This Is So Secure. Oh Wait, It's Not.

Saw this article today about how “Chip and Pin” cards are coming to the US:

…a new generation of card readers that scan a tiny chip activated by a personal identification number, or PIN.

The article talks about how secure these cards are, admitting the imperfection of any system, no matter how great.

One problem: They’re completely insecure. Chip and PIN is Broken.


3 Responses to This Is So Secure. Oh Wait, It's Not.

  1. BruceS February 15, 2010 at 3:25 pm #

    Thanks for the link. I forwarded it to my wife, in the banking industry.

  2. weeklyrob February 15, 2010 at 11:20 pm #

    I’d be interested in her take on it.

  3. BruceS February 16, 2010 at 9:40 am #

    So far, she’s just passed it along to the bank’s security folks. I thought she’d be more personally interested (being in banking *and* IT), but apparently not. I’ll let you know if I get any feedback on it through her.
    In IT, nothing is really secure. For the most part, that’s a matter of recognition, not special circumstances. That is, IT just makes it easier to see how little security there is. The great majority of security failures in IT start with people doing things they shouldn’t. Social engineering is much easier than the sort of mechanical hacks described in the article.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe without commenting

Powered by WordPress. Designed by Woo Themes