[pchelpers] News:Cambridge security boffins slam banking card readers

• From: John Durham <john.modec@xxxxxxxxxx>
• To: PC-Helpers <pchelpers@xxxxxxxxxxxxx>
• Date: Fri, 27 Feb 2009 07:56:45 +1300

'Optimised to fail'

By John Leyden 
Posted in Crime, 26th February 2009 16:22 GMT

Card readers for online banking are inherently insecure, according to a
new study by Cambridge security researchers.

Researchers Saar Drimer, Steven J Murdoch and Ross Anderson found a
number of serious security shortcomings after reverse engineering the
underlying protocol (called the Chip Authentication Programme or CAP)
that underpins hand-held card readers. Readers are typically used
alongside customer's debit cards to generate one-time codes for online
banking login and transaction authentication.

The devices are designed to thwart online banking fraud, but cost-saving
measures have resulted in design compromises that have left customers
open to risk of fraud.

More here:
http://www.theregister.co.uk/2009/02/26/bank_reader_insecurity/
-- 
John Durham
Site http://modecideas.com
Server hosted on Ubuntu 4.10
Good advice is like good paint. It only works when applied.



-- 
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription