11-02-96. "Transaction Records Urged for Smart Cards" Electronic money systems must generate transaction records to help law enforcement agencies track money launderers, a senior Justice Department official said last week. "In a paper environment ... we can get bank records, we can get credit card records. Our goal is only to preserve this ability." "Internet insecurity " Jeff Schiller: The Web has a lot of potential vulnerabilities. There's plenty I know about that I don't want to talk about. People who know about the vulnerabilities are reluctant to talk about them because if we disclose what we know to the public, the bad guys will take advantage. And if we address them with the vendor community, they don't do anything about them. There's a lot of hooey out there. Never trust the advice of someone selling you a product, especially if the sales pitch is, "My product makes your problem go away." "RSA offers kit for secure credit-card transactions" RSA Data Security, Inc. will announce today a tool kit for developing secure applications that support credit-card transactions on the Internet called S/Pay in support of SET. "Medcom introduces a "Super Cafe" data encryption product" Medcom's latest data encryption product, the Secure Socket Relay (SSR), features strong encryption with full key length (56-bits DES). A demo version can be downloaded at http://www.medcom.se/. "On Technology's Security White Paper" "Taking The Threat Out Of Network Security," will stimulate the industry into discussing some of the issues of security that face the Internet industry and its users. Copies of the paper are available on request from On Technology. The company's Web site is at http://www.ontech.co.uk . ----- http://jya.com/urgent.txt (21 kb) URG_ent ---------- In another story on gov-spooked insecurity: NEC announced that it successfully demonstrated country-to- country virtual private networking (VPN). During the tests, privacy and security was maintained between the two sites by deploying DES and triple-DES encryption. Since DES encryption technology cannot be exported from the United States, a Japanese version of DES, developed outside the U.S., was used.