This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | Next revision Both sides next revision | ||
ci2010:team2_bruce_schneier [2010/02/14 17:16] lstarret |
ci2010:team2_bruce_schneier [2010/02/14 17:19] lstarret |
||
---|---|---|---|
Line 20: | Line 20: | ||
- | **"...We did so, on camera, using various journalists' cards. The transactions went through fine and the receipts say "Verified by PIN."** The following [[http://www.bbc.co.uk/blogs/newsnight/susanwatts/2010/02/new_flaws_in_chip_and_pin_syst.html|video]] (exploit: 2:01 - 3:30) shows the exploit in action. You may notice that the BBC version says something like "We obviously don't want to give out too much detail..." Well, maybe not on TV, but the effectiveness of this method for improving security (that is, hacking then publicizing the hack) requires full disclosure. So here it is, folks: the [[http://www.cl.cam.ac.uk/research/security/banking/nopin/oakland10chipbroken.pdf|thesis paper]] entitled "Chip and PIN is Broken" published by the researchers from Cambridge themselves. Happy hacking! | + | **"...We did so, on camera, using various journalists' cards. The transactions went through fine and the receipts say "Verified by PIN."** The following [[http://www.bbc.co.uk/blogs/newsnight/susanwatts/2010/02/new_flaws_in_chip_and_pin_syst.html|video]] (exploit: 2:01 - 3:30) shows the exploit in action. You may notice that this version was done by BBC, and at some point they say something like "We obviously don't want to give out too much detail..." Well, maybe not on TV, but the effectiveness of this method for improving security (that is, hacking then publicizing the hack) requires full disclosure. So here it is, folks: the [[http://www.cl.cam.ac.uk/research/security/banking/nopin/oakland10chipbroken.pdf|thesis paper]] entitled "Chip and PIN is Broken" published by the researchers from Cambridge themselves. Happy hacking! |
//Now read the following response to this article (as posted on Schneier's blog):// | //Now read the following response to this article (as posted on Schneier's blog):// |