Tag Archives: Security

Twitter going feudal on security

I have recently experienced security issues with Twitter, as my account was in some way hacked. And I am not happy of the way Twitter handles this situation. First, here are the facts that I know: Two weeks ago, a got an e-mail from a colleague warning me that he just received a spam Direct […]

RFID in schools, or Security vs. Transparency

I recently became enthusiastic about how wonderful transparent security would be. I still feel that way, but we also need to define limits on transparency. The example of a girl being expelled from her school because she refuses to wear a RFID badge (through @stoweboyd) is interesting. The issue is rather simple. A school has […]

Chip to Cloud, day 1: Cloud security panel

A few bits from Helmut Scherzer, from G&D: The digital natives don’t want to escape the Web. We went from visual Web to the social Web, and they will go to the next step with the semantic web, where knowledge is well classified and organized. big companies are very big. The CEO of Toshiba estimatee […]

Protecting your contactless card

As I mentioned in NFC Payments 101, current contactless cards aren’t protected against the simple attack that consists in performing a transaction while your card is in your pocket. Since some models don’t require anything else than tapping the card, the attack is workable. Well, that may change. researchers for the University of Pittsburgh’s RFID […]

The misuse of bytecode verification

Bytecode verification has been an interesting debate since the very beginning of Java Card. Back then, in 1997, Java was very much about Java applets, and the bytecode verifier was the essential piece of software that allowed untrusted code to run in a browser efficiently (i.e., without doing expensive runtime checks, and without having to […]

PINs still under attack!

This summer was very interesting for new attacks. There are two that I really liked, for very different reasons. They are also both attacks on PIN codes, yet they are quite different. The first one is an attack on ATMs, with a thermal camera, hoping that your fingers stay on the keys long enough to […]

The government wants us to protect our assets

The French government has recently published a law, and some details of the application degree have led to strong reactions from the industry, including a suit by the French association of social online services. The suit is about a recent law that forces sites to retain a lot of information about their users, and to […]

About e-Smart: Java Card attacks

I was not at e-Smart this year, but here are some early reports from colleagues who attended the sessions. Over the coming days, I will comment on a few selected presentations. First, one of my favorite topics, which was covered Friday morning: attacks on the Java Card platform. There were two presentations this morning on […]

Live from Oracle OpenWorld: Cloud and Identity

At midday, it is time for a little break in my smart card day, and go listen to an Oracle OpenWorld session. I might as well leverage today’s professional look to blend better into OOW’s suit-dominated crowds. The funny thing is that every OOW session I have seen ended up turning into a blatent advertising […]

Live from JavaOne: Identity for Services in the Cloud

The next talk was about Identity for Services in the Cloud, by Jiandong Guo and Symon Chang. Their focus was to promote their favorite solution, which has been around for a while, and whose objective is to clearly separate authentication from authorization using standards. Their scheme is quite classical: The client gets a SAML token […]