2006-04-20
Skimming Chip'n'Pin
Mike Bond at Cambridge University reports some interesting results of experiments attempting to hack chip and pin terminals, much like the current scourge of ATM skimmers.
I've wondered about the possibilities here for some time; after all, when you type your valuable PIN into equipment controlled by the vendor, you have no trusted computing base: in theory, your PIN is compromised each and every time you use it, and you're just trusting that the retailer isn't going to abuse its position.
The only thing protecting you from a compromised retailer is the difficulty of implementing a skimmer or man-in-the-middle attack. The interesting thing about Bond's work is that it sets a rather low (if unclear) limit on that difficulty.
Subscribe to:
Post Comments (Atom)
Failure recovery
I've been categorizing distributed system designs into four groups, according to how they recover from the loss of a single critical ele...
-
One of this year's TED talks was seriously counterintuitive but extremely well-founded. Dan Pink's talk on extrinsic and intrinsic ...
-
I came back to Ireland from the US in 2000, and was immediately disappointed by the weather service. I don't mean the perpetual overcast...
-
I've been categorizing distributed system designs into four groups, according to how they recover from the loss of a single critical ele...
No comments:
Post a Comment