Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
Censorship

UK Banks Attempt To Censor Academic Publication 162

Posted by timothy from the here-are-some-rugs-for-your-eyes dept.
An anonymous reader writes "Representatives of the UK banking industry have sent a take-down notice (PDF link) to Cambridge University, demanding that they censor a student's webpage as well as his masters thesis (PDF). The banks' objection is that the information contained in the report might be used to exploit a vulnerability in the Chip and PIN system, used throughout Europe and Canada for credit and debit card payments. The system was revealed to be fundamentally flawed earlier this year, as it allowed criminals to use a stolen card with any PIN. Cambridge University has resisted the demands and has sent a response to the bankers explaining why they will keep the page online."
Censorship

Submission + - UK Banks Attempt to Censor Academic Publication (lightbluetouchpaper.org)

Submitted by
An anonymous reader writes: Representatives of the UK banking industry have sent a take-down notice (PDF link) to Cambridge University, demanding that they censor a student's webpage as well as his masters thesis. The banks' objection is that the information contained in the report might be used to exploit a vulnerability Chip and PIN system, used throughout Europe and Canada for credit and debit card payments. The system was revealed to be fundamentally flawed earlier this year, as it allowed criminals to use a stolen card with any PIN. Cambridge University has resisted the demands and has sent a response to the bankers explaining why they will keep the page online.
Security

Submission + - New Credit Card Fraud Risk Found by Researchers

Submitted by Anonymous Coward
An anonymous reader writes: Researchers from the University of Cambridge have discovered flaws in the card payment systems used by millions of customers worldwide. Ross Anderson, Saar Drimer, and Steven Murdoch demonstrated how a simple paperclip can be used to capture account numbers and PINs from so-called "tamper-proof" equipment. In their paper (PDF), they warn how with a little technical skill and off-the-shelf electronics, fraudsters could empty customers' accounts. British television featured a demonstration of the attack on BBC Newsnight. The story has been featured on The Register, The New Scientist and many other outlets.
Handhelds

Nokia Unveils Shape Changing Nano-phone Concept 89

Posted by samzenpus from the can-you-bend-it-now dept.
An anonymous reader writes "Morph, a joint nanotechnology concept developed by Nokia Research Center and the University of Cambridge, has gone on display as part of the "Design and the Elastic Mind" exhibition at The Museum of Modern Art in New York. The concept demonstrates how future mobile devices might be stretchable and flexible, allowing the user to transform the gadget into radically different shapes. Nokia said that elements of Morph might be integrated into handheld devices within seven years, though initially only at the high end."
Security

Submission + - Using Google to crack MD5 passwords. (lightbluetouchpaper.org) 2

Submitted by
stern
stern writes: "A security researcher at Cambridge, trying to figure out the password used by somebody who had hacked his website, ran a dictionary through the encryption hash function. No dice. Then he pasted the hacker's encrypted password into Google, and Shazzam — the all-knowing Google delivered his answer. Conclusion? Use no password any other human being is ever likely to use for any purpose, I think."

Comment You don't have to download the file to be infected (Score 3, Interesting) 182

by sjmurdoch (#20529359) Attached to: Storm Worm Evolves To Use Tor

Actually, if you're using an unpatched browser, you might not even have to download the file they offer to be infected. The web page includes Javascript exploits for half a dozen security vulnerabilities, which will install the trojan without user interaction. I've posted an analysis of the malware code on my blog.

Despite what the article says, Storm isn't using Tor (other than trying to exploit it's reputation) and the download isn't a trojaned version of Tor – it's much too small to be that. What's more, the botnet operators appear to have dropped this strategy. While on Thursday the links in the spam went to a fake Tor download page, on Friday they showed a fake YouTube video, and now they show a fake NFL game tracker.
Security

Submission + - Chip & PIN terminal playing Tetris

Submitted by Fearful Bank Customer
Fearful Bank Customer writes: When British banks introduced the Chip-and-Pin smartcard-based debit and credit card system three years ago, they assured the public it was impervious to fraud. However, the EMV protocol it's based on requires customers to type their bank account pin number into store terminals in order to make any purchase. Security researchers at the University of Cambridge Computer Laboratory derided the system as insecure at the time, as it gave access to customer's bank account pin numbers to every store they bought from. Despite these objections, the system was deployed, so researchers Steven Murdoch and Saar Drimer recently modified a straight-off-e-bay chip-and-pin terminal to play Tetris, with a video on YouTube, demonstrating that devices are neither tamper-resistant nor tamper-evident, and that even students with a spare weekend can take control of them. The banks are claiming that this can be reproduced only "in the laboratory" but seem to have missed the point: if customers have to type their bank account pin into every device they see, then the bad guys can capture both critical card information *and* the pin number for the bank account, leaving customers even more vulnerable than they were under the old system.

Slashdot Top Deals

Faith may be defined briefly as an illogical belief in the occurence of the improbable. - H. L. Mencken

Close