Category Archives: News

All kinds of news about Java Card, including new research, new products, conferences, etc.

Should we Protect Cars from Terrorists?

Some days ago, Mark Cuban published on LinkedIn a question about weaponized cars: who has developed solutions to detect/prevent such events? I live close to Nice, so I would definitely extend the question to trucks, and basically to anything heavy that moves faster tn humans. Terrorists are not easy to distinguish from normal drivers before […]

Des contraintes naît la beauté

This quote from Leonardo da Vinci “Beauty is born from constraints” was chosen by Alain Colmerauer as the motto for Prolog IV, the last iteration (for now) of the Prolog language, déveloped by Prologia in the early 1990’s. Alain Colmerauer passed away this week. I have plenty of memories about him, starting from classes with […]

Can we try to get some IoT devices right?

Last week at RSA, various crypto stars, including Don Rivest, Adi Shamir, and Whitfield Diffie, have discussed security research trends in a panel, and the conclusion seems to be that quantum computing and AI are not the real priority with the Internet of Things. The priority is, or should be, to invest in better programming. […]

Attacking IoT is really easy

A few days ago, Metasploit has announced that their famous tool is now available to car hackers, and soon for any connected object. Metasploit is a well-known tool for web apps, and extending it to objects simply makes these objects as easy to hack as web apps. Indeed, there are many aspects in common between […]

Fighting poker-winning AIs on IoT Security

Published attacks tend to repeat themselves this year, but in the last few days, there has been a few interesting events and publications, in particular: Adi Shamir has made gloomy predictions about security in the next 15 years. Bruce Schneier has published a long essay about IoT security, with a vibrant and desperate call for […]

Traffic cameras, legal rules, and accusers

A few days ago, I watched Gone Girl on TV, a story about mounting evidence against an innocent person. And then, I looked at an article about challenging a traffic camera citation (in the US). The link between the two stories is evidence, of course. Traffic camera evidence incriminates a car, not a driver. The […]

The lowest hanging card

The latest news on six second card hacking is very entertaining, and frankly, not reassuring. This thing is just as simple that it is stupid. The CVV2/CVC2 is a secret number computed by banks using a secret key, so they are validated by the issuing bank. Apparently, most (all?) of them have chosen not to […]

IoT Security as Externality: Cluelessness, Denial, and more

Not my problem. That’s the 3-word definition of an externality: something that you don’t need to deal with, because the adverse consequences are not affecting you directly. This has been an issue for cybersecurity forever (Schneier, 2007), and it is widely known that the issue is particularly pressing with IoT (Schneier again, 2016). I have […]

Logical Attacks in the Java Card security landscape

Logical attacks on Java Card have been known for a long time, and they have also been a focus of a lot of academic research, which still continues today. Earlier this week at Cardis 2016, there have been two presentations on logical attacks. I will not discuss the details of the attacks that are being […]

SMS-based 2-factor: Good or Bad?

Wired published recently an article about how SMS-based 2-factor authentication is not good. This article is making a buzz, and an article appeared on that topic in Fortune. The basis for these articles is that SMS-based authentication is not associated to something you have (your phone), but with something you are loosely associated to (your […]