[SecurityRatty] tag: smartcard

RFID Smartcard Vulnerability Published, Allows Anyone To Crack It In Minutes Using Inexpensive Tools

Mon, 06 Oct 2008 19:22:21 +0000

Details about world’s most widely deployed radio frequency identification (RFID) smartcard vulnerability have finally been published Monday. RFID smartcards are used to control access to many transportation systems, military installations, and other restricted areas, and it can be cracked in a matter of minutes using inexpensive tools. The first among the 2 papers about this issue [...]

Mt. Sinai Medical Center looks to open standards for patient smartcards

Tue, 26 Aug 2008 20:00:00 +0000

New York City's Mt. Sinai Medical Center, which a few years ago began a project to give patients a smartcard storing identity and health records, is realigning its focus with an eye toward using format standards that could help spur many hospitals to back the idea of a single, shared patient card.

Learning from Ghana

Fri, 09 May 2008 06:27:18 +0000

Its always interesting to see where the developed world can learn from emerging economies. A lot of the best engineering work comes from having to deal with harsh constraints (opposite of architecture astronomics). I blogged awhile ago about using smart cards for digital cash in Africa

Looks like there is a new system in Ghana as well

E-zwhich smart launched
-ZWICH smartcard, a universal electronic system that facilitates easy access to and transfer of money has now become part of financial transactions in Ghana.

The new system which is also designed to remove the cumbersome and insecure processes of using cash, was launched in Accra yesterday by President J.A. Kufuor, with a call on corporate bodies and government agencies to use it to ensure transparency and integrity on payrolls.

E-zwich is an electronic payment system that allows one to make payments for goods and services or transfer money to others without having to carry physical cash.

Available at all banks countrywide, the system involves the loading of money onto the smart card after registering with any bank without necessarily having an accounts with that bank.

President Kufuor said the introduction of the system has the potential of transforming the payments landscape, the financial services industry and the general conduct of business in the country.

He said accessing the technology was an integral part of government’s overall vision of making Ghana the gateway to the West Africa sub-region and transforming her into a major financial hub.

The President said that globalisation has come with a major challenge of adopting best practices in all spheres of endeavour especially within the macro economy in order to survive in the market.

He said it was against that background that the government has pursued polices to develop and modernise the financial sector to enable it to play a key role in resource mobilisation for increased investment.

With the reforms and the stability of the macro-economy, President Kufuor said the nation was witnessing dramatic growth in the banking sector.

He pointed out, however, that inspite of the impressive growth of financial institutions, an estimated 80 per cent of the eligible population was still "un-banked" or "under-banked" and seemed not to have access to financial services.

Wonder when we will see US, UK, and other first world banks and brokerages catch up to Ghana and South Africa on these technologies? Is it really a good idea in 2008 to have everyone type their username and password into a web browser?

Keeping your Mac locked down: a Mac OS X security primer

Thu, 17 Apr 2008 22:30:01 +0000

Mac users need to think about security, tooApple's approach to security can be a little bewildering at times. It's a well-trumpeted aspect of the OS, marketed in detail on the website. Mac OS X has integrated smartcard support and Apple has certified the OS under the Common Criteria guidelines; a section of Apple's developer site is devoted to th

London Tube Smartcard Cracked

Fri, 14 Mar 2008 04:27:18 +0000

Looks like lousy cryptography.

Details here. When will people learn not to invent their own crypto?

Note that this is the same card -- maybe a different version -- that was used in the Dutch transit system, and was hacked back in January. There's another hack of that system (press release here, and a video demo), and many companies -- and government agencies -- are scrambling in the wake of all these revelations.

Seems like the Mifare system (especially the version called Mifare Classic -- and there are billions out there) was really badly designed, in all sorts of ways. I'm sure there are many more serious security vulnerabilities waiting to be discovered.

Hacker trio finds a way to crack popular smartcard in minutes

Wed, 05 Mar 2008 21:00:00 +0000

Cracking popular wireless smartcard is now a lot easier. A hacker trio has found a low-cost, fast way to decrypt a widely-used, RFID-enabled smartcard.