That's a possibility but it would not work in every case with "chipped" cards. For example, on EMV cards (i.e. pretty much "chipped" banking card out there), the magnetic stripe contains a field stating that this card is "chipped" and that the "chip" transaction should be tried first if the payment terminal has a smartcard reader.
So if you only make a copy of the magnetic stripe on a card without a chip or with an inactive chip, there is a very high chance that the terminal will decline the transaction. As far as I can remember it's a setting that the merchant can turn on and off (broadly speaking).
Now, it is actually possible to clone the chip of some EMV cards (i.e. cards that support only the Static Data Authentication protocol), so your attack remains valid in some cases.
Gee, there are much simpler attacks. In several cases, crooks setted up fake "standalone" ATMs that simply captured the card and the PIN code. Since to the user it appears that the card was swallowed by a legitimate ATM, the user is not going to report at stolen right away. The effect can be reinforced by a properly dressed (read: a suit) impostor telling the customer that there is a problem with the ATM and that they will get their card back in the mail.
Then crooks simply have to collect a bunch of valid cards with matching PINs. In many countries, the customer is responsible for purchase made with the right PIN if the card is not reported as stolen in 24 or 48H, so it may cause significant losses.
This example should resonate with the Slashdot demographic: would you prefer an oscilloscope that has 4 buttons and knobs or 40? Given that back in high-school I never managed to configure this damn thing correctly due to the dozens of buttons and knobs, yes at this time a 2-knob/4-buttons scope would have been a lot better than the monstruosity we had at the time. It seems that older models were much simpler: probably more limited but easier to use if you just need to display a simple signal.
And today those blasted things run Windows. Now that's runaway complexity growth.
It's already been done by at least one person. I read the paper and I see no reason to dispute his findings. Now, since the J2ME market is so fragmented, with tons of different implementations, the vulnerabilty affects only a very limited number of phones. This is not to say that other brands are not plagued with similar bugs, but they are quite hard to find.
At the time, I submitted the story, but it was rejected. Well, now you know.
Nokia probably learnt from its mistakes with the N-Gage launch. I bet that they ran an initial batch of about 200 pieces and can now claim "unexpected" levels of sales. Just like Microsoft and Sony did for their respective consoles.
If you want to find your way in the NYC Subway, you can download a legal subway guide for your mobile phone or BlackBerry from my website. It does not use the official subway map.
The whole point of the Chip&PIN scheme is that you're authenticated with your PIN, so you must keep this PIN secret. You can't keep your signature secret.
This is like saying "Login & Passwords schemes are insecure! If I give my login and password to my coworker, he can impersonate me! The sky is falling!"
Actually, the Chip&PIN scheme is better than Login/Password schemes since you need a physical device (the smart card) to perform the transaction.
If this new scheme forces thiefs to switch to "Social Engineering", well, it's a good thing, since people can be educated about them.
I love this quote:
She claims this chip and pin technology, as it is called, has not reduced the problem of fraud.
The amount of "card-present" fraud in France (where this scheme is in use for about 20 years) is severals orders of magnitude lower than in other countries with similar caracteristics. Ok, the "Problem of fraud" has not been reduced, but the "Amount of fraud" has, and that's what matters.
This one is fucking good. If that's from you, could you grant me and my business partners a royalty-free, irrevokable license to reuse it in print, radio, televion and Intranet communications?
Security is particularly bad under Windows. Part of the problem is that everybody runs as Administrator, which is really bad, and Microsoft seems unwilling to tackle the root of the problem. This means that antiviruses and firewalls run at the same priority level as the malwares they are trying to fight: protecting the integrity of the system is just impossible.
So this architecture could introduce some kind of a "super-administrator" account. Now the question is, who has the password for the "super-administrator" account? Cause someone needs to "login" from time to time say, to update the checksum of the kernel when a patch is released. Should the user have it? Do you think that Microsoft could prevent independant software developers from creating software that require the user to give this password all the time. Maybe, but I would not bet on it. Or should Microsoft keep the password, effectively turning millions of machines into "Microsoft-managed" clients? On one hand, it may seriously cut down on spyware and malware. On the other hand, it may turn the traditional PC into nothing more than a Microsoft client. The market will judge (meaning that if people are willing to believe that Microsoft can solve their security problems, they deserve it).
Of course, every other OS out there (short of PalmOS) got it "right" from the start. However, a "secure module" would still be nice to have to store PGP keys, kernel checksums and the like.
Re:Could a micro-OS bootloader aid security?
on
The Boot Loader Showdown
·
· Score: 2, Informative
You've just described the basic architecture proposed by the TCG. Microsoft is planning to use this architecture in order to implement Palladium (Palladium and the TCG are two different things).
Anyway, this concept can be traced back to the seventies. It's coming alive only now because:
-- security is much more of an issue,
-- it's just damn hard to get it right,
-- it's just damn hard to get everyone to agree on a common spec.
I did an internship for a large network operator, and at one time I was able to visit their NOC. Basically, they never allow customers or visitors in there (but foreign interns are...). However, the NOC was adjacent to a large conference room, only separated by a glass wall.
Otherwise the design of the NOC itself was pretty standard. Lots of big screens, a wall of projectors and professional-looking operators. Think NASA's launches, only with style.
I think you made a few typos there: you typed Sun with Solaris and Java while you obviously meant IBM with Linux and Java. Everyone made the correction automatically anyway.
Why are they switching to Linux instead of, say, Windows or Mac OSX?
I'm a Linux user so I'm definitely happy about this move. Really I'm just looking for some good arguments for the next "My OS is da best" flamefest at work.
Plus it is not a per-application fee. It's more of a per-company fee. Once you get the certificate from RIM, you can sign as many applications as you want.
However, it's true that they could use an open-source community.
This is of course very true: your data is what really matter (and you should back them up to another media). However, the "small flash approach" still has an advantage, even in your case: if your hard drive misbehave, your OS can go in some kind of a "safe mode" allowing you to analyse the problem (or at least to let the OS run its own tests). This avoid them "OMFG, my hard drive is fucked up, I can't even boot it to run fsck!" problem.
I'm planning to move my root partition (which hold/bin) to a 1GB flash card as soon as one falls into my lap.
By the time those flash drives hit the mainstream, I think that swap partitions/files will be a thing of the past. I mean that given that today 512MB of RAM is pretty much the standard, swap will be uncessary expect for very demanding applications like CAD and GIS. We will see.
I've been thinking about this for a long time. What about using a flash drive for the important stuff (OS+user docs) and a hard drive for the unimportant stuff (divxes, CD backups, you name it)? Basically, the hard drive would be powered down most of the time, bringing down noise and heat, therefore driving up the reliability of the whole system. That's certainly possible with every kind of computer out there, but it would be better with specific OS support. For example, the OS could transparently copy your data back and forth between both drives, like the iPod does (with RAM instead of Flash).
Well it's really not this clear cut. Basically, a smart card can store data (between a few bytes and a few megs) and process data (which is very handy for private keys and certificates). So you can't really tell what's going on in there. Maybe nothing, maybe close to nothing or maybe a whole bunch of stuff.
To answer the main question, this data is usually protected anyway: if you don't have the right key, you will get nothing*.
Regards, AIP
* unless you're very smart and have access to a few million dollars worth of equipment.
Finread is more secure than previous solutions because its smart card reader is "smart". It has a pinpad, a screen, a Hardware Security Module and a smart card reader. It is designed to work with EMV smart cards (a public-key scheme). You put your card in the reader, the screen displays the amount and the recipient, you type your secret pin on the pinpad and voila, payment's made.
Since the reader "smart", the remote payment processing system can bypasses your spyware-infested Windows machine to communicate directly with the card through a small, dedicated piece of hardware that is much easier to secure than an computer. Keyloggers and spyware are inefficient because your computer does not process any sensible piece of information. It's like opening an bi-authenticated SSL channel between your card and the Visa or MasterCard processing systems.
Finread is far from perfect, but much better the current situation. The only drawback of Finread is that it is so good that when it will be cracked, banks will probably manage to claim that everything's fine for a long time.
Now, of course, for lost tapes, we still need something else.
I'm thinking that they are planning to use a "smart" RFID tag, with an embedded microprocessor, like the one you get on some settop boxes. The basic idea is that the "master key" is inside the chip (and you can't get it out without some a very, very expensive tools). Then the player queries the chip for a session key every, say, ten seconds, and this session key can be used to decrypt 10 seconds of raw data.
You can copy the raw data, but you can't clone a smart RFID chip, so the movie is tied to physical medium. If an online connection is required, such a scheme can be very strong.
Please, do not try to point out the glaring security holes in the scheme above, this is only an example that explain why they are working with RFID chips.
