Nothing to do with mobile security, but today, I received a really funny phishing message. First, the topic was ambiguous enough to fool two spam filters, and to get me to open it. Then, the message itself was interesting: Dear Mr/Mrs, The “AMS Group Co.”, an international advertising agency, is looking for full-time company representatives […]
Voting machine security
Dan Wallach has published a nice blog post on voting machines, and I would like to comment both as a security evaluator and as a French citizen interested in the electoral process. In the past few years, I have kept a interest in politics and votes, and I have participated to electoral process in my […]
JC101-13C: Testing Java Card applications
My first intention was to continue on my security tutorial, by showing how we can include countermeasures in the password manager. However, since then, my colleagues tried to use this application in a training session, and I had to face a hard truth: my programs are buggy. Some of their bugs are not even subtle; […]
Open source smart card
[26/06/08] CORRECTION: Misunderstanding about the meaning of “smart card” … UPDATE: Sadly, it seems that I was wrong about the fact that the project includes a full software stack. Radboud researchers will only design a new application. Most of what I said still holds, but the implications are less dramatic, because we are not talking […]
What is the value of a smart card OS?
The big news of the week in the mobile world is that Nokia is buying Symbian and open sourcing it. One of the reaction papers that I read about that claims that this deal reveals the true value of a mobile operating system, which of course is null, zip, zero. If this is true, it […]
Java Card development environments
Over the past year, I have received a number of comments and messages about development environments. Readers ask me which environment I use, and which one they can use. Sadly, I don’t have a good answer for now. Actually, I hope that this post will be a bit interactive, and that some comments will bring […]
The ultimate bad idea
Smart phones carry a bad reputation about security, in particular with regards to corporations. If you consider your CEO’s contacts and appointments sensitive, they often hold very sensitive information. Their bad reputation is also deserved by the fact that they are based on platforms that are famous for their viruses or other bugs. And even […]
Google is stealing our souls
Some people believe that a photograph may give access to their souls, just like a voodoo doll does. In primitive culture, an identity basically consists of a name and an image, so an image gives direct access to your inner self, your soul. This week-end was Father’s day in France, and I usually take this […]
JavaOne session stats
The session statistics are out for JavaOne sessions, including for session TS-5940, “Getting Started with the Java Card 3.0 Platform”, that I gace with Anki Nelaturu and Bela Gangal (they did the hard work, I just did the introduction). Our average rating is above average, just below the first quartile, which is good. The rest […]
It’s MY wallet
I recently wrote about privacy, thinking about Internet in general, and a bit about mobile phones, but not really about smart cards. It did not even take a week for privacy to pop up in the smart card world, as a side discussion in a mobile payment discussion. It seems that banks don’t want mobile […]