On Sun, Jul 01, 2007 at 11:09:16PM -0400, Leichter, Jerry wrote:
| | | > > Given that all you need for this is a glorified pocket
| | | > > calculator, you could (in large enough quantities) probably get
| | | > > it made for < $10, provided you shot anyone who tried to
| | | > > introduce product-
Peter Gutmann wrote:
Smart cards are part of the problem set, not the solution set - they're just
an expensive and awkward distraction from solving the real problem. What I
was suggesting (and have been for at least ten years :-) is a small external
single-function device (no need for an OS) tha
Perry E. Metzger wrote:
> Adam Shostack <[EMAIL PROTECTED]> writes:
>> On Mon, Jul 02, 2007 at 01:08:12AM +1200, Peter Gutmann wrote:
>>> Given that all you need for this is a glorified pocket calculator,
>>> you could (in large enough quantities) probably get it made for <
>>> $10, provided you sh
Seeing as how there are are some rumors about other attacks coming
from BlackHat, I thought we should publicize ours a bit:
A 3" piece of wire does the job. More info (and a link to a YouTube
demo) at:
www.cs.dartmouth.edu/~pkilab/sparks/
--Sean
Sean W. Smith [EMAIL PROTECTED] www.cs.
Adam Shostack <[EMAIL PROTECTED]> writes:
>I'd suggest starting from the deployment, training, and help desk costs. The
>technology is free, getting users to use it is not. I helped several banks
>look at this stuff in the late 90s, when cost of a smartcard reader was order
>~25, and deployment
Peter Gutmann wrote:
Given that all you need for this is a glorified pocket calculator, you could
(in large enough quantities) probably get it made for < $10, provided you shot
anyone who tried to introduce product-deployment DoS mechanisms like smart
cards and EMV into the picture.
That seems
| | > > Given that all you need for this is a glorified pocket
| | > > calculator, you could (in large enough quantities) probably get
| | > > it made for < $10, provided you shot anyone who tried to
| | > > introduce product-deployment DoS mechanisms like smart cards and
| | > > EMV into the pictu
Peter Gutmann wrote:
I have a friend who implemented a basic trusted-boot mechanism for a student
project, so we have evidence of at least one use of a TPM for TC, and I know
some folks at IBM Research were playing with one a few years ago, so that's at
least two users so far. Anyone else?
as
Dave Korn wrote:
> Ian Farquhar wrote:
>> Maybe I am showing my eternal optimist side here, but to me, this is
>> how TPM's should be used, as opposed to the way their backers
>> originally wanted them used. A removable module whose connection to a
>> device I establish (and can de-establish, a
Florian Weimer wrote:
Oh really?
In Germany, early digital banking had no cryptographic protection at
all. Integrity and confidentiality were inherited from the underlying
phone system. There were no end-to-end digital signatures. Nothing.
Just a one-time password for each transaction, but t
* Anne & Lynn Wheeler:
> In the mid-90s, financial institutions looking at the internet for
> online, commercial banking and cash management (i.e. business
> equivalent to consumer online banking) were extremely conflicted
> ... they frequently were almost insisting on their own appliance at
> the
* Ian G.:
> Banks are the larger and more informed party.
But not as far as client-side fraudulent activity is concerned. After
all, the attacked systems are not under their administrative control.
> They need to provide systems that are reasonable given the situation
> (anglo courts generally
On Sun, Jul 01, 2007 at 04:01:03PM -0400, Perry E. Metzger wrote:
|
| Adam Shostack <[EMAIL PROTECTED]> writes:
| > On Mon, Jul 02, 2007 at 01:08:12AM +1200, Peter Gutmann wrote:
| > >
| > > Given that all you need for this is a glorified pocket calculator,
| > > you could (in large enough quanti
[EMAIL PROTECTED] (Peter Gutmann) writes:
> (The usage model is that you do the UI portion on the PC, but perform the
> actual transaction on the external device, which has a two-line LCD display
> for source and destination of transaction, amount, and purpose of the
> transaction. All communicati
On Sun, Jul 01, 2007 at 08:38:12AM -0400, Perry E. Metzger wrote:
>
> [EMAIL PROTECTED] (Peter Gutmann) writes:
> > (The usage model is that you do the UI portion on the PC, but
> > perform the actual transaction on the external device, which has a
> > two-line LCD display for source and destinati
Adam Shostack wrote:
I'd suggest starting from the deployment, training, and help desk
costs. The technology is free, getting users to use it is not. I
helped several banks look at this stuff in the late 90s, when cost of
a smartcard reader was order ~25, and deployment costs were estimated
at
16 matches
Mail list logo