Category Archives: Idées reçues

Discussions about sentences that are often heard without justification, often heard clich�s and other interesting statements.

It can’t happen here

The sentence It can’t happen here is the latest motto of the French government, to which they add because our nuclear plants are the safest in the world. My point is not here to discuss politics or nuclear engineering, but to focus on risk analysis. I only did a few risk analyses, but it taught […]

2011: The year of mobile malware? Nope.

One of the discussion topics at this week’s Mobile Security Barcamp in Sophia Antipolis was mobile malware, with some people claiming that 2011 will be the year of mobile malware. I agree with them that, as mobile takes more and more power, and as platforms like iOS and Android become more and more common, they […]

Java Card RMI is useless

When we first presented GemXpresso in 1997, it was made by a bunch of (Gemplus) researchers. We were all very happy, because it was a very nice card, and because it was very simple to program, thanks to Remote Method Invocation (RMI), which freed us from these damn APDU’s. It was possible to generate automatically […]

About security in evaluations

A few days ago, the final verdict was published in the trial following a plane crash that killed 87 persons in 1992. Nobody was finally condemned, as the judge estimated that they had not committed any legal fault. However, an article in today’s “Le Monde” (in French) debates on the very usefulness of such trials. […]

There could be millions of Java Card applications

The Java Card platform is the most widely used application platform in the world, with around 2 billion cards deployed. However, it remains very different from the other platforms such as Windows or even MIDP. However, for interoperability reasons, most applications are heavily standardized (for instance in the banking and identity markets), which reduces even […]

Smart card security requirements are too high

As a security evaluator, I often hear vendors complaining that the security requirements are too high, and that they cost them a lot for nothing. These complaints are easy to dismiss on the grounds that they apply equally to all vendors, but there are other consequences, which are more difficult to dismiss: Issuers with higher […]

Java Card cards are less secure than native cards

This argument is often used by Java Card foes, often in conjunction to the “Java Card is slow” argument. The statement is effective, because most people don’t even bother to look deeper into its meaning. Here, we do not look at detailed figures and analyses, but we do look at possible reasons why this statement […]