Adam Shostack wrote:
I'd suggest starting from the deployment, training, and help desk
costs. The technology is free, getting users to use it is not. I
helped several banks look at this stuff in the late 90s, when cost of
a smartcard reader was order ~25, and deployment costs were estimated
at
On Sun, Jul 01, 2007 at 08:38:12AM -0400, Perry E. Metzger wrote:
[EMAIL PROTECTED] (Peter Gutmann) writes:
(The usage model is that you do the UI portion on the PC, but
perform the actual transaction on the external device, which has a
two-line LCD display for source and destination of
[EMAIL PROTECTED] (Peter Gutmann) writes:
(The usage model is that you do the UI portion on the PC, but perform the
actual transaction on the external device, which has a two-line LCD display
for source and destination of transaction, amount, and purpose of the
transaction. All communications
On Sun, Jul 01, 2007 at 04:01:03PM -0400, Perry E. Metzger wrote:
|
| Adam Shostack [EMAIL PROTECTED] writes:
| On Mon, Jul 02, 2007 at 01:08:12AM +1200, Peter Gutmann wrote:
|
| Given that all you need for this is a glorified pocket calculator,
| you could (in large enough quantities)
* Ian G.:
Banks are the larger and more informed party.
But not as far as client-side fraudulent activity is concerned. After
all, the attacked systems are not under their administrative control.
They need to provide systems that are reasonable given the situation
(anglo courts generally
* Anne Lynn Wheeler:
In the mid-90s, financial institutions looking at the internet for
online, commercial banking and cash management (i.e. business
equivalent to consumer online banking) were extremely conflicted
... they frequently were almost insisting on their own appliance at
the
Florian Weimer wrote:
Oh really?
In Germany, early digital banking had no cryptographic protection at
all. Integrity and confidentiality were inherited from the underlying
phone system. There were no end-to-end digital signatures. Nothing.
Just a one-time password for each transaction, but
Dave Korn wrote:
Ian Farquhar wrote:
Maybe I am showing my eternal optimist side here, but to me, this is
how TPM's should be used, as opposed to the way their backers
originally wanted them used. A removable module whose connection to a
device I establish (and can de-establish, assuming
Peter Gutmann wrote:
I have a friend who implemented a basic trusted-boot mechanism for a student
project, so we have evidence of at least one use of a TPM for TC, and I know
some folks at IBM Research were playing with one a few years ago, so that's at
least two users so far. Anyone else?
as
| | Given that all you need for this is a glorified pocket
| | calculator, you could (in large enough quantities) probably get
| | it made for $10, provided you shot anyone who tried to
| | introduce product-deployment DoS mechanisms like smart cards and
| | EMV into the picture. Now
Peter Gutmann wrote:
Given that all you need for this is a glorified pocket calculator, you could
(in large enough quantities) probably get it made for $10, provided you shot
anyone who tried to introduce product-deployment DoS mechanisms like smart
cards and EMV into the picture.
That seems
Adam Shostack [EMAIL PROTECTED] writes:
I'd suggest starting from the deployment, training, and help desk costs. The
technology is free, getting users to use it is not. I helped several banks
look at this stuff in the late 90s, when cost of a smartcard reader was order
~25, and deployment costs
Seeing as how there are are some rumors about other attacks coming
from BlackHat, I thought we should publicize ours a bit:
A 3 piece of wire does the job. More info (and a link to a YouTube
demo) at:
www.cs.dartmouth.edu/~pkilab/sparks/
--Sean
Sean W. Smith [EMAIL PROTECTED]
Perry E. Metzger wrote:
Adam Shostack [EMAIL PROTECTED] writes:
On Mon, Jul 02, 2007 at 01:08:12AM +1200, Peter Gutmann wrote:
Given that all you need for this is a glorified pocket calculator,
you could (in large enough quantities) probably get it made for
$10, provided you shot anyone who
Peter Gutmann wrote:
Smart cards are part of the problem set, not the solution set - they're just
an expensive and awkward distraction from solving the real problem. What I
was suggesting (and have been for at least ten years :-) is a small external
single-function device (no need for an OS)
On Sun, Jul 01, 2007 at 11:09:16PM -0400, Leichter, Jerry wrote:
| | | Given that all you need for this is a glorified pocket
| | | calculator, you could (in large enough quantities) probably get
| | | it made for $10, provided you shot anyone who tried to
| | | introduce
16 matches
Mail list logo