Rss

    Archives for : Shiraz

    Contactless credit cards with RFID are easily hacked

    A blog posting on BoingBoing provides further discussion as to the
    inappropriate deployment and of RFID chips within the existing payment
    marketplace.

    http://www.boingboing.net/2006/10/23/report_contactless_c.html

    The underlying point of this article is, the card schemes and banks said they are using key rotating encryption of all data between the card and the acquirer/issuer, but this is clearly not the case in many situations.

    Another interesting paper is ‘RFID Payment Card Vulnerabilities Technical Report’ located at:

    http://www.nytimes.com/packages/pdf/business/20061023_CARD/techreport.pdf

    Technology is always being challenged

    I read a very interesting paper created by the University of Massachusetts, RSA Laboratories and Innealta, Inc.<<

    This paper primarily relates to the compromise of contact less payment technologies (RFID) if the RFID and/or reader have not been implemented correctly or the solution provider has used an inappropriate type of RFID and discusses the challenges around Chip and Pin with respect to financial transactions e.g. EMV standards and compliance.

    Additionally, the paper describes a RFID relay method which is being discussed within many forums around the world and we have now begun to see equipment being produced for the RFID skimmers/clonners to use for malicious means.

    The overarching point of this paper is to use an appropriate RFID & Chip solutions which supports the security/privacy of the user and purpose of the transaction (financial or non financial)<<

    The paper can be found at http://prisms.cs.umass.edu/~kevinfu/papers/RFID-CC-manuscript.pdf

    In modern payment RFID & Chip solutions, newer devices can be used which possess a high degree of processing power and are therefore able to execute strong cryptographic methods (such as digital signatures) to protect the identification and payment information whilst the transaction is occurring.

    These systems often utilise bidirectional authentication between the RFID/Chip scanner and the RFID tag/Chip prior to performing the transaction. These methods and cryptographic algorithms are accepted and proven to work within the traditional payment markets.

    As mentioned in the paper, some solution store static digitally signed and/or encrypted data which is provided to the RFID/Chip reader when queried, but this data never changes from one transaction to another. This may allow a malicious individual to capture and re-inject the data into the reader at a later stage. The alternative to storing static digitally signed and/or encrypted data is to negotiate a key exchange at the time of the transaction in which the card/value information is encrypted and subsequently transmitted. With this method the transmitted data
    changes on every transaction and therefore even if a malicious individual was to capture the encrypted transaction data from one transaction, this would not be accepted by the reader if re-injected at a later stage.

    Although this is the case today, older RFID/Chip solutions often use technologies which are not appropriate for financial transactions and therefore may be compromised easily and in some cases without the knowledge of the card holder, merchant or acquirer.

    I find this interesting how some of these less secure solution have been approved for use by acquiring banks and the card schemes around the world (if they were told) in recent years, where it has been seen that these solutions have utilised techniques or deployment methods which can be compromised. These technologies and techniques would never be approved within the Point of Sale (PoS) or traditional banking markets.

    It can only be assumed that the need to get product to market quickly at the expense of proper testing, understanding and with due consideration to industry lessons learnt has succeeded again.

    New Firefox 3 Released

    I have now downloaded the latest version of Firefox.
    As with any new tool it’s very exciting to see all the new features.
    The biggest positive I have seen so far is that it quicker than the earlier version and it appears to have good support for the existing add-ons, which I use extensively.
    So I think it is worth getting.
    If you get it today this will also help Firefox set a world record. That’s sort of cool.
    Check it out at:

    v3.0, released June 17, 2008
    Check out what’s new, the known issues and frequently asked questions about the latest version of Firefox. As always, you’re encouraged to tell us what you think, either using & feedback form or by filing a bug in Bugzilla.

    Download Day - English

    WordPress Dust-317 Theme Tweeks

    I recently had a couple of complaints in regards to the new Website. It turns out the site looks OK in Firefox but does not seem to work very well with Internet Explorer.

    I ran the W3C Validator located at http://validator.w3.org/

    When executed against the site it found 11 errors. The files and fixes (highlighted in RED) are described below.

    File: Header.php

    Error: required attribute “type” not specified

    <script type=”text/javascript” src=”<?php bloginfo(‘template_directory’); ?>/js/addEvent.js”></script>

    <script type=”text/javascript” src=”<?php bloginfo(‘template_directory’); ?>/js/sweetTitles.js”></script>

    I have also seen some other errors in Header.php, but they don´t seem to be a big problem.

    Error: document type does not allow element “li” here; missing one of “ul”, “ol”, “menu”, “dir” start-tag.

    Update

    I finally worked out what was going on…

    It was the mod_rewrite (RewriteEngine) in the .htaccess file.

    I´m running WPSuperCache, so I thought this may have caused some issues.

    As it turned out it was the WordPress section of the .htaccess which was causing the problems. I probably modified it at some stage…

    Another Problem Found and Fixed

    I have been having problems when placing graphics into a posting, where although the WYSIWYG editor shows the correct layout, the text below the image wraps around the graphic when the site is viewed.

    After some looking around, I found a similar article written in relation to a different theme. As it turns out the fix for the DUST-317 Theme is the same.

    Edit the DUST-317 Theme style.css located in the DUST-317 theme directory. Search for this line.

    #content p img{float:left;border:none;margin-right:10px;margin-bottom:10px;}

    Remove the float:left; for the above line, making it look like this.

    #content p img{border:none;margin-right:10px;margin-bottom:10px;}

    ThatÅ› it… now the text sits under the graphics OK.

    Lethal Toxins Entering Your Body

    I recently read an article in a magazine and was shocked to see some of the toxic dangers which modern living introduce. Australian Men’s Health April 2008, by Susan Casey, pg 87.

