Feeds:
Posts
Comments

There’re a number of attacks around modifying the EFTPOS smart card terminals. This is especially a problem when the same PIN can be used for the CHIP n PIN entry as is used for the magnetic strip. I.e. take a copy of the magnetic strip, and even if the user then uses CHIP n PIN you can send those details (magnetic strip + pin) overseas and make withdrawals from ATMs that don’t use a CHIP reader.

See a detailed story on the issue here, “Criminals hijack terminals to swipe Chip-and-PIN data”

Most of the problems come down to the one simple problem; the user does not have the technical skills to determine whether they should trust a particular ATM or EFTPOS machine.

One simple answer to all this problem of trusted hardware may be to have smart cards with PIN pads built in and a small display. 

  1. You would insert your card in the ATM/EFTPOS machine.
  2. Choose the transaction (I.e. withdrawal $100, or pay $12.34 for some goods).
  3. Remove the card from the ATM/EFTPOS terminal.
  4. The card would then have a small display showing how much you were authorising and potentially who you were paying as well.
  5. You would then enter your PIN on keys / touch sensor built into the smart card.
  6. Re-insert your card in the ATM/EFTPOS terminal to complete the transaction.

I don’t think the technology is too much of a problem. Building a display and pin-pad into a card that remains as thin as current ones may be a challenge, though not an insurmountable one I suspect.

But then again, why not just use a trusted computing device with short range communications to authorise payments. i.e. Swipe your phone past the eftpos machine, transactions under $100 automatically authorised, up to $300 user clicks OK on phone to authorise, phone requires a pin number to authorise anything more.

OfficeSVN 1.4

This latest version of OfficeSVN includes an installer which will automatically install some required patches from Microsoft. If you have previously installed OfficeSVN and the toolbar didn’t show up you should uninstall it and get the latest version.

Please see the software page for details.

OfficeSVN 1.3

This latest version of OfficeSVN includes some additional DLLs that may not already be deployed on peoples machines with partially patched versions of office.

 The latest version will not be on download.com for a few weeks so please grab a copy from the software page.

OfficeSVN 1.2

A new version of OfficeSVN has been released.If you were experiencing problems with version 1.1 or 1.0, not creating the toolbars at all, you should grab the latest version. Please see the software page for details.

OfficeSVN patched

A new version of OfficeSVN has been released.

If you were experiencing problems with version 1.0, creating additional toolbars each time you started office, you should grab the new version.

 Please see the software page for details.

Welcome to mhano.com

My blog at mhano.com is a bit of a mixed bag, some technical, some politics (around election time).

My blog is also where I publish any software I can make freely available. Anybody who uses my software could keep an eye on or subscribe to the “Software by Mhano” category for news, new software, bug fixes etc…