At 01:28 PM 12/24/99 -0400, M Taylor wrote:
>> I personally would like a clearer explanation of just what happened, and
what
>> the "tamper-proof" devices were.
Anyone who uses 'tamper proof' is basically a novice.
Or a marketing droid. Tamper resistance increases the
cost of attack; tamper-evi
On Mon, 13 Dec 1999, Steven M. Bellovin wrote:
> In message <[EMAIL PROTECTED]>, Steve Reid writes:
> > A real-world example of the fact that cryptography is only part of the
> > equation, and "tamper-proof" devices are not necessarily so.
> >
> > Article: http://www.globeandmail.ca/gam/National
Arrianto Mukti Wibowo writes:
> About Mondex, probably you are right. No information is available about the
> internals of Mondex, and is kept secret, unlike CAFE which the specification
The fact that Mondex keeps its VM specs secret does not forebode well
for its security. Apparently, the VM
On Tue, 14 Dec 1999 06:52:26 +1100, Greg Rose <[EMAIL PROTECTED]>
wrote:
:This doesn't work. The PIN is derived by adding a "PIN Offset" which is
:stored on the magstripe to the "Real PIN" which is cryptographically
:derived from the account information. If you can't duplicate the magstripe
O
On Mon, 13 Dec 1999 10:49:35 -0500 "Steven M. Bellovin" <[EMAIL PROTECTED]> writes:
> In message <[EMAIL PROTECTED]>, Steve Reid writes:
> > A real-world example of the fact that cryptography is only part of the
> > equation, and "tamper-proof" devices are not necessarily so.
> >
> > Article: htt
-Original Message-
From: Steve Reid <[EMAIL PROTECTED]>
Date: Tuesday, 14 December, 1999 5:34 AM
Subject: Re: Debit card fraud in Canada
>
>I'm not sure if I'd trust a smartcard-based system that didn't require
>on-line connectivity. From what little
At 01:25 PM 12/13/99 -0800, Steve Reid wrote:
>On Mon, Dec 13, 1999 at 12:12:42PM -0800, David Honig wrote:
>> Wouldn't a thumbprint reader on the card (to authenticate the meat to the
>> smartcard) be a tougher thing to shoulder surf?
>> Does raise the cost over a PIN.
>
>I'm not sure if biometr
At 10:30 PM 12/13/99 +, Ben Laurie wrote:
>David Honig wrote:
>>
>Sure. But wouldn't you like to keep your thumbs?
>
Yes, and my eyeballs, etc. Mere discussion does not
imply endorsement.
A PIN doesn't help: a thug will drag you to the ATM
and harm you if you give the wrong PIN.
And pro
http://www.garlic.com/~lynn/aadsmore.htm#bioinfo3
David Honig <[EMAIL PROTECTED]> on 12/13/99 12:12:42 PM
To: "Steven M. Bellovin" <[EMAIL PROTECTED]>, Steve Reid
<[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED] (bcc: Lynn Wheeler/CA/FDMS/FDC)
Subject: Re: Debit ca
David Honig wrote:
>
> At 10:49 AM 12/13/99 -0500, Steven M. Bellovin wrote:
> >true for credit cards? If so, a simple visual recorder -- already used by
> >other thieves -- might suffice, and all the tamper-resistance in the world
> >won't help. Crypto, in other words, doesn't protect you if t
On Mon, Dec 13, 1999 at 12:12:42PM -0800, David Honig wrote:
> Wouldn't a thumbprint reader on the card (to authenticate the meat to the
> smartcard) be a tougher thing to shoulder surf?
> Does raise the cost over a PIN.
I'm not sure if biometrics would help with the sort of attack this
appears
At 10:49 AM 12/13/99 -0500, Steven M. Bellovin wrote:
>true for credit cards? If so, a simple visual recorder -- already used by
>other thieves -- might suffice, and all the tamper-resistance in the world
>won't help. Crypto, in other words, doesn't protect you if the attack is on
>the crypto
At 10:49 13/12/1999 -0500, Steven M. Bellovin wrote:
> If so, a simple visual recorder -- already used by
>other thieves -- might suffice, and all the tamper-resistance in the world
>won't help. Crypto, in other words, doesn't protect you if the attack is on
>the crypto endpoint or on the cleart
In message <[EMAIL PROTECTED]>, Steve Reid writes:
> A real-world example of the fact that cryptography is only part of the
> equation, and "tamper-proof" devices are not necessarily so.
>
> Article: http://www.globeandmail.ca/gam/National/19991210/UDEBIN.html
> Mirror: http://www.efc.ca/pages/m
A real-world example of the fact that cryptography is only part of the
equation, and "tamper-proof" devices are not necessarily so.
Article: http://www.globeandmail.ca/gam/National/19991210/UDEBIN.html
Mirror: http://www.efc.ca/pages/media/globe.10dec99.html
15 matches
Mail list logo