Slashdot Mirror
That's a possibility but it would not work in every case with "chipped" cards. For example, on EMV cards (i.e. pretty much "chipped" banking card out there), the magnetic stripe contains a field stating that this card is "chipped" and that the "chip" transaction should be tried first if the payment terminal has a smartcard reader.
So if you only make a copy of the magnetic stripe on a card without a chip or with an inactive chip, there is a very high chance that the terminal will decline the transaction. As far as I can remember it's a setting that the merchant can turn on and off (broadly speaking).
Now, it is actually possible to clone the chip of some EMV cards (i.e. cards that support only the Static Data Authentication protocol), so your attack remains valid in some cases.
Gee, there are much simpler attacks. In several cases, crooks setted up fake "standalone" ATMs that simply captured the card and the PIN code. Since to the user it appears that the card was swallowed by a legitimate ATM, the user is not going to report at stolen right away. The effect can be reinforced by a properly dressed (read: a suit) impostor telling the customer that there is a problem with the ATM and that they will get their card back in the mail.
Then crooks simply have to collect a bunch of valid cards with matching PINs. In many countries, the customer is responsible for purchase made with the right PIN if the card is not reported as stolen in 24 or 48H, so it may cause significant losses.
I don't actually use it since the picture from my PC is much better on the VGA port than on the HDMI port. And my TV is a new Samsung. Go figure.
Well, Surprise!
It's already been done by at least one person. I read the paper and I see no reason to dispute his findings. Now, since the J2ME market is so fragmented, with tons of different implementations, the vulnerabilty affects only a very limited number of phones. This is not to say that other brands are not plagued with similar bugs, but they are quite hard to find.
At the time, I submitted the story, but it was rejected. Well, now you know.
If you have to ask that, I suggest you to go and learn the principles behind those two-factor authentication tokens.
Regards
Nokia probably learnt from its mistakes with the N-Gage launch. I bet that they ran an initial batch of about 200 pieces and can now claim "unexpected" levels of sales. Just like Microsoft and Sony did for their respective consoles.
If you want to find your way in the NYC Subway, you can download a legal subway guide for your mobile phone or BlackBerry from my website. It does not use the official subway map.
Regards
What make you think that we do not already have all the tech required to establish a settling on Mars AND that it is not already patented to Hell?
Hey, that's almost the pickup lines of most exploration's plans for the Red Planet: "We have the technologies, we just need some money!"
This is like saying "Login & Passwords schemes are insecure! If I give my login and password to my coworker, he can impersonate me! The sky is falling!"
Actually, the Chip&PIN scheme is better than Login/Password schemes since you need a physical device (the smart card) to perform the transaction.
If this new scheme forces thiefs to switch to "Social Engineering", well, it's a good thing, since people can be educated about them.
I love this quote:
The amount of "card-present" fraud in France (where this scheme is in use for about 20 years) is severals orders of magnitude lower than in other countries with similar caracteristics. Ok, the "Problem of fraud" has not been reduced, but the "Amount of fraud" has, and that's what matters.
This one is fucking good. If that's from you, could you grant me and my business partners a royalty-free, irrevokable license to reuse it in print, radio, televion and Intranet communications?
Yes, I work for lawyers, why?
Security is particularly bad under Windows. Part of the problem is that everybody runs as Administrator, which is really bad, and Microsoft seems unwilling to tackle the root of the problem. This means that antiviruses and firewalls run at the same priority level as the malwares they are trying to fight: protecting the integrity of the system is just impossible.
So this architecture could introduce some kind of a "super-administrator" account. Now the question is, who has the password for the "super-administrator" account? Cause someone needs to "login" from time to time say, to update the checksum of the kernel when a patch is released. Should the user have it? Do you think that Microsoft could prevent independant software developers from creating software that require the user to give this password all the time. Maybe, but I would not bet on it. Or should Microsoft keep the password, effectively turning millions of machines into "Microsoft-managed" clients? On one hand, it may seriously cut down on spyware and malware.
On the other hand, it may turn the traditional PC into nothing more than a Microsoft client. The market will judge (meaning that if people are willing to believe that Microsoft can solve their security problems, they deserve it).
Of course, every other OS out there (short of PalmOS) got it "right" from the start. However, a "secure module" would still be nice to have to store PGP keys, kernel checksums and the like.
You've just described the basic architecture proposed by the TCG. Microsoft is planning to use this architecture in order to implement Palladium (Palladium and the TCG are two different things).
