tag:blogger.com,1999:blog-8890204.post6913798771763611040..comments2024-03-10T05:26:42.148-04:00Comments on My Biased Coin: Security Issues in CambridgeMichael Mitzenmacherhttp://www.blogger.com/profile/06738274256402616703noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-8890204.post-8802301053182718122008-08-11T04:12:00.000-04:002008-08-11T04:12:00.000-04:00I'm not sure if you've seen the actual exploit yet...I'm not sure if you've seen the <A HREF="http://www-tech.mit.edu/V128/N30/subway/Defcon_Presentation.pdf" REL="nofollow">actual exploit yet</A>. The Tech published it online.<BR/><BR/>The security on the mag stripe cards is just embarrassing. One field just holds the cards value. Simply changing that one field increases the value.<BR/><BR/>The rfid cards were considerably better. They basically use a mutual challenge-response auth scheme with weak encryption. The students were able to sniff a whole bunch of handshakes and then used customized hardware (on an FPGA) to brute force the key.<BR/><BR/>And of course, there was the <A HREF="http://web.mit.edu/zacka/www/warcart.html" REL="nofollow">warcart</A>. Take a look at the video of when they bring it to harvard square; it was quite entertaining. I don't know why they had to make it so loud and obnoxious though ...Shaneal Manekhttps://www.blogger.com/profile/10780697234154191381noreply@blogger.com