- Get a grip or you don't get the job
- Desktops of the future here today
- Researcher hides IE attack on Web
- Cisco third quarter 2008 channel stuffing
- Sci-Fi's goofiest gadgets and technology
Rss FeedRss Feed
Crackin' the Kraken bot. Listen now!
Wireless dangers at airports. Listen now!
Migrating to a new messaging system is a tedious, complex and risky process. And since this isn’t something you do everyday, you need to know "best practices" to ensure a successful migration.
Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.
Watch this webcast to learn in six modules how to more cost effectively consolidate your Windows servers with virtualization. This unique program allows you to pick and choose which of the six modules you would like to view or watch the entire webcast at once. Topics covered: Performance, Use Cases, Enterprise-level Support, Managing Windows Workloads, Setup and Configuration and The Future. Find out how you can simplify server consolidation within your organization today. Register below to learn more and be entered to win an Archos 605 Portable Media Player.
If Microsoft does nothing to fix the problem in a timely manner, that is wrong and makes for poor business...- Anonymous
New research showing that smart cards with encrypted RFID chips might not be as secure as previously thought is raising concerns in Boston, where the subway CharlieCards use just such technology. The research raises the specter of thieves with $1,000 worth of equipment cracking smart-card encryption and making counterfeit cards to do everything from swipe fares to gain access to high-security areas.
Although University of Virginia student Karsen Nohl and colleagues revealed their findings in December at a conference, a couple of Boston-area media outlets (the Boston Herald and Boston Globe) picked up on the story this week, breathing new life into it. The MBTA, the outfit running the Boston subway system, declined to discuss its security technologies with the Boston newspapers.
The particular RFID chip in question – the Mifare Classic, of which a billion-plus have been sold – is made by Philips spinoff NXP Semiconductors, which has been quoted widely saying that only a portion of the cryptographic algorithm has been obtained by the researchers. (The researchers have not disclosed their method fully, in an effort to keep those with bad intentions from copying them.) Security experts have known all along that such chips, which generally cost less than a dollar, were crackable, but didn't realize it could be so economically feasible.
"People have and will, as we have, taken security expertise from the world of computers and applied it to RFIDs, whose designers had been operating under the assumption that their world was apart from such scrutiny," Nohl said in a statement.
Nohl and colleagues were able to listen to data broadcast by the chips using readily available RFID readers; they then dissected the layers of the chip via custom optical-recognition software to deduce the algorithm and encryption keys.
A video of the researchers' presentation, called "Mifare: Little Security, Despite Obscurity," is available on Nohl's Web page.
On his Web page at the University of Virginia, Nohl humorously reassures that he and his colleagues have not found a way to crack credit-card security: "Please note that we have not compromised the security of credit cards, as some of the articles suggest. From what we can see, RFID-enabled credit cards have no security (yet?), and hence there is nothing to compromise."
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com The Industry Standard IDG List Services |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Risk of surreptitious CharlieCard duplicationBy Anonymous on March 6, 2008, 6:06 pmIf this report is correct, a thief could theoretically read your CharlieCard just by standing near you, then later produce an exact duplicate of that card. Currently,...
Reply | Read entire comment
View all comments