SEARCH RESULTS
 
Showing 1-10 of 35 records
 
Expand article

Chip and PIN Vulnerable

2008-03-12 14:12:29 by schneier in Schneier on Security
 
This both is and isn't news. In the security world, we knew that replacing credit card signatures with chip and PIN created new vulnerabilities. In this paper (see also the press release and FAQ ), researchers demonstrated some pretty basic attacks against the system -- one using a paper clip, a needle, and a small recording device. This BBC...
 
Tags: pin, chip, pin report, pretty basic attacks, paper clip, paper, credit card signatures, trade association, bbc article
 
 
 
 
Expand article

Chip & PIN terminals vulnerable to simple attacks

The Article has images
2008-02-26 20:33:32 by Saar Drimer in Light Blue Touchpaper
Steven J. Murdoch , Ross Anderson and I looked at how well PIN entry devices (PEDs) protect cardholder data. Our paper will be published at the IEEE Symposium on Security and Privacy in May, though an extended version is available as a technical report . A segment about this work will appear on BBC Twos Newsnight at 22:30 tonight We were able to...
 
Tags: peds, popular peds, protect cardholder data, peds processor, pin, cardholder data, data, encrypt data, governmental certification bodies
 
 
 
 
Expand article

Wee-Fi: Topless Meetings; Projects-Fi; Boston Launch; Rural-Fi; Chrysler-Fi; Wi-Fi Chip-Fi

The Article has images
2008-03-31 15:53:51 by Glennf in Wi-Fi Networking News
No laptops allowed: So-called topless (nice sexy term for "laptop-less") meetings are coming into vogue? It's hard to tell if it's a trend, but to judge by conferences I've attended, no one pays attention to anything any more. Banning laptops might be an advantage to promoting shorter meetings--people will be jonesing so hard for their 'top that...
 
Tags: wi-fi, chrysler, 440m wi-fi chipsets, service, ground service, pilot project, project, term wi-fi, push service
 
 
 
 
Expand article

Hacking Mifare Transport Cards

2008-08-07 06:07:02 by schneier in Schneier on Security
 
London's Oyster card has been cracked , and the final details will become public in October. NXP Semiconductors, the Philips spin-off that makes the system, lost a court battle to prevent the researchers from publishing. People might be able to use this information to ride for free, but the sky won't be falling. And the publication of this...
 
Tags: mifare, design, design secrecy, mifare classic chip, secrecy, security, secrecy supports security, security properly, chip
 
 
 
 
Expand article

Dutch RFID Transit Card Hacked

2008-01-21 06:35:43 by schneier in Schneier on Security
 
The Dutch RFID public transit card, which has already cost the government $2B -- no, that's not a typo -- has been hacked even before it has been deployed: The first reported attack was designed by two students at the University of Amsterdam, Pieter Siekerman and Maurits van der Schee. They analyzed the single-use ticket and showed its...
 
Tags: dutch, chip, mifare classic chip, mifare chip, dutch parliament recently, circuitry, internal circuitry, secret cryptographic algorithm, statement abut
 
 
 
 
Expand article

Show 011 - An Interview with Dorothy Denning

The Article has images The Article has audio podcast
2007-02-15 22:07:35 by rmacmich in The Silver Bullet Security Podcast
On the 11th episode of The Silver Bullet Security Podcast, Gary talks with Dorothy Denning , a professor in the Department of Defense Analysis at the Naval Postgraduate School. Previously, Dorothy was a distinguished professor at Georgetown University and a professor at Purdue University. Gary and Dorothy discuss Dorothys involvement in the...
 
Tags: dorothy, clipper chip, clipper chip controversy, moniker clipper chick, clipper chick, malicious hackers, gary talks, sur power walk, professor
 
 
 
 
Expand article

Justice, in one case at least

2008-01-31 16:48:08 by Ross Anderson in Light Blue Touchpaper
 
This morning Jane Badger was acquitted of fraud at Birmingham Crown Court. The judge found there was no case to answer Her case was remarkably similar to that of John Munden, about whom I wrote here (and in my book here ). Like John, she worked for the police; like John, she complained to a bank about some ATM debits on her bank statement that...
 
Tags: card, circuit card, transaction, john, bank, transaction code, bank statement, emv card, egg
 
 
 
 
Expand article

Skyhook Expands Wi-Fi Positioning to Cell, GPS

2008-06-30 10:25:33 by Glennf in Wi-Fi Networking News
 
Skyhook Wireless will combine information from Wi-Fi wardriving, GPS radios, and cell tower signals for better location: The pitch at Skyhook Wireless is that despite its accuracy, satellite-based GPS remains relatively expensive, that it's slow to get a fix when it powers up, and that it's not accurate enough in the middle of cities. Their XPS...
 
Tags: gps, wi-fi, a-gps, stand-alone gps gear, gps system grab, skyhook, gps-only device, gps chips, gps radios
 
 
 
 
Expand article

Trusted path

The Article has images
2008-04-04 21:18:17 by Editor in Security x.0
Trusted path is quite a common term in security research. It is the basis of many security protocol and application designs, and a security breach of it is one of the most common attack vectors This week, the Security Group published their findings on the vulnerability of PIN entry devices (PEDs) currently deployed in the UK (details available...
 
Tags: path, security, security protocol, strong security protocols, protocols, user, user terminals, common, attack vectors
 
 
 
 
Expand article

MiFare RFID crack more extensive than previously thought

2008-04-15 13:00:00 by Editor in Computerworld Security News
 
Security woes for the wildly popular MiFare RFID chip, hacked several months ago, are mounting. New research demonstrated Tuesday at a security conference in Istanbul shows that the chip can be hacked in mere seconds -- and that more models are affected
 
Tags: months ago, security woes, security conference, models, mere, istanbul, research, tuesday, chip