[Europe] Payment Card Protocols Wide Open to Fraud
https://www.onthewire.io/payment-card-protocols-wide-open-to-fraud/
"This mechanism is protected by a cryptographic signature (MAC).
The symmetric signature key, however, is sometimes stored in
Hardware Security Modules (HSMs), of which some are vulnerable
to a simple timing attack, which discloses valid signatures. A
signature extracted from one such HSM can be used to attack
other, more secure models since the signature key is the same
across many terminals, violating a base principle of security
design," the researchers from Security Research Labs wrote in an
explanation of the research, which was presented at the 32C3
conference in Berlin earlier this week.
- - -
--Lauren--
Lauren Weinstein ([email protected]): http://www.vortex.com/lauren
Founder:
- Network Neutrality Squad: http://www.nnsquad.org
- PRIVACY Forum: http://www.vortex.com/privacy-info
Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://google.com/+LaurenWeinstein
Twitter: http://twitter.com/laurenweinstein
Tel: +1 (818) 225-2800 / Skype: vortex.com
I have consulted to Google, but I am not currently
doing so -- my opinions expressed here are mine alone.
_______________________________________________
nnsquad mailing list
http://lists.nnsquad.org/mailman/listinfo/nnsquad
