Re: Creativity and security

2006-03-21 Thread Olle Mulmo


Unfortunately, they haven't. In Europe I get receipts with different  
crossing-out patterns almost every week.


And, with they I mean the builders of point-of-sale terminals: I  
don't think individual store owners are given a choice.


Though I believe I have noticed a good trend in that I get receipts  
where *all but four* digits are crossed out more and more often  
nowadays.


/Olle

On Mar 20, 2006, at 21:51, [EMAIL PROTECTED] wrote:


I was tearing up some old credit card receipts recently - after all
these years, enough vendors continue to print full CC numbers on
receipts that I'm hesitant to just toss them as is, though I doubt  
there
are many dumpster divers looking for this stuff any more - when I  
found
a great example of why you don't want people applying their  
creativity

to security problems, at least not without a great deal of review.

You see, most vendors these days replace all but the last 4 digits of
the CC number on a receipt with X's.  But it must be boring to do the
same as everyone else, so some bright person at one vendor(*) decided
they were going to do it differently:  They X'd out *just the last  
four

digits*.  After all, who could guess the number from the 10,000
possibilities?

Ahem.
-- Jerry

(*) It was Build-A-Bear.  The receipt was at least a year old, so for
all I know they've long since fixed this.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to  
[EMAIL PROTECTED]



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Bluetooth cracked further

2005-06-04 Thread Olle Mulmo


On Jun 4, 2005, at 14:12, Thomas Lakofski wrote:

Finally, the PIN length ranges from 8 to 128 bits. Most manufacturers 
use a 4 digit PIN and supply it with the device. Obviously, customers 
should demand the ability to use longer PINs.


Correction: Most manufacturers hardcode the 4-digit PIN to . It has 
been known for some time that those gadgets need to be paired in an 
Faradayic environment: if I recall correctly, a paper being presented 
on this at the RSA conference ~2001 or so.


The forced re-pairing vulnerability is news to me. It makes me very 
concerned about Bluetooth keyboards...


/O


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


RE: Code breakers crack GSM cellphone encryption

2003-09-08 Thread Olle Mulmo

DCMA comes to mind: it could potentially make it a little harder to get
your hands on any mass market eavesdropping tool.

If you are terribly concerned about this, there are end-to-end encryption
phones on the market that are used by military and others already today.
Such systems come with a price tag though: As for me, the ordinary end
user, I just have be as careful with what I say or trust when communicating
over the phone as when I'm using email.

But that should have already been the case, had I thought things through,
and shouldn't come as a shock.

/Olle

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of David Honig
Sent: den 8 september 2003 02:18
To: R. A. Hettinga; Clippable
Cc: [EMAIL PROTECTED]
Subject: Re: Code breakers crack GSM cellphone encryption

A copy of the research was sent to GSM authorities in order to correct the
problem, and the method is being patented so that in future it can be used
by the law enforcement agencies.

Laughing my ass off.  Since when do governments care about patents? 
How would this help/harm them from exploiting it?   Not that
high-end LEOs haven't already had this capacity ---Biham et al
are only the first *open* researchers to reveal this.



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]