« Buy My ShmooCon Ticket!! | Main | Uninspired. »

Quick Link: "Chip and PIN Is Broken"

Just a quick note and redirect here... if you've not seen Ross Anderson's post "Chip and PIN Is Broken" yet, then I highly recommend zipping right over to his site to read through it. Basically, the underlying schema is broken because of the way the "solution" has been aggregated from various standards. This finding underscores the need for coherent and well-coordinated standards when it comes to things like handling sensitive data.
http://www.lightbluetouchpaper.org/2010/02/11/chip-and-pin-is-broken/"

Update (2/18/10): The Smart Card Alliance has provided a response questioning the viability of this attack in the "real world." It certainly seems somewhat unlikely, though the truth is probably somewhere in the middle. Maybe they should just fix the schema.
http://www.digitalidnews.com/2010/02/15/emv-hack-may-be-overstated"

TrackBack

TrackBack URL for this entry:
http://www.secureconsulting.net/MT/mt-tb.cgi/992

Post a comment

About

This page contains a single entry from the blog posted on February 11, 2010 2:48 PM.

The previous post in this blog was Buy My ShmooCon Ticket!!.

The next post in this blog is Uninspired..

Many more can be found on the main index page or by looking through the archives.

Creative Commons License
This weblog is licensed under a Creative Commons License.