nokia and g&d connect to turn cellphones into credit cards
TRANSCRIPT
ne
ws
4In
fosecu
rity Tod
ayJuly/A
ugust 2006Aberdeen Group 17Accenture 14Advent Information Management 26Amex 47Arbor Networks 43BA 30BAA 30Barclaycard 29BASDA 17BeCrypt DISK Protect 43Bee Ware 43BigFix 43BT 29Butler Group 31Capgemni 16, 24Check Point 43CipherTrust 43Cisco 23, 24Citrix 29Clearswift 37Cloudmark 37C-Terra CSP 23Cybertrust 8-9, 23
Deloitte & Touche 28Eema 39EMC 32Enterasys Networks 43Entrust IdentityGuard 43F5 Networks 41FirePass 44Foldermail 44Gartner 35Google 47Grisoft 44IBM 35Information Security Forum 42Informzaschita 23iPolicy Networks 24iSoft 14Kaspersky Lab 21, 22KPMG 14LogLogic 44Microsoft 10, 31Microsoft 24nCipher 32Net Report 44
Network Engines 44Nortel 44Oracle 32, 34PatchLink 44Reflex Magnetics 44SafeNet 44SAP 35Secoda 45SecureTest 40SecureWave 45Siemens 13Silicon Bridge Research 13SkyRecon Systems 45Sophos 45Sun 31Tamtech Solutions 45Teradata 31TrendMicro 45Ultimaco 45Verisign 45VMWare 24Webscreen Technology 45Wick Hill 45
CCoommppaannyy ppaaggee nnoo.. CCoommppaannyy ppaaggee nnoo.. CCoommppaannyy ppaaggee nnoo..
CCoommppaannyy IInnddeexx
China’s system for censoring
internet traffic can be by-
passed through ignoring the re-
set instructions it sends, accord-
ing to a paper by researchers at
University of Cambridge’s
Computer Laboratory.*
Research for the paper, pre-
sented on 28 June at the 6th
Workshop on Privacy Enhancing
Technologies conference held at
the university, relied on the
Chinese system working sym-
metrically, so its effects could be
observed from outside China.
The authors found that the sys-
tem inspects individual packets
for banned words including
‘falun’ then sends a reset com-
mand when it finds them, which
also blocks the two hosts from
communicating for a period
from a few minutes to nearly an
hour.
Dr Richard Clayton, one of the
authors, says a programmer can
easily alter software to cause the
reset and blocking instructions
to be ignored: one of the other
authors, Robert Watson, made
the necessary alterations to
FreeBSD in 20 minutes. One
problem is that such alterations
need to be made at both end-
points, outside and inside China.
Furthermore, Clayton says the
technique will not stop the cen-
sorship of websites known to
the Chinese authorities through
IP blocking, although that can
be avoided through proxies or
encrypted traffic.“This is not a
cure-all for the Chinese firewall,
but it does get round the petty
blocking of a site you’ve never
heard of,” he says.
The fact that end-points ex-
changing banned words are
temporarily blocked can be
used to create a denial of serv-
ice attack, fooling the “Great
Firewall” into blocking end-
points of an outsider’s choosing
through the sending of packets
with forged IP addresses.
This works because the
Chinese system considers each
packet independently, rather
than looking at connection
streams, which would be hard-
er to forge. Clayton says this
could be used, for example, to
block computers at
Communist party headquarters
from accessing World Cup
scores on Fifa’s web-site.
He adds that in March, the au-
thors reported this security
flaw to a Chinese Computer
Emergency Response Team
(Cert) through a Cert in
Cambridge.They received a re-
sponse from the Chinese Cert
saying this had been forwarded
to the appropriate organisation,
but the operation of the system
appears not to have changed.
“I’m sure they weighed the
alternatives of a very limited de-
nial of service attack or letting
the masses of China see the
web in its full glory. It’s their
decision to make,” says Clayton.
* Richard Clayton, Steven
Murdoch and Robert Watson,
‘Ignoring the Great Firewall of
China'.
© SA Mathieson 2006.
Researchers find way around Great Firewall of ChinaSA Mathieson
Nokia and G&D connect to turn cellphones into credit cardsIan Grant
Forget about swiping your
credit card, remembering
your PIN or losing your train
ticket. Soon you'll just wave
your mobile phone at a point of
sale terminal to pay for goods
or board the 7.34.
This is the aim of mobile
phone maker Nokia and
Giesecke & Devrient, the
world's second-largest supplier
of smartcards.They are joining
forces to create an 'ecosystem'
for near-field communications
(NFC) devices they hope will
make the cellphone the pay-
ment and access system of
choice for hundreds of mil-
lions of consumers and their
suppliers.
The joint venture, launched
in late June, is owned
43/57% by Nokia and G&D
respectively. Mastercard
already has a trial underway
in the US, and more trials are
expected soon in Europe and
Asia.The joint venture will
start formal operations later in
the year.
Near-field devices use
encrypted radio transmissions
to communicate over distances
of 10cm or less.They include
contact-less smartcards such as
London Transport's Oyster card.
The new venture will leverage
the installed base of readers,
now in the tens of millions, in
the US,Asia and Europe.