All kinds of news about Java Card, including new research, new products, conferences, etc.
There is no better publicity for a security company than a good scare. Apparently, some guys at Smobile are taking publicity seriously. They have published a report entitled Threat Analysis of the Android Market, which got them some news coverage. The report includes some pretty scary statements, like:
3% of all of the Market submissions that [...]
That’s a question that I have been asking myself for quite a while. How dangerous can a mobile application be? How can it be made more dangerous? Or less dangerous?
Here’s a grabbag from Internet today. First, the good side, with two Microsoft articles pointed by Bruce Schneier:
The first one is about the authorization dialogs that [...]
Smart card security doesn’t often get on traditional media, so we can all (at least, the French-spaking ones) be happy that France Culture will spend an hour discussing the security of payment cards, trying to provide an answer to the question “Comment améliorer la sécurité des cartes bancaires?“. Among the speakers, we will have Jean-Louis [...]
My first Cardis presentation led to a few discussions about possible paths for the exploitation of smart cards, or for challenges to be considered. Here is a selection of the most interesting discussions.
TPM. Somebody asked the question about the relationship of TPM and smart card. The latest TPM specifications give the impression that they are [...]
That speech is by Raja Naeem Akram, from Royal Holloway. He proposes a system in which the end user buys the smart card from the manufacturer, and then customizes it by going to a service point that will interact with smart card service providers. The services would be leased with specific conditions depending on the [...]
The next talk is given by Suresh Chari,from IBM’s Watson research center, who are still working on their Caernarvon secure operating system, this time protecting random number generation from side-channel attacks.
The talk starts on an interesting property of security certification. The FIPS140-2 certification scheme mandates the testing of random-number generation (RNG) features before they can [...]
Ajit Jaokar has published a post on Mobile Cloud Computing, in which he asks some questions about mobile computing. I found his questions very interesting, so here are my answers (I kept them short, but I will try to develop some things later):
a) Is ‘mobile cloud computing’ a distinct domain in itself? Or is it [...]
By now, there has been sufficient hype around Ross Anderson’s latest attack on EMV banking cards. Once again, the Cambridge guys have scored a good one here, as the simplicity of the attack is outright incredible: Intercept the PIN Presentation command, make the terminal believe that the PIN is correct (i.e., return Status Word 9000), [...]
Well, it seems that I was wrong on Europe and swiping. A European company is getting ready to launch iCharge, which looks like a clone of Square for many of its features: small card swiper, on-screen signature, location-based, … They don’t mention pictures and loyalty, but I guess that it’s coming next.
The questions about security [...]
Being from the smart card industry, I usually don’t spend much time looking at things that work better by swiping cards than by using a good old smart card. Then, a few minutes ago, I looked at the promotional video for the Square payment service. Well, it’s definitely worth watching.
The basic idea is to allow [...]
vetilles.com is a personal website. The opinions expressed are not necessarily those of Trusted Labs, Trusted Logic, Gemalto,or the Java Card Forum.
