Category Archives: Discussions

Various discussions about Java Card technology, and more generally about smart card technology.

The misuse of bytecode verification

Bytecode verification has been an interesting debate since the very beginning of Java Card. Back then, in 1997, Java was very much about Java applets, and the bytecode verifier was the essential piece of software that allowed untrusted code to run in a browser efficiently (i.e., without doing expensive runtime checks, and without having to […]

Hijacking NFC Tags

I have been thinking about tags for as a background task for a while, and one of my directions has been to look at the “hijacking” of tags. Here, I am not talking of replacing some tags by other tags (for instance pushing toward a competitor of a smart poster’s rightfful owner), as thie defnitely […]

Open Source, GlobalPlatform, and Java Card

The two concepts of open source and smart cards have not gone well together. There are some projects about specific applications and corresponding terminal-side software, such as the Muscle project for Linux, and the JMRTD library for e-passports (if you have one that you want me to mention, let me know). However, there are really […]

It can’t happen here

The sentence It can’t happen here is the latest motto of the French government, to which they add because our nuclear plants are the safest in the world. My point is not here to discuss politics or nuclear engineering, but to focus on risk analysis. I only did a few risk analyses, but it taught […]

Android Malware, Permissions, and Side Channels

New Android malware keeps popping up, and the latest one to be publicly discussed is very typical of what we are seeing these days. And frankly, I haven’t found them very impressive. In short, the attack consists in recording phone calls, identifying calls to credit card support lines, then analyzing the recording to identify the […]

2011: The year of mobile malware? Nope.

One of the discussion topics at this week’s Mobile Security Barcamp in Sophia Antipolis was mobile malware, with some people claiming that 2011 will be the year of mobile malware. I agree with them that, as mobile takes more and more power, and as platforms like iOS and Android become more and more common, they […]

The Mobile Trust Manifesto

Mobile computing is at a turning point, as the past few years have seen numerous improvements of the capacities of mobile devices. Here are a few of the main characteristics that have dramatically improved: Personal. Mobile phones are becoming some kind of personal hub, on which all communications means are concentrated, in particular around social […]

LG Thinq and smart appliances

Beside Motorola’s Atrix 4G and the many tablets, one of the very nice announcements of CES is LG’s Thinq, with significant press coverage. Connecting home appliances sounds kind of obvious, and the ubiquitous availability of smartphones and tablets makes it even more obvious. I have many times left my clean laundry sit in the washer […]

The end of JavaOne 2010

So, that’s it, JavaOne is fnished for me. It has been quite dense, with many sessions and a few interesting discussions. It leaves me with mixed feelings, though. On the good side, Oracle has shown some commitment to a Java roadmap, and this enormous conference has proven that Oracle plays at a different level; this […]

Live from JavaOne: Technical General Session

This general session concentrated major news about JDK (desktop?), Java EE, and Java for Mobile and Embedded. Mark Reinhold basically explained the roadmap for JDK releases, which will follow Plan B. This means that there will be a release in 2011 with the features that are ready, and another release in 2012 with the features […]