April 20th, 2014

Unclogging the tubes

D’oh. We had some problems with the MRL server over the last week, but things are slowly coming back to life. The wiki and CVS are still down, but most things should be back up for the meantime. We’ll probably be migrating again in a few weeks to a more permanent location, but hopefully that should be a more graceful move, :) .

“MIFARE Classic” report released

Researchers from the Institute for Computing and Information Sciences at Radboud University in The Netherlands have, at long last, published their report (PDF) on the security posture of the MIFARE Classic system. The report, simply and appropriately entitled “Dismantling MIFARE Classic”, was presented as part of the 13th European Symposium on Research in Computer Security (ESORICS 2008).

At a mere 18 pages, the report still provides good detail about the team’s findings, including hardware setup, crypto used by MIFARE Classic (including the oft ridiculed 48-bit CRYPTO1 cipher), and exploits that can be launched against the system. Additional information can be found at the homepage of Flavio D. Garcia, one of the researchers involved.

Hat tip to Security4all for the notification on this paper.

Security through begging

From TechDirt and Schneier:

Last summer, the surprising news came out that Japanese nuclear secrets leaked out, after a contractor was allowed to connect his personal virus-infested computer to the network at a nuclear power plant. The contractor had a file sharing app on his laptop as well, and suddenly nuclear secrets were available to plenty of kids just trying to download the latest hit single. It’s only taken about nine months for the government to come up with its suggestion on how to prevent future leaks of this nature: begging all Japanese citizens not to use file sharing systems — so that the next time this happens, there won’t be anyone on the network to download such documents.

Yeah, that’ll work. Good thing he didn’t beg the rest of the world to do the same, otherwise we’d have to find a new place for our Japanese nuclear secrets. Why did it take them nine months for a response of “uhm, please?

Imhotep theme designed by Chris Lin. Proudly powered by Wordpress.
XHTML | CSS | RSS | Comments RSS