User Tools
ci2010:team2_bruce_schneier
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
ci2010:team2_bruce_schneier [2010/02/14 17:05] lstarret |
ci2010:team2_bruce_schneier [2010/02/27 15:11] (current) lstarret |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====Bruce Schneier - Security Guru==== | + | =====Bruce Schneier - Security Guru===== |
| + | [[ci2010:team2|Back to Main]] | ||
| //Bruce Schneier is a well respected author and critic on topics of security. His primary research and writings are on the topic of cryptology, but he is considered a "guru" of security in general.// [[http://www.schneier.com/about.html|Click Here]] //for Bruce's full bio page.// | //Bruce Schneier is a well respected author and critic on topics of security. His primary research and writings are on the topic of cryptology, but he is considered a "guru" of security in general.// [[http://www.schneier.com/about.html|Click Here]] //for Bruce's full bio page.// | ||
| Line 17: | Line 19: | ||
| [[http://www.schneier.com/blog/archives/2010/02/man-in-the-midd_1.html|Full Article]] | [[http://www.schneier.com/blog/archives/2010/02/man-in-the-midd_1.html|Full Article]] | ||
| - | //Researchers found a way to exploit credit cards. Their system allows them to use stolen credit cards without knowing the PIN! This article demonstrates the importance of researches actually BREAKING security protocols on purpose as if they were criminals themselves. Notice the way the researches recorded the exploit on camera for all to see//: | + | //Researchers (Computer Scientists, in fact) from Cambridge University found a way to exploit credit cards. Their system allows them to use stolen credit cards without knowing the PIN! This article demonstrates the importance of researches actually BREAKING security protocols on purpose as if they were criminals themselves. These researchers did just that by recording the exploit on camera for all to see//: |
| - | **"...We did so, on camera, using various journalists' cards. The transactions went through fine and the receipts say "Verified by PIN."** The following [[http://www.bbc.co.uk/blogs/newsnight/susanwatts/2010/02/new_flaws_in_chip_and_pin_syst.html|video]] (exploit: 2:01 - 3:30) shows the exploit in action. You may notice that the BBC version says something like "We obviously don't want to give out too much detail..." Well, maybe not on TV, but the effectiveness of this method for improving security (that is, hacking then publicizing the hack) requires full disclosure. So here it is, folks: the [[http://www.cl.cam.ac.uk/research/security/banking/nopin/oakland10chipbroken.pdf|thesis paper]] entitled "Chip and PIN is Broken" published by the researchers from Cambridge themselves. Happy hacking! | + | **"...We did so, on camera, using various journalists' cards. The transactions went through fine and the receipts say "Verified by PIN."** The following [[http://www.bbc.co.uk/blogs/newsnight/susanwatts/2010/02/new_flaws_in_chip_and_pin_syst.html|video]] (exploit: 2:01 - 3:30) shows the exploit in action. You may notice that this version was done by BBC, and at some point they say something like "We obviously don't want to give out too much detail..." Well, maybe not on TV, but the effectiveness of this method for improving security (that is, hacking then publicizing the hack) requires full disclosure. So here it is, folks: the [[http://www.cl.cam.ac.uk/research/security/banking/nopin/oakland10chipbroken.pdf|thesis paper]] entitled "Chip and PIN is Broken" published by the researchers from Cambridge themselves. Happy hacking! |
| //Now read the following response to this article (as posted on Schneier's blog):// | //Now read the following response to this article (as posted on Schneier's blog):// | ||
ci2010/team2_bruce_schneier.1266185142.txt.gz · Last modified: 2010/02/14 17:05 by lstarret
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
