nokia and g&d connect to turn cellphones into credit cards

1
n e w s 4 Infosecurity Today July/August 2006 Aberdeen Group 17 Accenture 14 Advent Information Management 26 Amex 47 Arbor Networks 43 BA 30 BAA 30 Barclaycard 29 BASDA 17 BeCrypt DISK Protect 43 Bee Ware 43 BigFix 43 BT 29 Butler Group 31 Capgemni 16, 24 Check Point 43 CipherTrust 43 Cisco 23, 24 Citrix 29 Clearswift 37 Cloudmark 37 C-Terra CSP 23 Cybertrust 8-9, 23 Deloitte & Touche 28 Eema 39 EMC 32 Enterasys Networks 43 Entrust IdentityGuard 43 F5 Networks 41 FirePass 44 Foldermail 44 Gartner 35 Google 47 Grisoft 44 IBM 35 Information Security Forum 42 Informzaschita 23 iPolicy Networks 24 iSoft 14 Kaspersky Lab 21, 22 KPMG 14 LogLogic 44 Microsoft 10, 31 Microsoft 24 nCipher 32 Net Report 44 Network Engines 44 Nortel 44 Oracle 32, 34 PatchLink 44 Reflex Magnetics 44 SafeNet 44 SAP 35 Secoda 45 SecureTest 40 SecureWave 45 Siemens 13 Silicon Bridge Research 13 SkyRecon Systems 45 Sophos 45 Sun 31 Tamtech Solutions 45 Teradata 31 TrendMicro 45 Ultimaco 45 Verisign 45 VMWare 24 Webscreen Technology 45 Wick Hill 45 Company page no. Company page no. Company page no. Company Index C hina’s system for censoring internet traffic can be by- passed through ignoring the re- set instructions it sends, accord- ing to a paper by researchers at University of Cambridge’s Computer Laboratory.* Research for the paper, pre- sented on 28 June at the 6th Workshop on Privacy Enhancing Technologies conference held at the university, relied on the Chinese system working sym- metrically, so its effects could be observed from outside China. The authors found that the sys- tem inspects individual packets for banned words including ‘falun’ then sends a reset com- mand when it finds them, which also blocks the two hosts from communicating for a period from a few minutes to nearly an hour. Dr Richard Clayton, one of the authors, says a programmer can easily alter software to cause the reset and blocking instructions to be ignored: one of the other authors, Robert Watson, made the necessary alterations to FreeBSD in 20 minutes. One problem is that such alterations need to be made at both end- points, outside and inside China. Furthermore, Clayton says the technique will not stop the cen- sorship of websites known to the Chinese authorities through IP blocking, although that can be avoided through proxies or encrypted traffic.“This is not a cure-all for the Chinese firewall, but it does get round the petty blocking of a site you’ve never heard of,”he says. The fact that end-points ex- changing banned words are temporarily blocked can be used to create a denial of serv- ice attack, fooling the “Great Firewall” into blocking end- points of an outsider’s choosing through the sending of packets with forged IP addresses. This works because the Chinese system considers each packet independently, rather than looking at connection streams, which would be hard- er to forge. Clayton says this could be used, for example, to block computers at Communist party headquarters from accessing World Cup scores on Fifa’s web-site. He adds that in March, the au- thors reported this security flaw to a Chinese Computer Emergency Response Team (Cert) through a Cert in Cambridge.They received a re- sponse from the Chinese Cert saying this had been forwarded to the appropriate organisation, but the operation of the system appears not to have changed. “I’m sure they weighed the alternatives of a very limited de- nial of service attack or letting the masses of China see the web in its full glory.It’s their decision to make,”says Clayton. * Richard Clayton, Steven Murdoch and Robert Watson, ‘Ignoring the Great Firewall of China'. © SA Mathieson 2006. Researchers find way around Great Firewall of China SA Mathieson Nokia and G&D connect to turn cellphones into credit cards Ian Grant F orget about swiping your credit card, remembering your PIN or losing your train ticket. Soon you'll just wave your mobile phone at a point of sale terminal to pay for goods or board the 7.34. This is the aim of mobile phone maker Nokia and Giesecke & Devrient, the world's second-largest supplier of smartcards.They are joining forces to create an 'ecosystem' for near-field communications (NFC) devices they hope will make the cellphone the pay- ment and access system of choice for hundreds of mil- lions of consumers and their suppliers. The joint venture, launched in late June, is owned 43/57% by Nokia and G&D respectively. Mastercard already has a trial underway in the US, and more trials are expected soon in Europe and Asia.The joint venture will start formal operations later in the year. Near-field devices use encrypted radio transmissions to communicate over distances of 10cm or less.They include contact-less smartcards such as London Transport's Oyster card. The new venture will leverage the installed base of readers, now in the tens of millions, in the US,Asia and Europe.

