The security gadget that UK bankers want squelched
Posted: Mon Jan 10, 2011 4:59 pm
Fascinating read. Kudos to Cambridge University for supporting their student.
This is definitive ethical hacking. Instead of trying to fix a serious flaw in their smart cart system, UK banks have just been ignoring it. They are so clueless, that they presume that pulling this student's thesis off the university website will do any good: as anyone here knows, 2 seconds after something is posted on the Net, it's in the public domain for ever.
http://arstechnica.com/security/news/20 ... -about.ars
This is definitive ethical hacking. Instead of trying to fix a serious flaw in their smart cart system, UK banks have just been ignoring it. They are so clueless, that they presume that pulling this student's thesis off the university website will do any good: as anyone here knows, 2 seconds after something is posted on the Net, it's in the public domain for ever.
Great excerpt from the reply from the university:A financial industry trade group demanded that it be removed from public view—it being a Master's Thesis by University of Cambridge student Omar S. Choudary that explains how to build a gadget that protects consumers from being hacked while using their bank card....{more}
You complain that our work may undermine public confidence in the payments system," the university's letter concludes. "What will support public confidence in the payments system is evidence that the banks are frank and honest in admitting its weaknesses when they are exposed, and diligent in effecting the necessary remedies. Your letter shows that, instead, your member banks do their lamentable best to deprecate the work of those outside their cosy club, and indeed to censor it."
http://arstechnica.com/security/news/20 ... -about.ars