Re: [cryptography] Must have seemed like a good idea at the time
On Tue, Jul 23, 2013 at 4:54 AM, ianG i...@iang.org wrote: ... Banks will say that international wires are irreversible, but it isn't true. If the banks cooperate they can do a return of funds. It all depends... This was kind of interesting: According to Li, the larger problem [of Chinese car theft fraud] is the Chinese financial system, which requires every bank-to-bank transaction to be routed through the central government’s banking authority. As a result, anti-fraud measures are usually slower than criminals. Stopping a payment could take as long as three days, by which time the money is usually unrecoverable. http://www.theverge.com/2013/7/24/4549124/how-google-uncovered-a-chinese-ring-of-car-thieves. Jeff ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Must have seemed like a good idea at the time
On Jul 22, 2013, at 7:48 , ianG i...@iang.org wrote: On 22/07/13 02:27 AM, James A. Donald wrote: On 2013-07-22 9:01 AM, Randall Webmail wrote: [SNIP] To derive a DES OTA key, an attacker starts by sending a binary SMS to a target device. The SIM does not execute the improperly signed OTA command, but does in many cases respond to the attacker with an error code carrying a cryptographic signature, once again sent over binary SMS. Wait -- using the same signing DES key as that which it uses to accept the OTA (over-the-air) java applet??? The key use is indeed fully symmetric -- the same key is used to sign messages in both directions. A rainbow table resolves this plaintext-signature tuple to a 56-bit DES key within two minutes on a standard computer. OK, but how does one acquire the rainbow table? Does one have to send 2^64 attempts to the SMS, and does it shut down after the 3rd ... or did they forget that part too? The plaintext of the error messages is predictable among a small set of possible values. A rainbow table computes the signature one one of these texts for (some of) the 2^56 possible keys. Computing tables for the relevant plaintexts with reasonable coverage after removing mergers takes the equivalent computing time of a handful of brute force computations. Each lookup thereafter is on the order of a few billion DES operations. Cheers, -Karsten ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Must have seemed like a good idea at the time
* James A. Donald: This not all that fatal, as the money is traceable, but it means that the financial institution needs an apparatus to reverse cell phone transactions, and that cell phone money is therefore soft on the may scale. This has been the case for giro payments for a while, and some national banking systems stipulate that *all* direct debit transactions can be rolled back for some time after the transaction. (Lines of credit automatically enforced by banking systems already take this into account, for obvious reasons.) So all this isn't as bad as it may sound. (The phone as a second factor is an endangered species, but for other reasons.) ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Must have seemed like a good idea at the time
On 2013-07-22 9:01 AM, Randall Webmail wrote: [SNIP] To derive a DES OTA key, an attacker starts by sending a binary SMS to a target device. The SIM does not execute the improperly signed OTA command, but does in many cases respond to the attacker with an error code carrying a cryptographic signature, once again sent over binary SMS. A rainbow table resolves this plaintext-signature tuple to a 56-bit DES key within two minutes on a standard computer. *Deploying SIM malware.* The cracked DES key enables an attacker to send properly signed binary SMS, which download Java applets onto the SIM. Applets are allowed to send SMS, change voicemail numbers, and query the phone location, among many other predefined functions. These capabilities alone provide plenty of potential for abuse. [SNIP] https://srlabs.de/rooting-sim-cards/ A number of projects have been launched to use cell phones as a money device, a smart card. I am pretty sure if your malware can send sms, it can transfer funds. This not all that fatal, as the money is traceable, but it means that the financial institution needs an apparatus to reverse cell phone transactions, and that cell phone money is therefore soft on the may scale. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Must have seemed like a good idea at the time
A number of projects have been launched to use cell phones as a money device, a smart card. I am pretty sure if your malware can send sms, it can transfer funds. This not all that fatal, as the money is traceable, but it means that the financial institution needs an apparatus to reverse cell phone transactions, and that cell phone money is therefore soft on the may scale. Bitcoin does not necessarily have or desire these properties. Device security and open devices are important. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography