Welcome to cissp CISSP training Certified Information Systems Security Professional
Search
Nickname Password Security Code Security Code Type Security Code  

Best training in the world
FITSI the certification program for the federal workforce

CCCure Quiz Engine

Rated #1 Training

Library of Documents

Forum Postings

CISSP's Blogs

Here is a list of Blogs maintained by CISSP's.

SECURITY JOBS

- Information Security Jobs

ISC2 BLOGS

- Official ISC2 Blog

CISSP's BLOGS

- Allen Baranov
- Andy Willingham
- Anton Aylward
- Benjamin Tomhave
- Bob Johnston
- Chad McDonald
- CSCI Blog
- Daniel Accioly Rosa
- Dave Lewis
- Donald Glass
- Gary Hinson
- Martin McKeay
- Michael Ehart
- Michael Santarcangelo Security Catalyst
- Peter Gregory
- Rebecca Herold
- Shaun Balkum
- Vijay Upadhyaya
- Vincent Arnold 

LEGAL INFO BLOGS

- Bow Tie Law's Blog
- Chilling Effects Clearinghouse
- Cyber Law Update
- Digestible Law
- Law.Com Daily Alerts
- Law.Com Technology News
- Law.Com
- International Legal News
- Lessig Blog
- Michael Overly
- NCSL info site
- The Gray Blog

ISO 27001 & BS 25999

- Dejan Kosutic

You know of a blog that is not listed, please Click Here to send us the link

Recommended Podcasts

MISC Menu

Security Books

Surveys

Where do you find the best price for books?

Amazon.Com
Bookpool.Com
The ISC2 webstore
CISSPS.COM
Cheapbooks.com
Ecampus.com
Other (Please leave a comment with name of site)



Results
Polls

Votes 1758

Top10 Links

Top10 Downloads

Who's Online

There are currently, 47 guest(s) and 13 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
cissp CISSP training Certified Information Systems Security Professional: RFID

Search on This Topic:   
[ Go to Home | Select a New Topic ]

Bank censorship attempt rebuffed
Posted by boss on Monday, 03 January 2011 @ 14:34:23 EST (1204 reads)
Topic RFID

cdupuis writes "

As seen on the great H Security web site:

27 December 2010, 13:21

A trade association of bankers attempted to get the University of Cambridge to withdraw a thesis by Omar Choudary on the No-PIN attack on Chip and Pin. Ross Anderson has told the UK Cards Association that the paper will not be taken offline in a robust response[1]PDF to that request. Anderson points out that the material on the No-PIN attack has already been published by himself and others on the Cambridge University web site.

Anderson also notes that "Cambridge is the University of Erasmus, of Newton, and of Darwin; censoring writings that offend the powerful is offensive to our deepest values" and that he has now authorized Choudry's thesis to be published as a "Computer Laboratory Technical Report" making it easier to cite and giving it a permanent presence on the web site.

The No-PIN attack was responsibly disclosed in 2009 and details of it[2] were published in February 2010. It exploits a weakness in the EMV protocol by fooling the terminal into thinking that the card has accepted the PIN entered while the card thinks that the terminal is reset to use signature verification. This results in a transaction being recorded as authorized by PIN, when the correct PIN was not entered.

In a posting[3] on his personal blog, Anderson reports that the No-PIN attack now no longer works against Barclays' cards at a Barclays' merchant, adding "So at least they’ve started to fix the bug – even if it’s taken them a year". Anderson also reveals a "Christmas present to the bankers": Choudry is one of the coauthors of a new Chip-and-PIN paper which has been accepted for Financial Cryptography 2011[4] in February. Anderson suggests that all bankers come to the conference "to hear what we have to say".

URL of this Article:
http://www.h-online.com/security/news/item/Bank-censorship-attempt-rebuffed-1159261.html

Links in this Article:
  [1] http://www.cl.cam.ac.uk/~rja14/Papers/ukca.pdf
  [2] http://www.h-online.com/news/item/PIN-check-in-EMV-protocol-for-EC-and-credit-cards-bypassed-929784.html
  [3] http://www.lightbluetouchpaper.org/2010/12/25/a-merry-christmas-to-all-bankers/
  [4] http://ifca.ai/fc11/program.html

"

(Read More... | Score: 0)


D-Day for RFID-based transit card systems
Posted by boss on Tuesday, 07 October 2008 @ 12:37:15 EDT (1579 reads)
Topic RFID

NOTE FROM CLEMENT:
RFID has been in the news quite a lot over the past six months and rightly so. It is used within our passports, it is used on our credit cards, it is used within your public transportation tickets, it is used even on some of the common products you buy at the store.

