Joseph Ashwood wrote:

Well, I don't think that's normally a very safe assumption -- particularly
when Sebastian Gottschalk specifically alleged that Microsoft's patch
made the sample exploit stop working but didn't fix the real underlying
vulnerability.

Ok, I'm not familiar with this vulnerability, so I can't comment.
It sounds like you are, so I believe you.

"David Wagner" taverner.cs.berkeley.edu> wrote in message
news:ejo6kn$2di5$1@agate.berkeley.edu...

[On signed ActiveX vulnerability]

Darren Mitton
Name: Darren Mitton
Nickname: blackwingbear
Location: Georgia
Title: Reverend

Subject changed: Saints Of Shit

Get your bible-thumping ass out of our Usenet group, you filthy Xtian

Hello

I need diffie Hellamn and Blowfish code in C or C++. If anyone
has please send it to me. I really need it and I have no idea how to
implement it

Regards
Muhammad Naeem
fahnaim@gmail.com

Joseph Ashwood wrote:

Huh? I don't follow you. That statement doesn't make any sense to me.

It's very common in the security world to have a vulnerability that can be
exploited in many different ways. After someone reports a vulnerability
and provides a sample exploit, it's not unheard of for a software company
to come up with a half-assed fix that stops that one sample exploit but
fails to close the underlying vulnerability.

It's the difference between a doctor who treats the symptoms vs cures the
underlying disease. If you want to be effective at securing systems,
you have to be able to recognize the difference. Unfortunately, it's
not always easy to distinguish the two -- particularly when companies
are reluctant to release technical details about vulnerabilities, and
try to discourage researchers who do release full technical details.
As a result of this reluctance to talk openly about security issues, it's
often difficult to find the real facts and get to the bottom of things.

Bottom line: Just because one particular exploit no longer works does
NOT mean that the underlying vulnerability no longer exists.

"Sebastian Gottschalk" wrote in message
news:4s99pdFu9bsjU1@mid.dfncis.de...

Hello all,

I've been searching the internet far and wide for programs geared towards breaking
and/or key finding of classic ciphers; substitution, transposition, Vigenere, etc. So
far not much luck. Have tried Evercrack, but it always manages to crash my windows
box (xp). SCB Solver from 'Secret Code Breaker' website is ok, but not much good for
anything other than a simple monoalpha shift cipher. I'd be most appreciate if
someone could point me in the right direction or let me know where I might find such
programs. Thanks!

Mike

Phil Carmody wrote:

Yeah, that sentence from TC jumped out at me, too.
The qualifier "desktop" really sticks out. Is that a
back-handed compliment?

"Sebastian Gottschalk" wrote in message
news:4s8b0tFu861jU1@mid.dfncis.de...

Leopard15/L15 CSPRNG

I would like to remind the cryptography community of the existance
of the L15 CSPRNG (based on ARC4).

This CSPRNG remains unbroken (see the challenge on www.leopard.uk.com)
and no short cycles have been discovered. Is it possible that L15 is
the perfect CSPRNG ? Or almost perfect ?

Peer review, analysis of cycle length and attempts to break the
generator are always welcome:

http://www.leopard.uk.com

I would expand the challenge prize to something more worthwhile but
unfortunately I am not a rich person at the moment (the music CD
is very good :)

Sincerely,

Robin Carey.