We've received from anonymous a report on breaking Mondex's pilot system by TNO along with a confidential 1996 memo describing the break: TNO's Ernst Bovenlander gave some details of these attacks (though he didn't mention Mondex as the target). He showed an electron micrograph of a fuzed link in a smartcard; while intact, this link activated a test mode in which the card contents were simply dumped to the serial port. The TNO attack was to bridge the link with two microprobes. At the last RSA conference, Tom Rowley of National Semiconductor reported a similar attack on an unnamed chip using an ion beam to rewrite the link . Included is a letter from the Bank of New Zealand to Electronic Frontier Canada attempting to suppress publication of the memo. http://jya.com/mondex-hack.htm
At 6:55 PM -0700 9/9/97, John Young wrote:
We've received from anonymous a report on breaking Mondex's pilot system by TNO along with a confidential 1996 memo describing the break: .... Included is a letter from the Bank of New Zealand to Electronic Frontier Canada attempting to suppress publication of the memo.
You mean the way <elided> had lawyers send threatening letters to <elided> warning him not to further publicize the claimed security flaws in <elided>, the security product sold by <elided>? I myself received a phone call from <elided>, warning me to not to even make reference to the rumors that <elided> had flaws in it. Some of you know what I mean. There's even a chance this vague note here will cause <elided> to again contact me, warning me that even such <elisions> are not good enough for them. And I'm not at all surprised that those with financial interests in products are attempting to supress technical or competitive analysis reports. It's become the way of the world to hire lawyers and barristers to intimidate whomever they can. Fortunately, this is what remailers are so useful for. (Though the lawyers and cops are going after the remailers, as several recent cases have shown.) And the execrable copyright new world order would make such reverse engineering illegal in many cases. More reason to nuke it with remailers. --Tim May There's something wrong when I'm a felon under an increasing number of laws. Only one response to the key grabbers is warranted: "Death to Tyrants!" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
Tim May <tcmay@got.net> writes:
You mean the way <elided> had lawyers send threatening letters to <elided> warning him not to further publicize the claimed security flaws in <elided>, the security product sold by <elided>?
I myself received a phone call from <elided>, warning me to not to even make reference to the rumors that <elided> had flaws in it.
Some of you know what I mean.
For those who still don't know what Tim May means, the barratrous threats came from the crypto snake oil peddler C2Net and its Arab owner Sameer Parekh. Sameer's "product", StrongHold, is a hacked version of the free Web server Apache, and has more backdoors and security holes than Swiss cheese.
On Wed, 10 Sep 1997, Anonymous wrote:
For those who still don't know what Tim May means, the barratrous threats came from the crypto snake oil peddler C2Net and its Arab owner Sameer Parekh.
Sameer's "product", StrongHold, is a hacked version of the free Web server Apache, and has more backdoors and security holes than Swiss cheese.
Well Vulis^h^h^h^h^hAnonymous, care to tell us what those holes are so we can use them? =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian |Prying open my 3rd eye. So good to see |./|\. ..\|/..|sunder@sundernet.com|you once again. I thought you were |/\|/\ <--*-->| ------------------ |hiding, and you thought that I had run |\/|\/ ../|\..| "A toast to Odin, |away chasing the tail of dogma. I opened|.\|/. .+.v.+.|God of screwdrivers"|my eye and there we were.... |..... ======================= http://www.sundernet.com ==========================
John Young wrote: | We've received from anonymous a report on breaking | Mondex's pilot system by TNO along with a confidential | 1996 memo describing the break: | | TNO's Ernst Bovenlander gave some details of these | attacks (though he didn't mention Mondex as the target). This seems pretty cool (the point in the memo about 'security being suitable for purpose' with purpose left undefined but implied by Mondex to be 'low value' is very interesting). However, its not clear to me who TNO is? Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
The TNO is a Dutch research organization. Based on this blind man's view of the elephant, it's sort of like a national lab, but with a more applied focus. bd On Wed, 10 Sep 1997, Adam Shostack wrote:
John Young wrote: | We've received from anonymous a report on breaking | Mondex's pilot system by TNO along with a confidential | 1996 memo describing the break: | | TNO's Ernst Bovenlander gave some details of these | attacks (though he didn't mention Mondex as the target).
This seems pretty cool (the point in the memo about 'security being suitable for purpose' with purpose left undefined but implied by Mondex to be 'low value' is very interesting). However, its not clear to me who TNO is?
Adam
-- "It is seldom that liberty of any kind is lost all at once." -Hume
participants (6)
-
Adam Shostack -
Brad Dolan -
John Young -
nobody@REPLAY.COM -
Ray Arachelian -
Tim May