[22472] in cryptography@c2.net mail archive
Re: Creativity and security
daemon@ATHENA.MIT.EDU (Anne & Lynn Wheeler)
Wed Apr 12 13:19:40 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 12 Apr 2006 10:28:33 -0600
From: Anne & Lynn Wheeler <lynn@garlic.com>
To: cryptography@metzdowd.com
In-Reply-To: <44280FA2.7090009@garlic.com>
Anne & Lynn Wheeler wrote:
> recent posts mentioning some skimming threats
> http://www.garlic.com/~lynn/aadsm22.htm#27 Meccano Trojans coming to
> desktop near you
re:
http://www.garlic.com/~lynn#aadsm22.htm#30 Creativity and security
Trial starts on swipe-and-go card; A new smartcard could result in
shorter queues in the shops
http://www.theage.com.au/news/business/trial-starts-on-swipeandgo-card/2006/04/12/1144521400790.html
the above has the quote:
"The card never leaves your hand," ... "In fact, it need not even be
taken out of the wallet, and there is no chance information from the
card can be skimmed, the most common form of card fraud."
... snip ...
while the earlier reference is to a situation where the crook is using
their own device for extra swipes, a significant portion of skimming
involve compromised devices that harvest information
http://www.garlic.com/~lynn/subpubkey.html#harvest
as part of a normal transaction. The real issue is whether "static data"
is used for authentication and therefor the infrastructure is vulnerable
to any kind of skimming/harvesting/evesdropping and replay attacks.
a few recent comments about static data exploits for replay attacks
http://www.garlic.com/~lynn/aadsm22.htm#20 FraudWatch - Chip&Pin, a new
tenner (USD10)
http://www.garlic.com/~lynn/aadsm22.htm#40 FraudWatch - Chip&Pin, a new
tenner (USD10)
http://www.garlic.com/~lynn/2006e.html#10 Caller ID "spoofing"
http://www.garlic.com/~lynn/2006e.html#30 Debit Cards HACKED now
http://www.garlic.com/~lynn/2006f.html#39 X.509 and ssh
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
