***************************************************** Edupage is a service of EDUCAUSE, a nonprofit association whose mission is to advance higher education by promoting the intelligent use of information technology. *****************************************************
TOP STORIES FOR MONDAY, OCTOBER 23, 2006 Researchers Question Security of No-Swipe Cards U.S. Rolls Out E-Passports Judge Refuses to Disable Spamhaus RESEARCHERS QUESTION SECURITY OF NO-SWIPE CARDS Using a scanner built from commonly available components, researchers at the University of Massachusetts, Amherst, were able to retrieve sensitive data from credit cards that use RFID technology. Creditors have issued millions of such cards, saying that they can speed transactions, and many retailers now have technology that accepts the cards, which, instead of being swiped, transmit cardholder and account information through radio waves. Supporters of the technology, including major credit card companies, argue that scanners must be within a few inches of a card to read it and that data on the cards is typically encrypted. Other tests have shown that often the data on RFID chips can be read several feet away, and the researchers in this test pointed out that even if closer proximity is necessary, someone could walk among people in a crowd and easily get within a few inches of credit cards in wallets and purses. Although the test was of a relatively small sample, the researchers also found that many of the cards transmit name and card number without encryption or with encryption that was easily cracked. Tom Heydt-Benjamin, a graduate student and one of the researchers, compared the situation to walking down a street "wearing your name, your credit card number, and your card expiration date on your T-shirt." New York Times, 23 October 2006 (registration req'd) http://www.nytimes.com/2006/10/23/business/23card.html U.S. ROLLS OUT E-PASSPORTS After lengthy delays resulting from security concerns, the United States has begun issuing passports equipped with RFID tags. The tags, which transmit data including the passport holder's photo and signature, are susceptible to illicit scanners that "skim" the information from unsuspecting individuals, according to those opposed to e-passports. The U.S. State Department said it has implemented measures to address security concerns, including a metallic mesh woven into the cover of the passport that "makes it nearly impossible to access the chip when the book is closed." Additionally, starting this week, all U.S. points of entry will have equipment to read and process information in e-passports issued by the more than two dozen countries in the Visa Waiver Program. All of those countries issue e-passports, and visitors from those nations are not required to obtain a visa to enter the United States. Critics said U.S. authorities have not addressed the problems associated with e-passports. Kevin Mahaffey of security firm Flexilis wrote a report indicating that despite the mesh in the cover, the passports can still be read if they are open "even a fraction of an inch." Internet News, 23 October 2006 http://www.internetnews.com/wireless/article.php/3639411 JUDGE REFUSES TO DISABLE SPAMHAUS A judge in Illinois has rejected a petition by e360 Insight to force the closure of the Internet domain of antispam company Spamhaus. Last month, the U.S. District Court for the Northern District of Illinois ordered Spamhaus to pay e360 Insight $11.7 million in damages for blacklisting the company, which keeps users of Spamhaus's antispam list from accepting messages from the e360 Insight domain. Following that ruling, e360 Insight asked the court to suspend the spamhaus.org domain, but Judge Charles Kocoras rejected that request. Blocking the Spamhaus domain, he said, would prevent the company from engaging in activities that the court considers legitimate and would be unduly severe. For its part, Spamhaus insists that e360 Insight is in fact a spammer. Spamhaus, which is based in the United Kingdom, has also said it is under no obligation to pay the fine imposed by the Illinois court because that court has no jurisdiction over Spamhaus's actions. Silicon.com, 23 October 2006 http://management.silicon.com/government/0,39024677,39163463,00.htm ***************************************************** EDUPAGE INFORMATION To subscribe, unsubscribe, change your settings, or access the Edupage archive, visit http://www.educause.edu/Edupage/639 Or, you can subscribe or unsubscribe by sending e-mail to [EMAIL PROTECTED] To SUBSCRIBE, in the body of the message type: SUBSCRIBE Edupage YourFirstName YourLastName To UNSUBSCRIBE, in the body of the message type: SIGNOFF Edupage If you have subscription problems, send e-mail to [EMAIL PROTECTED] ***************************************************** OTHER EDUCAUSE RESOURCES The EDUCAUSE Resource Center is a repository for information concerning use and management of IT in higher education. To access resources including articles, books, conference sessions, contracts, effective practices, plans, policies, position descriptions, and blog content, go to http://www.educause.edu/resources ***************************************************** CONFERENCES For information on all EDUCAUSE learning and networking opportunities, see http://www.educause.edu/31 ***************************************************** COPYRIGHT Edupage copyright (c) 2006, EDUCAUSE