Today is my last day at Trusted Logic, after a bit more than 11 years. It has been a great adventure, and I really enjoyed the small company feeling, where one has to deal with one thousand different activities, giving many opportunities to learn on different fields. As I try to think about successes and […]
PINs still under attack!
This summer was very interesting for new attacks. There are two that I really liked, for very different reasons. They are also both attacks on PIN codes, yet they are quite different. The first one is an attack on ATMs, with a thermal camera, hoping that your fingers stay on the keys long enough to […]
GoogleIO suggestions for new NFC apps
GoogleIO is happening right now in San Francisco. On the agenda, there has been (only?) one talk on NFC in the Android track. During this talk, the speakers gave an introduction to NFC technology, but for someone who knows the basics on NFC, the most interesting parts were the demos, showing interesting NFC applications. But […]
The government wants us to protect our assets
The French government has recently published a law, and some details of the application degree have led to strong reactions from the industry, including a suit by the French association of social online services. The suit is about a recent law that forces sites to retain a lot of information about their users, and to […]
The Personal Web
Doc Searls’ latest post points to a post by Louis Ray defining the third wave of the Web (a.k.a. Web 3.0) as the Personal Web. The value of the first wave was in the information itself (static Web, a.k.a. Web 1.0); the value of the second wave was in the sharing of information (social web, […]
Amazon does little shifts
So, Amazon is launching an online music service, where you can store your music on their servers and then stream it to your devices. This is impressive, and as mentioned by some, we are getting closer to the mythical GDrive. Amazon’s announcement gives us a very cheap online storage: by just buying one album on […]
It can’t happen here
The sentence It can’t happen here is the latest motto of the French government, to which they add because our nuclear plants are the safest in the world. My point is not here to discuss politics or nuclear engineering, but to focus on risk analysis. I only did a few risk analyses, but it taught […]
Android malware better, still accessible
I have been lazily looking at the latest Android piece of malware these past few days, until a tweet written this afternoon by @cryptax: Disagree with http://bit.ly/hq5J6H on raising entry fee of #android dev: organized gangs will still pay. Genuine individuals no. It sure sounded to me that I agreed with Axelle, and not only […]
Q&A: How to generate and protect keys in Java Card?
Cryptographic keys are often at the heart of Java Card applications, which often rely on cryptography to protect their data in storage and/or communication. Keys therefore become the most sensitive pieces of data in such applications. All evaluators know that, as getting the values of secret/private keys is the ultimate goal of a security evaluation. […]
Android as an application platform
Android and iPhone have in common the fact that they define an operating system, an application execution platform, an applicatoin development platform, an application distribution framework, and probably many things that I forget. This consistent and wholesome experience probably participates to their success, but it also makes the analysis more difficult. The recent announcement of […]