It has taken a few days, but the IPsec vulnerability story has found ts way to the mainstream news sites, including:
The Register UK.gov warns over VPN crypto flaw
ZDNet UK Government warns of IPsec VPN flaw
Slashdot Flaw Found in VPN Crypto Security
Some observers quite correctly note that it has been known for a long […]
UK’s National Infrastructure Security Co-ordination Centre (NISCC, pronounced “nicey”) has just published a vulerability advisory concerning IPsec, a set of protocols commonly used in the deployment of Virtual Private Networks (VPNs). IPsec, when used under certain configurations, are vulnerable to a number of attacks where an attacker can recover the plaintext corresponding to encrypted […]
Chip and PIN, recently deployed in the UK, is a smartcard-based user authentication system for credit and debit card payments. It is supposed to enhance security based on the assumption that computer checked Personal Identification Numbers (PINs) are much harder to forge than hand-written signatures (which are hardly ever any closer examined than a […]
FSE 2005 was hosted at ENSTA, Paris, and I presented a paper that I co-authored. The workshop was well attended by people from the youthful to the veteran, the relatively anonymous to the A-listers, and the colourful to the shady (allegedly). The recent SHA-1 “break” was gossip du jour especially after the copious amounts of […]
