A bore is a person who lights up the room by leaving it
|
|
|
Chip and PIN is useless
ACCORDING TO RESEARCHERS at Cambridge University, Chip and PIN isn't worth the plastic it is printed on.
The researchers, who we suspect carry around a lot of cash, warned that readers could be 'fooled' into accepting transactions despite not having the relevant PIN number.
In the paper, which actually has the title 'Chip and PIN is broken'(PDF) so no one can accuse us of being sensational, the researchers explained that it was possible to launch a man in the middle attack, effectively blinding the machine to the fraud, and letting criminals exploit lost or stolen cards.
Chip and PIN has often been described as being something of a silver bullet for securing transactions and has been credited with causing a drop in fraud levels. In fact this week when announcing plans to shore up mobile phones, the UK Home Office minister Alan Campbell said, "I believe the solutions developed by this challenge have the potential to be as successful as previous innovations like Chip and Pin, which reduced fraud on lost or stolen cards to an all time low, and would encourage industry to continue working with us and take them up."
However, the researchers have warned that they were able to demonstrate how a hacker could use a stolen card, without knowing what its PIN was, to make transactions. They added, "Since verified by PIN - the essence of the system - does not work, we declare the chip and PIN system to be broken."
The risk does not apply to cash machines, they explained, but can be exploited on the majority of cards using offline systems, such as those found in shops, which connect elsewhere to approve a transaction. It is during this verification process that the flaw can be exploited. µ
Share this:
Share
Another great idea from this useless Government seriously Flawed like the UK Govt certified encryption used for protecting those Kingston Pen Drives which proved to be seriously Flawed remember?
Is the same UK Govt certified encryption guarding all the Data Basses which this Government are constantly adding our personal information to?
Makes you wonder where all the 'Bank Money' really went does it not?
Signed Carl Barron Chairman of agpcuk
http://carl-agpcuk.livejournal.com/
I thought the whole point of chip and pin was that the banks aimed to offload the responsibility of using the card to the cardholder, leaving them free of responsibility when things went tits up.
ie someone used my card! BANK:Did they how did they get your pin! our system is foolproof and you are responsible for your own shit!!
Yuppiescum are you an Aussie?
From the article "...despite not having the relevant PIN number."
The last time I looked, the N in PIN stood for "number".
I accept that the common herd have difficulty with such abstract concepts as redundancy, but such mistatements should be beyond an (alleged) technology journalist.