Tag Archives: Security

Card readers for online banking

A few weeks ago, Cambridge’s team of security researchers published a paper about the small card readers that are currently being deployed as a way to make online banking more secure. Their article is quite critical, and I would just like to review the vulnerabilities that they mention, because I don’t think that these products […]

March 19, 2009 – 22:22 | By Eric Vétillard | Posted in Discussions, News | Tagged , | Comments (0)

Cloned debit cards are good for secure EMV cards

Reports about cloning debit cards have been all around, for instance here. The combination of cloning cards and making millions with a fraud scheme instantly makes smart card people happy: we told you that your magstripe cards would lead to big problems! OK. But let’s try to analyze this a bit deeper.

February 6, 2009 – 20:06 | By Eric Vétillard | Posted in Banking, News, Open issues, Security | Tagged , | Comments (0)

Distributing mobile applications

As an iPod Touch owner, I was quite happy to learn that I would be able to use my “DS” (as my kids call it) to place a few calls using this application. The most interesting sentence of the article actually comes from a BBC interview of Truphone’s CEO: “We’ve decided to focus on devices […]

December 8, 2008 – 12:00 | By Eric Vétillard | Posted in Mobile Security | Tagged , , | Comments (0)

The French government and open security

Most links below link to French sites. In France, we have professional elections, in which we elect the judges who settle disputes between employees and employers (cases are judged by a panel with 50% of representatives of employers and 50% of representatives of employees). This is very nice, but most people don’t think that it […]

November 22, 2008 – 17:10 | By Eric Vétillard | Posted in Discussions, News | Tagged , | Comments (0)

JC101-17C: Communication Security Rationale

Foreword: If you have been following the tutorial, you may have noticed that the last post was numbered 13. There are therefore 3 missing posts. Like post 13, they should be dedicated to testing techniques (building a test plan, writing tests, etc.). However, writing tests without using proprietary tools is not as easy as I […]

September 2, 2008 – 22:22 | By Eric Vétillard | Posted in Tutorial | Tagged , , | Comments (0)

Android’s definition of malware

Android is starting a security review, so there have been some communication about security. Among this communication, there is a Security FAQ, which includes a list of characteristics of malware. Here are a few comments on this list (the items are not in the original order). First, we have the obvious items. Any application doing […]

August 26, 2008 – 21:30 | By Eric Vétillard | Posted in News | Tagged , , | Comments (0)

Are you aware?

I have been looking for a while for interesting location-based mobile services. I have always had the feeling that location is a big hype, and that it is not that easy to build interesting and non-intrusive services (yes, I believe that location-based advertising is intrusive). Mapping is obvious, of course, and finding friends can also […]

July 27, 2008 – 22:53 | By Eric Vétillard | Posted in Mobile Security, News | Tagged , , | Comments (0)

Stories remain alive

I recently posted about contactless card security and about voting machines. Well, these two items are still in the news. About contactless card, it seems that the researchers from Radboud University Nijmegen are being sued by NXP in an attempt to avoid the full disclosure of their flaw. The article I linked to contains a […]

July 10, 2008 – 11:13 | By Eric Vétillard | Posted in News | Tagged , , | Comments (0)