Upload: ian-grant

Post on 06-Jul-2016

214 views

Category:

Documents


1 download

TRANSCRIPT

Page 1: Nokia and G&D connect to turn cellphones into credit cards

ne

ws

4In

fosecu

rity Tod

ayJuly/A

ugust 2006Aberdeen Group 17Accenture 14Advent Information Management 26Amex 47Arbor Networks 43BA 30BAA 30Barclaycard 29BASDA 17BeCrypt DISK Protect 43Bee Ware 43BigFix 43BT 29Butler Group 31Capgemni 16, 24Check Point 43CipherTrust 43Cisco 23, 24Citrix 29Clearswift 37Cloudmark 37C-Terra CSP 23Cybertrust 8-9, 23

Deloitte & Touche 28Eema 39EMC 32Enterasys Networks 43Entrust IdentityGuard 43F5 Networks 41FirePass 44Foldermail 44Gartner 35Google 47Grisoft 44IBM 35Information Security Forum 42Informzaschita 23iPolicy Networks 24iSoft 14Kaspersky Lab 21, 22KPMG 14LogLogic 44Microsoft 10, 31Microsoft 24nCipher 32Net Report 44

Network Engines 44Nortel 44Oracle 32, 34PatchLink 44Reflex Magnetics 44SafeNet 44SAP 35Secoda 45SecureTest 40SecureWave 45Siemens 13Silicon Bridge Research 13SkyRecon Systems 45Sophos 45Sun 31Tamtech Solutions 45Teradata 31TrendMicro 45Ultimaco 45Verisign 45VMWare 24Webscreen Technology 45Wick Hill 45

CCoommppaannyy ppaaggee nnoo.. CCoommppaannyy ppaaggee nnoo.. CCoommppaannyy ppaaggee nnoo..

CCoommppaannyy IInnddeexx

China’s system for censoring

internet traffic can be by-

passed through ignoring the re-

set instructions it sends, accord-

ing to a paper by researchers at

University of Cambridge’s

Computer Laboratory.*

Research for the paper, pre-

sented on 28 June at the 6th

Workshop on Privacy Enhancing

Technologies conference held at

the university, relied on the

Chinese system working sym-

metrically, so its effects could be

observed from outside China.

The authors found that the sys-

tem inspects individual packets

for banned words including

‘falun’ then sends a reset com-

mand when it finds them, which

also blocks the two hosts from

communicating for a period

from a few minutes to nearly an

hour.

Dr Richard Clayton, one of the

authors, says a programmer can

easily alter software to cause the

reset and blocking instructions

to be ignored: one of the other

authors, Robert Watson, made

the necessary alterations to

FreeBSD in 20 minutes. One

problem is that such alterations

need to be made at both end-

points, outside and inside China.

Furthermore, Clayton says the

technique will not stop the cen-

sorship of websites known to

the Chinese authorities through

IP blocking, although that can

be avoided through proxies or

encrypted traffic.“This is not a

cure-all for the Chinese firewall,

but it does get round the petty

blocking of a site you’ve never

heard of,” he says.

The fact that end-points ex-

changing banned words are

temporarily blocked can be

used to create a denial of serv-

ice attack, fooling the “Great

Firewall” into blocking end-

points of an outsider’s choosing

through the sending of packets

with forged IP addresses.

This works because the

Chinese system considers each

packet independently, rather

than looking at connection

streams, which would be hard-

er to forge. Clayton says this

could be used, for example, to

block computers at

Communist party headquarters

from accessing World Cup

scores on Fifa’s web-site.

He adds that in March, the au-

thors reported this security

flaw to a Chinese Computer

Emergency Response Team

(Cert) through a Cert in

Cambridge.They received a re-

sponse from the Chinese Cert

saying this had been forwarded

to the appropriate organisation,

but the operation of the system

appears not to have changed.

“I’m sure they weighed the

alternatives of a very limited de-

nial of service attack or letting

the masses of China see the

web in its full glory. It’s their

decision to make,” says Clayton.

* Richard Clayton, Steven

Murdoch and Robert Watson,

‘Ignoring the Great Firewall of

China'.

© SA Mathieson 2006.

Researchers find way around Great Firewall of ChinaSA Mathieson

Nokia and G&D connect to turn cellphones into credit cardsIan Grant

Forget about swiping your

credit card, remembering

your PIN or losing your train

ticket. Soon you'll just wave

your mobile phone at a point of

sale terminal to pay for goods

or board the 7.34.

This is the aim of mobile

phone maker Nokia and

Giesecke & Devrient, the

world's second-largest supplier

of smartcards.They are joining

forces to create an 'ecosystem'

for near-field communications

(NFC) devices they hope will

make the cellphone the pay-

ment and access system of

choice for hundreds of mil-

lions of consumers and their

suppliers.

The joint venture, launched

in late June, is owned

43/57% by Nokia and G&D

respectively. Mastercard

already has a trial underway

in the US, and more trials are

expected soon in Europe and

Asia.The joint venture will

start formal operations later in

the year.

Near-field devices use

encrypted radio transmissions

to communicate over distances

of 10cm or less.They include

contact-less smartcards such as

London Transport's Oyster card.

The new venture will leverage

the installed base of readers,

now in the tens of millions, in

the US,Asia and Europe.