I invite you to visit my tester website and look at some of the videos demonstrating attacks on RFID:
http://www.professionalsecuritytesters.org/modules.php?name=Flash_Player

Here is a recent article from cnet.com pointing to research and information on the subject:

http://news.cnet.com/8301-1009_3-10059605-83.html

By Elinor Mills
Security
CNET News
October 6, 2008

Want to ride the subway for free without having to jump the turnstiles? Well, as of Monday, you'll be able to do that by making a fake transit card.

A scientific paper detailing the security flaws in the Mifare Classic wireless smart card chip used in transit systems around the world is being published by the Radboud University Nijmegen. And a researcher at
Humboldt University in Berlin has published a full implementation of the algorithm (PDF) [1].

"Combining these two pieces of information, attacks can now be implemented by anyone," RFID researcher Karsten Nohl told CNET News. "All it takes is a $100 (card) reader and a little software."

Armed with the information in the papers, someone could steal the secret key from a Mifare Classic-based transit card and create a clone of it. As seen in a demonstration [2], data was collected wirelessly by merely brushing a card reader past someone carrying a card. The data was then used to create a fresh transit card that permitted free access to the London subway.

Subway systems in Amsterdam, Boston, and Beijing, among other cities, are also susceptible, as are building access control systems in Europe.

[1] http://sar.informatik.hu-berlin.de/research/publications/SAR-PR-2008-21/SAR-PR-2008-21_.pdf
[2] http://news.cnet.com/8301-10789_3-9978486-57.html

(Read More... | Score: 0)

Recommended Training

Best training in the world

Login here

Nickname

Password

Security Code:
Security Code
Type Security Code

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Recommended

CCCure Partners

BRAZIL

Logical IT

Best Security Training in Brazil

São Paulo
Rio de Janeiro
Belo Horizonte
Fortaleza
Brasilia

USA

SecureNinja.Com

SecureNinja Dojo

CANADA

360 Security Experts

CISSP Montreal
CISSP Ottawa
CISSP Toronto
CISSP Quebec City
CISSP Vancouver
CISSP Winnipeg

MIDDLE EAST

CISSP Dubai
CISSP Abu Dhabi
CISSP Qatar
CISSP Kuwait
CISSP Oman

THE OISSG GROUP
The OISSG serving the Middle East security needs

EUROPEAN UNION

CISSP Dublin, Ireland
CISSP London, UK
ESPION

Best security training you can get in Ireland

AFRICA

Lagos, Nigeria
CISSP and Security Training
Digital Encode

The best security training in Lagos and Nigeria

----------------------------
Cameroon
Security Training
CISSP, CEH, Security+
GETSEC

Best Security Training in Cameroon

Most Active Members

· 1: side_winder
Total points: 15336
· 2: webplu9
Total points: 15228
· 3: Lopezco
Total points: 8514
· 4: cissp_newbie
Total points: 7593
· 5: cdupuis
Total points: 7381
· 6: mikeyoung_fla
Total points: 5526
· 7: Vladimir
Total points: 4611
· 8: damoose
Total points: 3374
· 9: MMM
Total points: 2969
· 10: educk
Total points: 2553

Today's Big Story

There isn't a Biggest Story for Today, yet.

Random Headlines

Past Articles

There isn't content right now for this block.

All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © 2007 by CCCure.Org, and the site maintainers Clement Dupuis and Nathalie Lambert. Reuse is strictly prohibited without written permission of CCCure.Org or it's maintainers.

This web site is not associated directly or indirectly with ISC2, the SANS Institute, ISACA, or other certification authority. The GCFW, CISSP, SSCP, ISSEP, ISSMP, CISA, and CISM are all the property of their respecful owners. The content of this site is provided to you freely due to the generosity of our sponsors.


  • Career
  • Magazines
  • Conferences
  • Study Books
  • Certifications
  • Training
  • Tutorials
  • Quizzes
  • Forums

    • Page Generation: 0.50 Seconds