Anyway, this concept can be traced back to the seventies. It's coming alive only now because:
-- security is much more of an issue,
-- it's just damn hard to get it right,
-- it's just damn hard to get everyone to agree on a common spec.
Regards
I did an internship for a large network operator, and at one time I was able to visit their NOC. Basically, they never allow customers or visitors in there (but foreign interns are...). However, the NOC was adjacent to a large conference room, only separated by a glass wall.
Otherwise the design of the NOC itself was pretty standard. Lots of big screens, a wall of projectors and professional-looking operators. Think NASA's launches, only with style.
I think you made a few typos there: you typed Sun with Solaris and Java while you obviously meant IBM with Linux and Java. Everyone made the correction automatically anyway.
This is called "Goldilock pricing," it has been studied and it is extremely effective.
Regards,
Why are they switching to Linux instead of, say, Windows or Mac OSX?
I'm a Linux user so I'm definitely happy about this move. Really I'm just looking for some good arguments for the next "My OS is da best" flamefest at work.
Plus it is not a per-application fee. It's more of a per-company fee. Once you get the certificate from RIM, you can sign as many applications as you want.
However, it's true that they could use an open-source community.
Regards
This is of course very true: your data is what really matter (and you should back them up to another media). However, the "small flash approach" still has an advantage, even in your case: if your hard drive misbehave, your OS can go in some kind of a "safe mode" allowing you to analyse the problem (or at least to let the OS run its own tests). This avoid them "OMFG, my hard drive is fucked up, I can't even boot it to run fsck!" problem.
/bin) to a 1GB flash card as soon as one falls into my lap.
I'm planning to move my root partition (which hold
Regards
By the time those flash drives hit the mainstream, I think that swap partitions/files will be a thing of the past. I mean that given that today 512MB of RAM is pretty much the standard, swap will be uncessary expect for very demanding applications like CAD and GIS. We will see.
Regards
I've been thinking about this for a long time. What about using a flash drive for the important stuff (OS+user docs) and a hard drive for the unimportant stuff (divxes, CD backups, you name it)? Basically, the hard drive would be powered down most of the time, bringing down noise and heat, therefore driving up the reliability of the whole system. That's certainly possible with every kind of computer out there, but it would be better with specific OS support. For example, the OS could transparently copy your data back and forth between both drives, like the iPod does (with RAM instead of Flash).
Regards
Well it's really not this clear cut. Basically, a smart card can store data (between a few bytes and a few megs) and process data (which is very handy for private keys and certificates). So you can't really tell what's going on in there. Maybe nothing, maybe close to nothing or maybe a whole bunch of stuff.
To answer the main question, this data is usually protected anyway: if you don't have the right key, you will get nothing*.
Regards,
AIP
* unless you're very smart and have access to a few million dollars worth of equipment.
Well, not really stupid, just outdated.
The system you're describing is called Finread.
Finread is more secure than previous solutions because its smart card reader is "smart". It has a pinpad, a screen, a Hardware Security Module and a smart card reader. It is designed to work with EMV smart cards (a public-key scheme). You put your card in the reader, the screen displays the amount and the recipient, you type your secret pin on the pinpad and voila, payment's made.
Since the reader "smart", the remote payment processing system can bypasses your spyware-infested Windows machine to communicate directly with the card through a small, dedicated piece of hardware that is much easier to secure than an computer. Keyloggers and spyware are inefficient because your computer does not process any sensible piece of information. It's like opening an bi-authenticated SSL channel between your card and the Visa or MasterCard processing systems.
Finread is far from perfect, but much better the current situation. The only drawback of Finread is that it is so good that when it will be cracked, banks will probably manage to claim that everything's fine for a long time.
Now, of course, for lost tapes, we still need something else.
Hi,
Do you have any good resources about all this stuff (short of the K&R and man gcc)?
Regards
I'm thinking that they are planning to use a "smart" RFID tag, with an embedded microprocessor, like the one you get on some settop boxes. The basic idea is that the "master key" is inside the chip (and you can't get it out without some a very, very expensive tools). Then the player queries the chip for a session key every, say, ten seconds, and this session key can be used to decrypt 10 seconds of raw data.
You can copy the raw data, but you can't clone a smart RFID chip, so the movie is tied to physical medium. If an online connection is required, such a scheme can be very strong.
Please, do not try to point out the glaring security holes in the scheme above, this is only an example that explain why they are working with RFID chips.