    I thought I would expand on this article here as a method of analysing some of the things Kerry and I need to be careful of. I hope this also assists others in understanding some of these dangers.

    “Except for the small amount that’s been incinerated every bit of plastic ever manufactured still exists”

    Toxic

    Articles

    Polycarbonate

    Bottles (marked with a #7 in a triangle)

    Cling wrap and plastic takeaway containers (marked with a #7)

    Dangerous

    Ingredients

    Bisphenol A (BPA), a synthetic oestrogen, which can leach into the bottle’s contents when heated.span>

    Phthalates, a probable human carcinogen and endocrine disruptor, can seep into food (especially fatty foods, such as delis meats and cheeses).

    Linked to

    Prostate cancer, reduced sperm count and reproductive-organ abnormalities, according to US studies at the universities of Missouri, Chicago and Cincinnati.

    Reproductive problems like undescended testes and low sperm count, reveal researchers at New York’s University of Rochester and the Centres for Disease Control and Prevention in the US.

    How to reduce your exposure

    Pots, pans and bottles made from stainless steel are a non-toxic alternative. If you’re using polycarbonate, keep it out of the dishwasher and replace it every 60 days or if it’s scratched. Plastic releases toxins over tie when damaged or exposed to high heat.

    Keep it out of microwave and dishwasher. Don’t store fatty or acidic foods in these containers, rather use waxed paper and buy meat wrapped in paper from the butcher. If you use plastic-wrapped cuts, trim the edges off where the product touched the wrapping.

     

    Toxic

    Articles

    Polystyrene cups and takeaway containers (marked with a #6)

    Fast-food containers (with waxy lining) and non-stick (Teflon) pans.

    Polyvinyl chloride (PVC), used in vinyl flooring, shower curtains and car interiors.

    Dangerous

    Ingredients

    Styrene, a possible human carcinogen, can leah into the contents of the cup.

    Perfluoro-octanoic acid (PFOA), a grease-repelling flourotelomer chemical and likely human carcinogen, can transfer from the waxy-plastic coating onto the food inside, especially at high temperatures.

    Vinyl chloride is a known human carcinogen that gives off gas into the surrounding air, so it’s inhaled instead of ingested.span>

    Linked to

    Cancer, warn scientists at the US Environmental Protection Agency’s (EPA) Office of Research and Development and the World Health Organisations International Agency for Research on Cancer.

    Cancer, lung and kidney damage, according to studies at the EPA and Environmental Working Group in the US.

    Cancer and liver damage, predicts both the EA and the Centre for Health and Environmental Justice in the US.

    How to reduce your exposure

    Never drink hot liquids out of polystyrene ups. Use paper ones (those without a wax lining) whenever possible or a ceramic coffee mug. If your takeaway comes in polystyrene, transfer it to ceramic dish or glass as soon as possible.

    The best alternatives to drive-through and delivery are sit-down restaurants and home cooking. At home, never use Teflon-coated pans. If you own any, replace with non-toxic cookware made from copper, cast iron or stainless steel.

    Use natural materials for home flooring. Buy a shower curtain made from hemp, which lasts longer and is naturally mildew-resistant. New vinyl gives off aerial toxins at highly concentrated levels, so open windows to air spaces where this material is present.

     

    These are also great articles:

    http://www.seattlepi.com/local/326907_plastic09.html

    http://www.bravenewleaf.com/environment/2008/02/updated-repeat.html

    http://www.breastcancerfund.org/clear-science/environmental-breast-cancer-links/plastics/

    http://io9.com/how-to-recognize-the-plastics-that-are-hazardous-to-you-461587850

    http://www.smallfootprintfamily.com/avoiding-toxins-in-plastic

    http://articles.mercola.com/sites/articles/archive/2013/04/11/plastic-use.aspx

    ISO 14443

    http://www.answers.com/topic/iso-14443

    Dutch RFID e-passport cracked — US next?

    http://www.engadget.com/2006/02/03/dutch-rfid-e-passport-cracked-us-next

    ISO 14443 contactless card

    An international standard for proximity or contactless smart card communication

    ISO 14443 contactless card

    ISO 14443 is an international standard which describes how contactless cards and terminals should work to ensure industry-wide compatibility, for example in identity, security, payment, mass-transit and access control applications.

    ISO standards are developed by the ISO, the International Organization for Standardization. Technical committees comprising experts from the industrial, technical and business sectors develop the standards to increase levels of quality, reliability and interoperability on a global scale.

    Gemplus has always had a strong involvement in ISO definition of the chip card standards, and has been represented in the development of this international standard. The ISO 14443 is divided into 4 separate parts outlining physical characteristics, radio frequency power and signal interface, initialization and anti-collision and transmission protocol.

    Gemplus has developed a wide range of contactless payment solutions based on the ISO 14443 international standard. The speed and convenience of contactless technology has created a significant demand for this sort of solution in environments such as fast food restaurants, gas stations, public transport services, banks and many others.

    How to Build a Low-Cost, Extended-Range RFID Skimmer Filed under: RFID

    http://www.eng.tau.ac.il/~yash/kw-usenix06/index.html </a>

    Check it Out…

    here is a local copy.

    How to Build a Low-Cost, Extended-Range RFID Skimmer

    Also some of the supporting documents.

    A Practical Relay Attack on ISO 14443 Proximity Cards

    S4100 Multi-Function Reader Module Data Sheet

    Security Analysis of a Cryptographically-Enabled RFID’s

    Antenna Circuit Design for RFID Applications

    ISO 14443

    FAQ Interoperability