Schneier on Security
A blog covering security and security technology.
« This Week's Terrorism Arrests |
| Schneier and Ranum on Face-Off Video »
May 22, 2009
The Doghouse: Net1
They have technology:
The FTS Patent has been acclaimed by leading cryptographic authorities around the world as the most innovative and secure protocol ever invented to manage offline and online smart card related transactions. Please see the independent report by Bruce Schneider [sic] in his book entitled Applied Cryptography, 2nd Edition published in the late 1990s.
I have no idea what this is referring to.
EDITED TO ADD (5/20): Someone, probably from the company, said in comments that this is referring to the UEPS protocol, discussed on page 589. I still don't like the hyperbole and the implied endorsement in the quote.
Posted on May 22, 2009 at 11:29 AM
• 31 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
They deliberately misspelled your name so you can't sue for Libel? :)
Can't you just sue them or hand them a c&d?
From the disclaimer on their site: "Net 1 UEPS Technologies Inc. and its direct and indirect subsidiaries (“Net 1”) make no representations or warranties as to the completeness or accuracy of the information contained in this website or referred to in this website"
Is it wrong to want to blackhole their DNS?
So, you want to buy cyphertech from a company that 'make(s) no representations or warranties as to the completeness or accuracy of the information
"Secure biometric fingerprint identification"
We have all seen in this blog just how secure that is.
The disclaimer is for purchasers. Bruce still has a cause of action, because they're saying he endorsed something he didn't.
Anyway, would you trust a site that didn't have the actual year that the key report on its technologies? "Late 1990s", indeed.
@Harry: "Anyway, would you trust a site that didn't have the actual year that the key report on its technologies? "Late 1990s", indeed."
Not to mention, calling 1996 "late 90s" is a stretch. In any case, I wouldn't likely buy any cryptographic product where the best endorsement is over a decade old.
Bruce, I really think you should write to them and tell them to stop using your name in what is clearly a fraudulent manner. I'm sure it's a scam of some sort, and if you give them the slightest feeling that they are found out, they might just give it up and move on to the next scam.
"The disclaimer is for purchasers. Bruce still has a cause of action, because they're saying he endorsed something he didn't."
The statement actually does not say that he endorses it at all, but by making a statement in a prior sentence about "leading cryptographic authorities" and then referring to Bruce's work in the same paragraph, they're surely taking advantage of the fact that most people will conflate the statements and read them as an endorsement.
Bruce does not strike me as the type to sue, but I'd send a cease and desist letter if it were my name being traded upon, especially if they can't spell it right and are making ludicrous claims with it. What twits.
Isn't FTS what they're calling AUTOVON nowadays? I believe it stands for Federal Telecommunications System (although that isn't what my husband and I facetiously call it...)
>> Isn't FTS what they're calling AUTOVON nowadays?
>> I believe it stands for Federal Telecommunications System
From the 'About Us' page:
Net1 have developed the UEPS (Universal Electronic Payment System) that makes use of our patented FTS (Funds Transfer System) methodology to provide a fully integrated payment, switching and settlement system suitable for multiple applications and services, meeting the requirements of the un-banked and under-banked populations.
According to their website, they've achieved success in Botswana, Ghana, *and* Namibia. I suspect the they're also looking for help getting $20,000,000 in royal treasury notes from the late King Kwahnnda out of the country.
"Bruce does not strike me as the type to sue, but I'd send a cease and desist letter if it were my name being traded upon, especially if they can't spell it right and are making ludicrous claims with it. What twits."
I am having trouble caring enough to write the letter.
It sounds like you might be able to convince a reader to draft one for you.
These guys are in South Africa. I would guess they just hacked together some kind of system to link fingerprints to credit accounts. They may be correct that some algorithm approved by Bruce is used in their system, though they say so misleadingly.
I don't think Bruce wants to fly to South Africa to sue some dumb startup over use of his name.
Oh noes DES! From their site: "The protocols include cryptographic algorithms from the Data Encryption Standard (DES) to the more modern Elliptic Curve system. This methodology distinguishes the UEPS technology from all its competitors."
Also according to Edgar their 3rd qtr income declined by 15%, Bruce need not worry they won't remain in business for much longer, http://www.sec.gov/Archives/edgar/data/1041514/...
Oh, maybe they're referring to Bruce Schneier's Ph.D. thesis?
No wait, sorry, Schneier doesn't have a Ph.D. degree.
"No wait, sorry, Schneier doesn't have a Ph.D. degree."
A little history for you, nearly every famous scientist or doctor (medical) that anybody can name did not have a Ph.D either.
In mainland Europe the terms Doctor or Proffessor where given as job titles to those working in the proffesion of teaching.
Even though I do not have a Ph.D I have been refered to via these terms at appropriate times.
The Ph.D was popularised as an American lable to show that people had "time served" in research. Therefor as will be pointed out to you unlike a BA, BPhil or BSc, MA, MPhil or MSc a Ph.D. is not an accademic qualification but a research qualification.
