2006-04-20

Skimming Chip'n'Pin

Mike Bond at Cambridge University reports some interesting results of experiments attempting to hack chip and pin terminals, much like the current scourge of ATM skimmers. I've wondered about the possibilities here for some time; after all, when you type your valuable PIN into equipment controlled by the vendor, you have no trusted computing base: in theory, your PIN is compromised each and every time you use it, and you're just trusting that the retailer isn't going to abuse its position. The only thing protecting you from a compromised retailer is the difficulty of implementing a skimmer or man-in-the-middle attack. The interesting thing about Bond's work is that it sets a rather low (if unclear) limit on that difficulty.
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Failure recovery

I've been categorizing distributed system designs into four groups, according to how they recover from the loss of a single critical ele...

  • Directive 2003/58/EC
    The EU, in a genuine act of stupidity (not to be confused with the imaginary acts of stupidity usually recorded in the British press), has d...
  • Sketchpad: the first OO system
    In his ACM Turing Award lecture at OOPSLA 2004, Alan Kay came up with this memorable quote about Sketchpad: I went to ask Ivan How could y...
  • Performance-based rewards considered harmful
    One of this year's TED talks was seriously counterintuitive but extremely well-founded. Dan Pink's talk on extrinsic and intrinsic ...