Fortunately none of my EMV credit cards appear to be vulnerable to the Infineon RSA vulnerability checks.
Main concern was fraud liability, also checking took like 2 minutes and I was curious ;)
-
-
3-DES keys used to generate ARQC are still safe, RSA is used for the offline authentication between the terminal and the card
-
Yes, I was curious about offline auth as we have played with it already:https://github.com/abarisani/abarisani.github.io/tree/master/research/emv …
-
Oh, CVM downgrade, was fun being on the vendor side. The issuers who misconfigured their DDOLs for sure knew they had it coming, no surprise
-
Actually in the end it is a problem regardless of issuer configuration given that the EMV POSes honors spoofed DDOLs allowing transaction.
-
So it is fundamentally an EMV protocol flaw which can only be prevented by breaking the standard to a certain extent.
End of conversation
New conversation -
-
-
with the major breaches that have been CC is almost bad business. Bad guys go after Medical records or Ransomware to get at the money
-
Curiosity is of course always the correct answer ;)
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.