shava - Slashdot User

UK Banks Attempt To Censor Academic Publication 162

Posted by timothy on Saturday December 25, 2010 @10:55AM from the here-are-some-rugs-for-your-eyes dept.

An anonymous reader writes "Representatives of the UK banking industry have sent a take-down notice (PDF link) to Cambridge University, demanding that they censor a student's webpage as well as his masters thesis (PDF). The banks' objection is that the information contained in the report might be used to exploit a vulnerability in the Chip and PIN system, used throughout Europe and Canada for credit and debit card payments. The system was revealed to be fundamentally flawed earlier this year, as it allowed criminals to use a stolen card with any PIN. Cambridge University has resisted the demands and has sent a response to the bankers explaining why they will keep the page online."

Submission + - UK Banks Attempt to Censor Academic Publication (lightbluetouchpaper.org)

Submitted by on Saturday December 25, 2010 @06:42AM

An anonymous reader writes: Representatives of the UK banking industry have sent a take-down notice (PDF link) to Cambridge University, demanding that they censor a student's webpage as well as his masters thesis. The banks' objection is that the information contained in the report might be used to exploit a vulnerability Chip and PIN system, used throughout Europe and Canada for credit and debit card payments. The system was revealed to be fundamentally flawed earlier this year, as it allowed criminals to use a stolen card with any PIN. Cambridge University has resisted the demands and has sent a response to the bankers explaining why they will keep the page online.

Comment I survived 3 weeks of Farmville... (Score 2, Interesting) 33

by shava on Monday May 24, 2010 @05:33PM (#32329670) Attached to: A Brief History of Social Games

...and lived to tell the tale (on Gamasutra)

Comment Re:Tor is hopeless (Score 1) 122

by shava on Sunday May 02, 2010 @09:30AM (#32063710) Attached to: Why Tor Users Should Be Cautious About P2P Privacy

um. If you care about anonymity, you can disable most of that in the browser. I recommend Firefox for the best nuanced control of these parameters.

There's a good guide here:
http://advocacy.globalvoicesonline.org/projects/guide/

yrs,
Shava Nerad
former Tor staff, current volunteer

Comment Re:Global "Lawful Interception" break Tor anyway (Score 1) 122

by shava on Sunday May 02, 2010 @09:28AM (#32063692) Attached to: Why Tor Users Should Be Cautious About P2P Privacy

Actually, if you look at how Tor works, the links are encrypted and tunneled together such that it is nearly impossible to trace a well formed route -- of course, assuming flash or a torrent client aren't giving up your IP within the data packets before it enters or after it exits the cloud.

You should think about learning more about how Tor works at http://torproject.org -- it's a lot more than a simple 3-hop proxy.

yrs,
Shava Nerad
former Tor staff, current volunteer

Comment Re:Pardon my ignorance... but tor for P2P? (Score 1) 122

by shava on Sunday May 02, 2010 @09:24AM (#32063666) Attached to: Why Tor Users Should Be Cautious About P2P Privacy

Sorry, didn't log in on the above comment -- but I'm not really anonymous or cowardly, just slack...:)

Shava

Submission + - New Credit Card Fraud Risk Found by Researchers

Submitted by Anonymous Coward on Thursday February 28, 2008 @12:22PM

An anonymous reader writes: Researchers from the University of Cambridge have discovered flaws in the card payment systems used by millions of customers worldwide. Ross Anderson, Saar Drimer, and Steven Murdoch demonstrated how a simple paperclip can be used to capture account numbers and PINs from so-called "tamper-proof" equipment. In their paper (PDF), they warn how with a little technical skill and off-the-shelf electronics, fraudsters could empty customers' accounts. British television featured a demonstration of the attack on BBC Newsnight. The story has been featured on The Register, The New Scientist and many other outlets.

Feed The Register: Chip & PIN skewered by paper clip attack (theregister.com)

From feed by registerfeed on Wednesday February 27, 2008 @12:53PM

Tapping up

Academic from Cambridge University have documented possible shortcomings of Chip and PIN machines used to authenticate debit and credit card transactions.

