Category Archives: News

All kinds of news about Java Card, including new research, new products, conferences, etc.

Java Card software attacks

There have been two papers at SSTIC’16 that outline the limits of bytecode verification in the context of Java Card. One of the papers, by Guillaume Bouffard and Julien Lancia, describes a bug found in Oracle’s bytecode verifier through fuzzing (yes, it’s been fixed). The second one, by Jean Dubreuil, outlines several logical and combined […]

Java Card LinkedIn stats

I was looking for updated statistics on Java Card, so I turned to LinkedIn to look at the Java Card skill. The information available is declining a bit (for instance, there is no trend or relationship to age any more, or at least I couldn’t find it). Yet, it reveals interesting information. Over 3000 people […]

Fiction (maybe): Who will refuse to break a secure element?

Apple is refusing to break an iPhone for the FBI. I believe that they are right to do so, but also that this position isn’t that easy to stand for everybody. So, here is a little fiction (well, I think it is fiction) about this. The iPhone is a secure device, so the best way […]

Fashion statement

I am just out of the Cartes show. A bit depressing, mostly because of the current circumstances and the number of “Absent exhibitors”. However, there werea few interesting highlights. One of them came in the Wearable and IoT conference track, in a presentation from Oberthur’s Olga Titova Candel about Wearable Payments for Fashion. The main […]

About PIN, the iPhone is about 20 years behind smart cards

I was astonished when I read this article on breaking the iPhone PIN. Some guy has built a device that can guess your iPhone PIN, and he is using a very old trick that was performed on cards years ago. Of course, the exercise is pointless; as noted in the original article, Apple can (will) […]

Did Apple just boost mobile security?

I have been working on mobile security for many years, and things haven’t moved much: justifying mobile security is always painful. Whyshould Ispend more money? There aren’t that many attacks! Some business use cases seemed like a good justification, but the economics are unclear and remain in the order of “if youget hacked, it could […]

Twitter going feudal on security

I have recently experienced security issues with Twitter, as my account was in some way hacked. And I am not happy of the way Twitter handles this situation. First, here are the facts that I know: Two weeks ago, a got an e-mail from a colleague warning me that he just received a spam Direct […]

Experimenting NFC, things

Following my little NFC rants, I have kept on experimenting with Android NFC applications and reading about the Internet of Things (experimenting remains harder, here). The combination is trendy these days, as this week will see the launch of a new initiative in France with the French chapter of ACM SIGOPS (in French). I won’t […]

NFC Tags to Empower Users in The Internet of Everything Else

Here is a continuation to my ramblings about the solely private use of NFC tags. I have already mentioned that there would be many benefits in considering some tags as public goods, and now, I wll focus on tags to be associated to things, as owned by companies or individuals. I have pompously called this […]

NFC tags as Public Goods

I have now seen a number of NFC applications, and they all have something in common: they consider their tags as a private and exclusive property. They believe that they will be the only application using this tag. That may be true in some cases, where tags are deployed inside the premises of a company […]