jm + attack   2

Extract from 1973 HM Treasury document concerning post-nuclear-attack responses
'Extract from 1973 HM Treasury document concerning post-nuclear-attack monetary policy' includes this amazing snippet:

[Contingency] ...(d) a total nuclear attack employing high power missiles which would destroy all but a small percentage of the UK population and almost all physical assets or civilised life. [...] As for (d), the money policy would of course be absurdly unrealistic for the few surviving administrators and politicians as they struggled to organise food and shelter for the tiny bands of surviving able-bodied and the probably larger number of sick and dying. Most of the other departments contingency planning might also be irrelevant in such a situation. Within a fairly short time the survivors would evacuate the UK and try to find some sort of life in less-effected countries (southern Ireland?).

Hey, at least they were considering these scenarios. (via Charlie Stross)
nuclear  attack  contingency  government  monetary  policy  uk  ireland  history  1960s  via:cstross  insane  fallout 
august 2013 by jm
Chip and Skim: cloning EMV cards with the pre-play attack
Worrying stuff from the LBT team. ATM RNGs are predictable, and can be spoofed by intermediate parties:

'So far we have performed more than 1000 transactions at more than 20 ATMs and a number of POS terminals, and are collating a data set for statistical analysis. We have developed a passive transaction logger which can be integrated into the substrate of a real bank card, which records up to 100 unpredictable numbers in its EEPROM. Our analysis is ongoing but so far we have established non-uniformity of unpredictable numbers in half of the ATMs we have looked at.

First, there is an easier attack than predicting the RNG. Since the unpredictable number is generated by the terminal but the relying party is the issuing bank, any intermediate party – from POS terminal software, to payment switches, or a middleman on the phone line – can intercept and superimpose their own choice of UN. Attacks such as those of Nohl and Roth, and MWR Labs show that POS terminals can be remotely hacked simply by inserting a sabotaged smartcard into the terminal.
atm  banking  security  attack  prngs  spoofing  banks  chip-and-pin  emv  smartcards 
september 2012 by jm

Copy this bookmark: