I thought this was cool. It may come in handy for Ham Radio.
Archives for : javascript
A blog posting on BoingBoing provides further discussion as to the
inappropriate deployment and of RFID chips within the existing payment
marketplace.
http://www.boingboing.net/2006/10/23/report_contactless_c.html
The underlying point of this article is, the card schemes and banks said they are using key rotating encryption of all data between the card and the acquirer/issuer, but this is clearly not the case in many situations.
Another interesting paper is ‘RFID Payment Card Vulnerabilities Technical Report’ located at:
http://www.nytimes.com/packages/pdf/business/20061023_CARD/techreport.pdf
I read a very interesting paper created by the University of Massachusetts, RSA Laboratories and Innealta, Inc.<<
This paper primarily relates to the compromise of contact less payment technologies (RFID) if the RFID and/or reader have not been implemented correctly or the solution provider has used an inappropriate type of RFID and discusses the challenges around Chip and Pin with respect to financial transactions e.g. EMV standards and compliance.
Additionally, the paper describes a RFID relay method which is being discussed within many forums around the world and we have now begun to see equipment being produced for the RFID skimmers/clonners to use for malicious means.
The overarching point of this paper is to use an appropriate RFID & Chip solutions which supports the security/privacy of the user and purpose of the transaction (financial or non financial)<<
The paper can be found at http://prisms.cs.umass.edu/~kevinfu/papers/RFID-CC-manuscript.pdf
In modern payment RFID & Chip solutions, newer devices can be used which possess a high degree of processing power and are therefore able to execute strong cryptographic methods (such as digital signatures) to protect the identification and payment information whilst the transaction is occurring.
These systems often utilise bidirectional authentication between the RFID/Chip scanner and the RFID tag/Chip prior to performing the transaction. These methods and cryptographic algorithms are accepted and proven to work within the traditional payment markets.
As mentioned in the paper, some solution store static digitally signed and/or encrypted data which is provided to the RFID/Chip reader when queried, but this data never changes from one transaction to another. This may allow a malicious individual to capture and re-inject the data into the reader at a later stage. The alternative to storing static digitally signed and/or encrypted data is to negotiate a key exchange at the time of the transaction in which the card/value information is encrypted and subsequently transmitted. With this method the transmitted data
changes on every transaction and therefore even if a malicious individual was to capture the encrypted transaction data from one transaction, this would not be accepted by the reader if re-injected at a later stage.
Although this is the case today, older RFID/Chip solutions often use technologies which are not appropriate for financial transactions and therefore may be compromised easily and in some cases without the knowledge of the card holder, merchant or acquirer.
I find this interesting how some of these less secure solution have been approved for use by acquiring banks and the card schemes around the world (if they were told) in recent years, where it has been seen that these solutions have utilised techniques or deployment methods which can be compromised. These technologies and techniques would never be approved within the Point of Sale (PoS) or traditional banking markets.
It can only be assumed that the need to get product to market quickly at the expense of proper testing, understanding and with due consideration to industry lessons learnt has succeeded again.
I recently had a couple of complaints in regards to the new Website. It turns out the site looks OK in Firefox but does not seem to work very well with Internet Explorer.
I ran the W3C Validator located at http://validator.w3.org/
When executed against the site it found 11 errors. The files and fixes (highlighted in RED) are described below.
File: Header.php
Error: required attribute “type” not specified
<script type=”text/javascript” src=”<?php bloginfo(‘template_directory’); ?>/js/addEvent.js”></script>
<script type=”text/javascript” src=”<?php bloginfo(‘template_directory’); ?>/js/sweetTitles.js”></script>
I have also seen some other errors in Header.php, but they don´t seem to be a big problem.
Error: document type does not allow element “li” here; missing one of “ul”, “ol”, “menu”, “dir” start-tag.
Update
I finally worked out what was going on…
It was the mod_rewrite (RewriteEngine) in the .htaccess file.
I´m running WPSuperCache, so I thought this may have caused some issues.
As it turned out it was the WordPress section of the .htaccess which was causing the problems. I probably modified it at some stage…
Another Problem Found and Fixed
I have been having problems when placing graphics into a posting, where although the WYSIWYG editor shows the correct layout, the text below the image wraps around the graphic when the site is viewed.
After some looking around, I found a similar article written in relation to a different theme. As it turns out the fix for the DUST-317 Theme is the same.
Edit the DUST-317 Theme style.css located in the DUST-317 theme directory. Search for this line.
#content p img{float:left;border:none;margin-right:10px;margin-bottom:10px;}
Remove the float:left; for the above line, making it look like this.
#content p img{border:none;margin-right:10px;margin-bottom:10px;}
ThatÅ› it… now the text sits under the graphics OK.
http://www.eng.tau.ac.il/~yash/kw-usenix06/index.html </a>
Check it Out…
How to Build a Low-Cost, Extended-Range RFID Skimmer
Also some of the supporting documents.
A Practical Relay Attack on ISO 14443 Proximity Cards
S4100 Multi-Function Reader Module Data Sheet
Security Analysis of a Cryptographically-Enabled RFID’s
This article is about the Bluetooth wireless specification. For King Harold Bluetooth, see Harold I of Denmark
Bluetooth is an industrial specification for wireless personal area networks (PANs).
Bluetooth provides a way to connect and exchange information between devices like personal digital assistants (PDAs), mobile phones, laptops, PCs, printers and digital cameras via a secure, low-cost, globally available short range radio frequency.
Bluetooth lets these devices talk to each other when they come in range, even if they’re not in the same room, as long as they are within 10 metres (32 feet) of each other.
The spec was first developed by Ericsson, later formalised by the Bluetooth Special Interest Group (SIG). The SIG was formally announced on May 20, 1999. It was established by Sony Ericsson, IBM, Intel, Toshiba and Nokia, and later joined by many other companies as Associate or Adopter members.
Table of contents* 1 About the name |
About the name
The system is named after a Danish king Harald Blåtand (<arold Bluetooth in English), King of Denmark and Norway from 935 and 936 respectively, to 940 known for his unification of previously warring tribes from Denmark, Norway and Sweden. Bluetooth likewise was intended to unify different technologies like computers and mobile phones. The Bluetooth logo merges the Nordic runes for H and B.
General information
The latest version currently available to consumers is 2.0, but few manufacturers have started shipping any products yet. Apple Computer, Inc. offered the first products supporting version 2.0 to end customers in January 2005. The core chips have been available to OEMs (from November 2004), so there will be an influx of 2.0 devices in mid-2005. The previous version, on which all earlier commercial devices are based, is called 1.2.
Bluetooth is a wireless radio standard primarily designed for low power consumption, with a short range (up to 10 meters [1], ) and with a low-cost transceiver microchip in each device.
It can be used to wirelessly connect peripherals like printers or keyboards to computers, or to have PDAs communicate with other nearby PDAs or computers.
Cell phones with integrated Bluetooth technology have also been sold in large numbers, and are able to connect to computers, PDAs and, specifically, to handsfree devices. BMW was the first motor vehicle manufacturer to install handsfree Bluetooth technology in its cars, adding it as an option on its 3 Series, 5 Series and X5 vehicles. Since then, other manufacturers have followed suit, with many vehicles, including the 2004 Toyota Prius and the 2004 Lexus LS 430. The Bluetooth car kits allow users with Bluetooth-equipped cell phones to make use of some of the phone’s features, such as making calls, while the phone itself can be left in a suitcase or in the boot/trunk, for instance.
The standard also includes support for more powerful, longer-range devices suitable for constructing wireless LANs.
A Bluetooth device playing the role of “master” can communicate with up to 7 devices playing the role of “slave”. At any given instant in time, data can be transferred between the master and one slave; but the master switches rapidly from slave to slave in a round-robin fashion. (Simultaneous transmission from the master to multiple slaves is possible, but not used much in practice). These groups of up to 8 devices (1 master and 7 slaves) are called piconets.
The Bluetooth specification also allows connecting two or more piconets together to form a scatternet, with some devices acting as a bridge by simultaneously playing the master role in one piconet and the slave role in another piconet. These devices have yet to come, though are supposed to appear within the next two years.
Any device may perform an “inquiry” to find other devices to which to connect, and any device can be configured to respond to such inquiries.
Pairs of devices may establish a trusted relationship by learning (by user input) a shared secret known as a “passkey”. A device that wants to communicate only with a trusted device can cryptographically authenticate the identity of the other device. Trusted devices may also encrypt the data that they exchange over the air so that no one can listen in.
The protocol operates in the license-free ISM band at 2.45 GHz. In order to avoid interfering with other protocols which use the 2.45 GHz band, the Bluetooth protocol divides the band into 79 channels (each 1 MHz wide) and changes channels up to 1600 times per second. Implementations with versions 1.1 and 1.2 reach speeds of 723.1 kbit/s. Version 2.0 implementations feature Bluetooth Enhanced Data Rate (EDR), and thus reach 2.1 Mbit/s. Technically version 2.0 devices have a higher power consumption, but the three times faster rate reduces the transmission times, effectively reducing consumption to half that of 1.x devices (assuming equal traffic load).
Bluetooth differs from Wi-Fi in that the latter provides higher throughput and covers greater distances but requires more expensive hardware and higher power consumption. They use the same frequency range, but employ different multiplexing schemes. While Bluetooth is a cable replacement for a variety of applications, Wi-Fi is a cable replacement only for local area network access. A glib summary is that Bluetooth is wireless USB whereas Wi-Fi is wireless Ethernet.
Many USB Bluetooth adapters are available, some of which also include an IrDA adapter.
Embedded Bluetooth
Bluetooth devices and modules are increasingly being made available which come with an embedded stack and a standard UART port. The UART protocol can be as simple as the industry standard AT protocol, which allows the device to be configured to cable replacement mode. This means it now only takes a matter of hours (instead of weeks) to enable legacy wireless products that communicate via UART port.
Features by version
Bluetooth 1.0 and 1.0B
Versions 1.0 and 1.0B had numerous problems and the various manufacturers had great difficulties in making their products interoperable. 1.0 and 1.0B also had mandatory Bluetooth Hardware Device Address (BD_ADDR) transmission in the handshaking process, rendering anonymity impossible at a protocol level, which was a major set-back for services planned to be used in Bluetooth environments, such as Consumerism.
Bluetooth 1.1
In version 1.1 many errata found in the 1.0B specifications were fixed. There was added support for non-encrypted channels.
Bluetooth 1.2
This version is backwards compatible with 1.1 and the major enhancements include
- Adaptive Frequency Hopping (AFH), which improves resistance to radio interference by avoiding using crowded frequencies in the hopping sequence
- Higher transmission speeds in practice
- extended Synchronous Connections (eSCO), which improves voice quality of audio links by allowing retransmissions of corrupted packets.
- Received Signal Strength Indicator (RSSI)
- Host Controller Interface (HCI) support for 3-wire UART
- HCI access to timing information for Bluetooth applications.
Bluetooth 2.0
This version is backwards compatible with 1.x and the major enhancements include
- Non-hopping narrowband channel(s) introduced. These are faster but have been criticised as defeating a built-in security mechanism of earlier versions; however frequency hopping is hardly a reliable security mechanism by today’s standards. Rather, Bluetooth security is based mostly on cryptography.
- Broadcast/multicast support. Non-hopping channels are used for advertising Bluetooth service profiles offered by various devices to high volumes of Bluetooth devices simultaneously, since there is no need to perform handshaking with every device. (In previous versions the handshaking process takes a bit over one second.)
- Enhanced Data Rate (EDR) of 2.1 Mbit/s.
- Built-in quality of service.
- Distributed media-access control protocols.
- Faster response times.
- Halved power consumption due to shorter duty cycles.
Future Bluetooth uses
One of the ways Bluetooth technology may become useful is in Voice over IP. When VOIP becomes more widespread, companies may find it unnecessary to employ telephones physically similar to today’s analogue telephone hardware. Bluetooth may then end up being used for communication between a cordless phone and a computer listening for VOIP and with an infrared PCI card acting as a base for the cordless phone. The cordless phone would then just require a cradle for charging. Bluetooth would naturally be used here to allow the cordless phone to remain operational for a reasonably long period.
Security concerns
In November 2003, Ben and Adam Laurie from A.L. Digital Ltd. discovered that serious flaws in Bluetooth security lead to disclosure of personal data (see http://bluestumbler.org). It should be noted however that the reported security problems concerned some poor implementations of Bluetooth, rather than the protocol itself.
In a subsequent experiment, Martin Herfurt from the trifinite.group was able to do a field-trial at the CeBIT fairgrounds showing the importance of the problem to the world. A new attack called BlueBug was used for this experiment.
In April 2004, security consultants @Stake revealed a security flaw that makes it possible to crack into conversations on Bluetooth based wireless headsets by reverse engineering the PIN.
This is one of a number of concerns that have been raised over the security of Bluetooth communications. In 2004 the first purported virus using Bluetooth to spread itself among mobile phones appeared for the Symbian OS. The virus was first described by Kaspersky Labs and requires users to confirm the installation of unknown software before it can propagate. The virus was written as a proof-of-concept by a group of virus writers known as 29a and sent to anti-virus groups. Because of this, it should not be regarded as a security failure of either Bluetooth or the Symbian OS. It has not propagated ‘in the wild’.
In August 2004, a world-record-setting experiment (see also Bluetooth sniping) showed that with directional antennas the range of class 2 Bluetooth radios could be extended to one mile. This enables attackers to access vulnerable Bluetooth-devices from a distance beyond expectation.
Bluetooth uses the SAFER+ algorithm for authentication and key generation.
Bluetooth profiles
In order to use Bluetooth, a device must be able to interpret certain Bluetooth profiles. These define the possible applications. Following profiles are defined:
- Generic Access Profile (GAP)
- Service Discovery Application Profile (SDAP)
- Cordless Telephony Profile (CTP)
- Intercom Profile (IP)
- Serial Port Profile (SPP)
- Headset Profile (HSP)
- Dial-up Networking Profile (DUNP)
- Fax Profile
- LAN Access Profile (LAP)
- Generic Object Exchange Profile (GOEP)
- Object Push Profile (OPP)
- File Transfer Profile (FTP)
- Synchronisation Profile (SP)
This profile allows synchronisation of Personal Information Manager (PIM) items. As this profile originated as part of the infra-red specifications but has been adopted by the Bluetooth SIG to form part of the main Bluetooth specification, it is also commonly referred to as IrMC Synchronisation.
- Hands-Free Profile (HFP)
- Human Interface Device Profile (HID)
- Hard Copy Replacement Profile (HCRP)
- Basic Imaging Profile (BIP)
- Personal Area Networking Profile (PAN)
- Basic Printing Profile (BPP)
- Advanced Audio Distribution Profile (A2DP)
- Audio Video Remote Control Profile (AVRCP)
- SIM Access Profile (SAP)
Compatibility of products with profiles can be verified on the Bluetooth Qualification website.
See also
- Bluechat
- Bluejacking – a form of communication via Bluetooth
- Bluetooth sniping
- Bluesnarfing
- Blunt – Bluetooth protocol stack for Newton OS 2.1
- Cable spaghetti – a problem wireless technology hopes to solve
- IrDA
- OBEX
- Jini
- LibertyLink
- OSGi Alliance
- Salutation
- Service Location Protocol
- Toothing
- Universal plug-and-play
- Wi-Fi
- Wireless dating
- Wireless AV kit with Bluetooth for modern LCD TV and computer displays.
- ZigBee – an alternative digital radio technology that claims to be simpler and cheaper than uetooth, it also needs less power consumption.
External links
- Bluetooth Tutorial Includes information on Architecture, Protocols, Establishing Connections, Security and Comparisons
- Bluetooth connecting and paire guide
- The Official Bluetooth® Wireless Info Site<SIG public pages
- Howstuffworks.com explanation of bluetooth
- The Bluetooth Car Concept
- A series of guides on how-to connect devices like mobile phones, PDAs, desktop/laptops, headsets and use different Bluetooth services
- Mapping Salutation Architecture APIs to Bluetooth Service Discovery Layer
- Bluetoothâ„¢ Security White Paper
- Security Concerns
- Laptops, PDA and mobile (cell) phones with Bluetooth(TM) and Linux
- Bluetooth qualified products
- Bluecarkit discussion forum about Bluetooth car handsfree
- Bluetooth in spanish
- Radio-Electronics.Com – Overview of Bluetooth and its operationi>
- Bluetooth Background information about bluetooth (German)
- Bluetooth.org – The Official Bluetooth Membership Sitei>