A few years back, Keycorp has been a member of the Java Card Forum, before to focus exclusively on Multos. Today, Gemalto is buying the Multos activity from Keycorp, together with their customer base, mostly in Asia. This is a sad way to celebrate the 10 years of Multos, which was a well-designed smart card […]
JC101-17C: Communication Security Rationale
Foreword: If you have been following the tutorial, you may have noticed that the last post was numbered 13. There are therefore 3 missing posts. Like post 13, they should be dedicated to testing techniques (building a test plan, writing tests, etc.). However, writing tests without using proprietary tools is not as easy as I […]
Android’s definition of malware
Android is starting a security review, so there have been some communication about security. Among this communication, there is a Security FAQ, which includes a list of characteristics of malware. Here are a few comments on this list (the items are not in the original order). First, we have the obvious items. Any application doing […]
Adam Gowdiak strikes again
Adam Gowdiak made a name for himself in the J2ME community in 2004, by publishing at the Hack-In-The-Box conference a paper about a nice attack on a Nokia device, based on a flaw he found in the bytecode verifier used at the time. He is back in the news this summer, with an undisclosed hack […]
Who are you?
My blog, like many others, gathers a few data about its readers using Google Analytics. So, just before the blog closes for a summer vacation, here is a little data about my readership. Geographically, 15-25% of the readers are from France, and 10-15% from the USA. Germany is between 5% and 10%, and UK, Brazil, […]
About unknown vulnerabilities
The recent DNS vulnerability has prompted Bruce Schneier to write an essay on the fight against vulnerabilities, and the fact that good design also means defending against unknown vulnerabilities, which concludes by: That’s what a good design looks like. It’s not just secure against known attacks; it’s also secure against unknown attacks. We need more […]
Are you aware?
I have been looking for a while for interesting location-based mobile services. I have always had the feeling that location is a big hype, and that it is not that easy to build interesting and non-intrusive services (yes, I believe that location-based advertising is intrusive). Mapping is obvious, of course, and finding friends can also […]
Get trained on Java Card 3
This year’s session on smart card software at Smart University is entitled The Art of Java Card 3.0 Programming. A bit pompous, possibly, but this remains by far the best offer you can think of today in terms of generic training on Java Card 3. In that event, you will get an introductory session by […]
NFC market in the coming years
Juniper Research has just published a study on Mobile Payments, 2008-2013, which is announced in a press release. The report promises wonderful things, like $75 billion in yearly mobile payments by 2013. The author of the report, Howard Wilcox, is however quite cautious, and he is cited in the press release as saying: Whilst trial […]
Stories remain alive
I recently posted about contactless card security and about voting machines. Well, these two items are still in the news. About contactless card, it seems that the researchers from Radboud University Nijmegen are being sued by NXP in an attempt to avoid the full disclosure of their flaw. The article I linked to contains a […]