Bruce Schneier has written a blog about the fact that passwords should not be hidden, which has stirred quite an intense controversy (over 100 comments in a few hours). Some of the issues and solutions pointed in the comments are in fact quite interesting. Let’s make a little synthesis here.
Tag Archives: Security
Android security from a user’s point of view
I have loaded a few applications on my Magic phone, and this has allowed me to test some of the security features from the end user’s point of view. When I install an application, the screen displays a few warnings, indicating the privileges/permissions requested by the application. Let’s consider a small example, based on Google’s […]
Re: Information request
I am getting more and more message from e-mail marketers that start with “Re:” followed by a very generic sentence that I could have written, just like anybody else. This is of course based on the assumption that we are used to receive answers to our own messages, and that we are more likely to […]
The hidden price of smart card security
Our friends from Radboud University made the news again last week, when they got the Best Practical Paper Award at the IEEE Symposium on Security and Privacy. The most interesting part of this is the background, of course. NXP tried to stop the researchers from publishing the results of their work, and they failed, after […]
Corporate Communication in the Internet age
Another piece of Internet fun today. Bruce Schneier has promoted Net1 to the doghouse (i.e., vendors of cryptographic snake oil and other phony products). This surprised me a bit, since Net1 owns Prizm, one of Trusted Logic’s competitors on smart card operating systems. Not that this brings me to like them, but the doghouse is […]
E-mail and security hickups
Yesterday, I received an e-mail from somebody at a major card manufacturer warning me about USB keys. Initially, I thought it was spam, but I looked at it anyway, and the mail happened to be signed by the guy in the From field, and there was no link to a page that could have infected […]
Can I put my Globull on my Pogoplug?
I am currently the happy owner of a pocket hard drive that usually sits on my desk at work, and that I use both as a backup device for my home computer (I do that by hand, by bringing it home on an evening), and as a way to have access to my entire music […]
A strange device from Switzerland
10 years ago, IBM Research used to have a team working on Java Card in Zurich. IBM sold their Java Card activity to NXP, but the team still exists, and it announced last year a strange device, the ZTIC. This is a device for securing banking transactions. In the example they insist on, they focus […]
Hackers want your PIN code
Wired is running a nice story about hackers that may be able to steal PIN codes during ATM transactions. The nice part of the story is of course the way in which these guys steal the codes. Since the story takes place in the USA, there is no smart card involved. The PIN codes are […]
Secure magstripe?
Visa seems to be investigating a new way to use magnetic stripe cards. The article does not give much details, but the basic idea seems to be that the magnetic stripe is scanned with a high definition, which provides a “unique” pattern, which Visa compares to the DNA or fingerprint of the card. Of course, […]