a)P(a,b)P(b,c)P(2*a,2*b)P(2*b,b+c)P(b+c,<2,3>)
/* gmail.com */}camera{orthographic location<6,1.25,-6>look_at a }
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
|
|