There are also Doctor of Divinity (DD) which caries the title of Reverand, which I am told that some Americans obtained for taxation reasons.
Infact in some parts of the world you get given the title of "doctor" after X number of years in a research environment irrespective of if you have a BA/Sc or MA/Sc degree.
Most Universities also issue "honoury" Ph.Ds to those who have provably time served in industry.
I have little doubt upon his current accademic standing or industry standing that quite a few Universities would be happy to offer Bruce a Ph.D. If appropriate independant representations where made to their awards commities (and assuming Bruce would want to accept it, some people don't).
Also if you talk to the University awards office that issues the Ph.D. You will find the title "Doctor" comes with a few constraints as to when and where you can use it. Primarily this is to protect the award holder from charges of misrepresentation but also to protect the institution as well.
I am reasonably certain that there are quite a few well respected people who would aproach a University awards commity for a Ph.D. For Bruce, lets face it there can be little doubt he more than has the proven standing. Which brings us around to the much more thorny question of "is there an appropriate Ph.D. For Bruce"...
At least they have fixed the typo now...
I believe the name they were looking for was "Ross Anderson", not "Bruce Schneier".
Anderson, "UEPS - A Second Generation Electronic Wallet" 1992 (http://portal.acm.org/citation.cfm?id=699024)
Also Anderson, "The Formal Verication of a Payment System" (http://www.cl.cam.ac.uk/~rja14/Papers/uepsbook.pdf)
... then again the copy of Applied Crypto 2nd Ed sitting on my desk has section 24.15 Universal Electronic Payment System (UEPS) on page 589.
@Clive Robinson: don't feed the troll ...
this d*****t has been trolling around this page quite a few times, always saying the same stupid things (thereby showing he hasn't and shouldn't have any Degree whatsoever, if I may express my opinion).
Ignore the trolls, and hope there may come a day when Spamfilters could do their part on stuff like this.
André, better to feed a troll with an attempt at polite conversation than with insults. Much less satisfying to the troll, too.
Asdf, I've been ignoring your occasional reminders that "Bruce Schneier does not have a Ph.D. degree" for over a year and a half now. But that's three times this month, and it's become disruptive. You also ignored a polite request to explain just why this idée fixe of yours is so important, over on the "Interview With Me" thread. If you want to comment on this blog again, stop derailing multiple threads, and start engaging in actual conversation instead of repeating the same thing over and over. If you can't manage that much, the half-life of your comments is about to become much shorter.
I guess the problem is too few characters in the Acryonym name space.
the Freedictionary lists 66 breakouts for FTS....and If I see another IT system acronym ending in nnnIS I'll nut.
AUTOVON is now the Defense Switched Network (DSN). FTS and it's sucessor FTS2000/1 contracts are being superseded by NetWorx.
Honestly it's so hard to keep up.
I'm confused. I have always viewed "Applied Cryptography" (second edition) by Bruce Schneier as "....the best introduction to cryptography I've ever seen.....The book the National Security Agency wanted never to be published...." (with full credit to Wired magazine). On page 589 of this fine publication, chapter 24.15 under the heading "Universal Electronic Payment System (UEPS)" the following statements, inter alia, appear:
"A really clever thing about this protocol is that the encryption key for each message depends on the previous message......I am impressed with this idea and expect that it will see wider use once it becomes widely known"; and
"The message exchange is an excellent example of a robust protocol...."
Could this be construed as an endorsement? I posit "yes".....
By the way, an analysis of these hacks' financial filings with the SEC (yes, they are fully reporting!!) also reveals a pretty impressive track record - more than four million smart cards issued in South Africa alone, sequential earnings growth for more than ten years (you have to analyze their results in the functional currency (Rands) if you want to pass judgement on profitability and growth rates); UEPS is the national payment system in Ghana (which is an entire country in Africa) and they seem to be doing fine managing their (ever growing) cash pile of $200+ million (US dollars, not Zimbabwe dollars!) earned from actual trading activities, without asking for King Kwahnnda's assistance. With this evidence, your honour, I plead for the release of Net1 from the doghouse? More importantly, can I still believe everything I've read in Applied Cryptography (second edition) by Bruce Schneier?
"A really clever thing about this protocol is that the encryption key for each message depends on the previous message......I am impressed with this idea and expect that it will see wider use once it becomes widely known"; etc
Over a decade later, yes, this kind of block chaining is well known and seeing wide use, if I'm not mistaken.
Confuse-cious - It's not about about believing it. It's about understanding it
@Moderator and all
I am really sorry for letting my temper guide my writing in that post. But I have seen various strategies tried against trolls - and none really worked so far. And polite discussions can be very unnerving if you try them on a "skilled" troll, though of course insults don't help neither.
My point is: the only way I see in relation to this type of comments is to regard them as yet another kind of spam and ignore them.
Having said that, I promise, that this will (hopefully) be my last off-topic post on this blog. :-)
Everyone go on now!
Of course you have no idea what they are talking about - they're referencing Mr. Schneider's book. You could, however, go after that guy for writing a book by the same name as one you wrote. :)
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.