Comments on: New Applications, New Threats, New Countermeasures http://javacard.vetilles.com/2007/09/26/new-applications-new-threats-new-countermeasures/ A weblog on Java Card, security, and other things personal Thu, 18 May 2017 07:26:32 +0000 hourly 1 https://wordpress.org/?v=4.0.32 By: Eric Vétillard http://javacard.vetilles.com/2007/09/26/new-applications-new-threats-new-countermeasures/#comment-3098 Tue, 16 Oct 2007 03:04:47 +0000 http://javacard.vetilles.com/2007/09/26/new-applications-new-threats-new-countermeasures/#comment-3098 My post may be misleading, but I don’t believe in magic, and I am not saying that we should protect against unknown attacks. The only thing that I am saying is that, once we have uncovered a partial attack path, we should act upon it, or at least, think about it.

If I consider again the delegation issue, I have not identified any “industrial” attack based on it. Does it mean that we should not worry about allowing applications to know the origin of the command? An application that only expects some commands to come from the NFC antenna (and not from the mobile phone) should be able to perform that check, and reject commands that come from the mobile phone. If the cost is very small (as it is in that case), I really believe that this is not paranoia.

]]> By: lexdabear http://javacard.vetilles.com/2007/09/26/new-applications-new-threats-new-countermeasures/#comment-3094 Mon, 15 Oct 2007 16:27:51 +0000 http://javacard.vetilles.com/2007/09/26/new-applications-new-threats-new-countermeasures/#comment-3094 If you don’t know about an attack today, it is natural not to take it into account. What is your proposal to protect unknown attacks? Is it not enough to react on the first successful attack? Otherwise we might as well get paranoid.

]]>