Read up on the latest ideas and technologies from companies that sell hardware, software and services. Radicati Market Quadrant 2008 on Corporate Web Security
Email Archiving Implementation: Five Costly Mistakes to Avoid
Still Sneaking In: The Threats Your Security Tools Aren't Telling You About
Choices in Storage Architecture for Oracle Environments
Cutting printer costs
Enterprise Wireless WLAN Security
Solve Exchange Storage Problems Once and For All: A New Approach without Stubs or Links
Realizing the Value of Unified Communications
Zones provide focussed content from Computerworld and leading technology partners.Newsletter Subscription
New research showing that smart cards with encrypted RFID chips might not be as secure as previously thought is raising concerns in Boston, where the subway CharlieCards use just such technology. The research raises the specter of thieves with US$1,000 worth of equipment cracking smart-card encryption and making counterfeit cards to do everything from swipe fares to gain access to high-security areas.
Although University of Virginia student Karsen Nohl and colleagues revealed their findings in December at a conference, a couple of Boston-area media outlets (the Boston Herald and Boston Globe) picked up on the story this week, breathing new life into it. The MBTA, the outfit running the Boston subway system, declined to discuss its security technologies with the Boston newspapers.
The particular RFID chip in question -- the Mifare Classic, of which a billion-plus have been sold -- is made by Philips spinoff NXP Semiconductors, which has been quoted widely saying that only a portion of the cryptographic algorithm has been obtained by the researchers (the researchers have not disclosed their method fully, in an effort to keep those with bad intentions from copying them). Security experts have known all along that such chips, which generally cost less than a dollar, were crackable, but didn't realize it could be so economically feasible.
"People have and will, as we have, taken security expertise from the world of computers and applied it to RFIDs, whose designers had been operating under the assumption that their world was apart from such scrutiny," Nohl said in a statement.
Nohl and colleagues were able to listen to data broadcast by the chips using readily available RFID readers; they then dissected the layers of the chip via custom optical-recognition software to deduce the algorithm and encryption keys.
A video of the researchers' presentation, called "Mifare: Little Security, Despite Obscurity," is available on Nohl's Web page.
On his Web page at the University of Virginia, Nohl humorously reassures that he and his colleagues have not found a way to crack credit-card security: "Please note that we have not compromised the security of credit cards, as some of the articles suggest. From what we can see, RFID-enabled credit cards have no security (yet?), and hence there is nothing to compromise."
Various sorts of encryption have been under the scrutiny of researchers of late, with Princeton University and cohorts recently showing a way to crack disk encryption.
Computerworld Member Login
Prioritizing Services with IT Service Management (ITSM)
Computerworld Live Webinar
Wednesday 20th, August 2008
11:00am EST (Sydney, Australia)
To be repeated on:
Thursday 4th, September 2008
11:00am EST (Sydney Australia)
Sign up and receive a free copy of The Forrester WaveTM Service Desk Management Tools, Q2 2008 at the conclusion of the Webinar.
Attend and discover:
- How to deliver value to your business through ITSM
- Best practice ITSM implementation
- Why emphasis is changing from optimizing IT management processes to better servicing customers and demonstrating real dollar value
- If service-oriented ITSM is best for your business
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Tumbleweed appoints O2 Networks to its Australian Channel Partner Program 2008-08-29 12:31:00+10
HP ProCurve Brings Big Business Gigabit Switching Features to Small Businesses 2008-08-29 12:00:00+10
Nortel and LG Electronics are First in World to Demonstrate Mobile LTE Handover 2008-08-29 11:30:00+10
GlobalConnect Provides Treatment for Healthcare Provider’s Contact Support Requirements 2008-08-29 09:59:00+10
Sybase and Logica Partner To Mobilise The Supply Chain 2008-08-29 09:47:00+10
Outsourcing the Mainframe
Today's CIOs are operating in a highly competitive environment. Discover how to drive down spending on maintenance and operations to free up capital for discretionary IT-business projects.