Nokia Unveils Shape Changing Nano-phone Concept 89

Posted by samzenpus on Tuesday February 26, 2008 @12:39PM from the can-you-bend-it-now dept.

An anonymous reader writes "Morph, a joint nanotechnology concept developed by Nokia Research Center and the University of Cambridge, has gone on display as part of the "Design and the Elastic Mind" exhibition at The Museum of Modern Art in New York. The concept demonstrates how future mobile devices might be stretchable and flexible, allowing the user to transform the gadget into radically different shapes. Nokia said that elements of Morph might be integrated into handheld devices within seven years, though initially only at the high end."

Submission + - Using Google to crack MD5 passwords. (lightbluetouchpaper.org) 2

Submitted by

stern

on Monday November 19, 2007 @11:15PM

stern writes: "A security researcher at Cambridge, trying to figure out the password used by somebody who had hacked his website, ran a dictionary through the encryption hash function. No dice. Then he pasted the hacker's encrypted password into Google, and Shazzam — the all-knowing Google delivered his answer. Conclusion? Use no password any other human being is ever likely to use for any purpose, I think."

Comment Re:A little perspective for everyone thinking that (Score 1) 428

by shava on Sunday September 16, 2007 @08:19PM (#20630855) Attached to: German Police Arrest Admin of Tor Anonymity Server

Running a Tor server is not illegal in Germany.

We deplore the treatment of our German volunteer at the hands of his law enforcement authorities. No one should be subject to such unjustified treatment.

The irony of all of this is that the actual Tor server involved in their putative investigation was 500 miles away in a colocation facility. Did they consult a network security forensics expert at all?

Tor is used by journalists, bloggers, human rights groups and many others for good ends. It acts as a "caller-ID block" mechanism for your Internet address. This is a basic element of Internet privacy, and is used by many individuals around the globe -- including military personnel and law enforcement.

But again and again we have seen Tor server operator volunteers harassed by law enforcement officials who are not adequately trained in Internet security.

We encourage law enforcement to contact us to better understand how Tor can help law enforcement, and how law enforcement can distinguish a Tor server -- which is no more liable, as far as we know, for the traffic that crosses it than any ISP, router, or switch that passes traffic without taking responsibility for the content of the traffic.

Shava Nerad
Development Director
The Tor Project

Comment You don't have to download the file to be infected (Score 3, Interesting) 182

by sjmurdoch on Sunday September 09, 2007 @12:00PM (#20529359) Attached to: Storm Worm Evolves To Use Tor

Actually, if you're using an unpatched browser, you might not even have to download the file they offer to be infected. The web page includes Javascript exploits for half a dozen security vulnerabilities, which will install the trojan without user interaction. I've posted an analysis of the malware code on my blog.

Despite what the article says, Storm isn't using Tor (other than trying to exploit it's reputation) and the download isn't a trojaned version of Tor – it's much too small to be that. What's more, the botnet operators appear to have dropped this strategy. While on Thursday the links in the spam went to a fake Tor download page, on Friday they showed a fake YouTube video, and now they show a fake NFL game tracker.

Submission + - Chip & PIN terminal playing Tetris

Submitted by Fearful Bank Customer on Monday January 08, 2007 @07:12AM

Fearful Bank Customer writes: When British banks introduced the Chip-and-Pin smartcard-based debit and credit card system three years ago, they assured the public it was impervious to fraud. However, the EMV protocol it's based on requires customers to type their bank account pin number into store terminals in order to make any purchase. Security researchers at the University of Cambridge Computer Laboratory derided the system as insecure at the time, as it gave access to customer's bank account pin numbers to every store they bought from. Despite these objections, the system was deployed, so researchers Steven Murdoch and Saar Drimer recently modified a straight-off-e-bay chip-and-pin terminal to play Tetris, with a video on YouTube, demonstrating that devices are neither tamper-resistant nor tamper-evident, and that even students with a spare weekend can take control of them. The banks are claiming that this can be reproduced only "in the laboratory" but seem to have missed the point: if customers have to type their bank account pin into every device they see, then the bad guys can capture both critical card information *and* the pin number for the bank account, leaving customers even more vulnerable than they were under the old system.

Slashdot Top Deals