Guys, I have a question , can a vendor use crypto services on Z without the crypto Card ?
Scott ford www.identityforge.com from my IPAD 'Infinite wisdom through infinite means' On Apr 27, 2013, at 2:07 PM, Anne & Lynn Wheeler <[email protected]> wrote: > [email protected] (Paul Gilmartin) writes: >> This is similar to credit card skimmers in ATMs. It's *theoretically* >> possible >> but entirely implausible that some such person replace the entire z with a >> counterfeit look-alike ... > > early in the century there was a large pilot deployment of EMV chip > credit cards in the US ... with an enormous fatal flaw ... even tho > somebody had pointed out the fatal flaw before the deployment ... they > apparently didn't understand and went ahead with the deployment > anyway. When it finally did sink in, all evidence of the pilot > evaporated ... and contributes to ongoing resistance to repeating > another deployment in the states. this is somebody's old trip report to > cartes2002 ... gone 404 but lives on at the wayback machine ... about > presentation mentioning EMV design flaws (last paragraph) > http://web.archive.org/web/20030417083810/http://www.smartcard.co.uk/resources/articles/cartes2002.html > > after detailed description at an "ATM Integrity Task Force" meeting, > somebody made a reference to billions of dollars having been spent to > proove chips are less secure than magstripe. > > There was myopic attention to countermeasures for lost/stolen card and > not exposing PIN (authentication information). ATM machines & POS > terminals would ask the card if the person had entered the correct > PIN. The problem was that it was trivial to create counterfeit > chip-cards that were programmed to always answer "YES" (they became > known as "YES CARDS") ... it was no longer necessary to skim the PIN > information ... since a counterfeit card would claim everything was > correct PIN ... regardless of what was entered. misc. past posts > mentioning "YES CARDS" > http://www.garlic.com/~lynn/subintegrity.html#yescard > > part of the design flaw was the card was also asked whether the > transaction should be done offline; Counterfeit "YES CARDS" always > answered "YES" ... so even if the account was deactivated at the > financial institution, it had no effect on stopping the transactions. > > during the Future System period in the early 70s ... the vm370 > development group was side-tracked into working on FS ... one of the > things was a super-security enhanced vm370 so that all super secret > Future System documents would only be available in softcopy and only > viewed on specially permitted 3270 screens (the development group had > outgrown the 3rd flr of 545 tech sq and moved out to the old SBC bldg at > burlington mall). misc. past posts mentioning science center at 545 tech > sq http://www.garlic.com/~lynn/subtopic.html#545tech > > part of this was slightly earlier, paper copy of document describing 370 > virtual memory (available for all 370s) showed up at an industry > publication (before virtual memory for 370 was announced). investigation > was sort of mini-"Pentagon Papers" ... afterwards ... all corporate > copying machines were retrofitted with serial number that would appear > on all copies made. > > one weekend I had some test time on another machine in the same room. I > went by on friday afternoon to get things prepared. they had to show off > their new super secure machine ... and just had to say that even I > couldn't break the security ... even if I was left along in the machine > room over the weekend. so one of the few times I rose to the bait, I > said it would take only five minutes ... most of the time was spent > disabling/turning-off all external access to the machine ... and then i > used the front panel to alter a byte of storage in main memory ... which > effectively disabled all the system security processes. > > I pointed out that they would would need access authentication for use > of machine front panel functions ... and could also use encryption for > all data (this was even before DES, coppersmith was still down at > harvard) > http://en.wikipedia.org/wiki/Don_Coppersmith > > for other topic drift ... some old public key email ... even discussion > of PGP-like email operation a decade before PGP: > http://www.garlic.com/~lynn/lhwemail.html#publickey > > MIT leaves behind a rich history in Tech Square > http://web.mit.edu/newsoffice/2004/techsquare-0317.html > > Research topics also evolved, starting with the grand challenge of > time-sharing and moving on to new problems as computer science began to > mature. Tech Square served as the East Coast hub of the ARPANET (it was > the original Network 18, known today as mit.edu); on the fifth floor, > Dave Clark's group worked on the infrastructure for what would become > the Internet, notably the TCP/Internet Protocols. Ron Rivest and the LCS > Theory Group did pioneering work in encryption. In 1994, Tim > Berners-Lee, inventor of the World Wide Web, set up the World Wide Web > Consortium's global headquarters on the third floor of Tech Square. > > ... snip ... > > for other total trivia; note that GML had been invented in 1969 at > science center on the 4th flr; a decade later it morphs into ISO > standard SGML; and another decade later it morphs into HTML at > CERN > http://infomesh.net/html/history/early > > so it comes full circle with WWW returning to 3rd flr in 1994. lot more > in this recent linkedin "Old Geek" discussion, "The cloud is killing > traditional hardware and software" > http://lnkd.in/mGd4j5 > > -- > virtualization experience starting Jan1968, online at home since Mar1970 > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
