A powerful bankers’ association has failed in its attempt to censor a student thesis after complaining that it revealed a loophole in bank card security.
The UK Cards Association, which represents major UK banks and building societies, asked Cambridge University to remove the thesis from its website, but the request was met with a blunt refusal…
The thesis by computer security student Omar Choudary, entitled “The smart card detective: a handheld EMV interceptor”, described a flaw in the chip-and-pin (personal identification number) security system that allows criminals to make fraudulent transactions with a stolen bank card using any pin they care to choose…
But in a reply to the UKCA, Ross Anderson, professor of security engineering at the university’s Computer Laboratory, refused to take down the thesis and said the loopholes had already been disclosed to bankers.
“You seem to think we might censor a student’s thesis, which is lawful and already in the public domain, simply because a powerful interest finds it inconvenient. This shows a deep misconception of what universities are and how we work. Cambridge is the University of Erasmus, of Newton and of Darwin; censoring writings that offend the powerful is offensive to our deepest values,” Anderson wrote.
Right on, Professor Anderson!
…you’ll think ‘right on’ eideard when its YOUR bank card that gets compromised. But there probably isnt anything in there anyways, so ya know…
#1…RTFA. They disclosed the flaw to the banks over a year ago.
“…censoring writings that offend the powerful is offensive to our deepest values…”
Unless it involves censoring any papers which go against AGW dogma. Then we censor the crap out of it and tell everyone the author is crazy.
In any event the bankers had better get their bleep together and fix the problem before they are cleaned out. Standing around, moaning, and blaming the messenger isn’t getting the barn door closed.
The problem isn’t only card security. People in general don’t treat their credit cards with the same respect as their credit limit in cash. Card holders don’t seem to be taking enough personal responsibility for the security of their cards. How does a card get “stolen” and still be activated a month or more later?
“Cambridge is the University of Erasmus, of Newton and of Darwin; censoring writings that offend the powerful is offensive to our deepest values,” /// Name dropping all over the place. Kinda did take my breath away—just a bit. Oxford is a trip to just walk around. Get a sunny day and you’ve got a bit of heaven.
Ah, this is nothing. Just wait until Assange drops the goods on Bank of America. Got their stock? Sell it. lol
Tough ****. Nobody gets riled up when some “researched” reveals security holes in computer operating systems to the public, even though consumers use a computer to access their bank accounts and purchase online items. As if this is any different. Fix the problem and stop pointing fingers at those who tell the rest of us that there’s a problem. Especially one that’s not been addressed for over a year!
‘offend the powerful’
No, Professor, it actually threatens the powerless. The banks will do just fine. It is the consumers whose money gets stolen that are in trouble. I’d rather these details be difficult to access.
Mike…So, should we have some standards or regulations to ensure the financial security of us powerless peons?
The computing guys here are pretty awesome – the article fails to mention Ross Anderson likes legal related stuff so is a good man to have in the Security group (has been an expert witness etc.)
This headline is poorly worded. It should read:
“Bankers Fail to Censor Thesis…”
I love how some idiots think that suppressing news of security flaws will keep it out of the hands of bad guys.
#13-I know it wont keep things out of the hands of the bad guys, but we shouldnt put flashing lights with neon signs on it saying ‘HERE TAKE THIS!!’. just because you can, doesnt mean you should…
Typical shoot the messenger bullshit. You’d think that banks would be figuring out ways secure the data instead of ways to cover it up.
This is a great example of why bankers are not worth what they’re paid, pure incompetence.
Get the NRA involved.
“Banning information is like banning guns.
Do that and only criminals
will have guns/information.”
Now how about we go and hold a public execution/exposure of the bankers who are siting on the money they borrow from the Fed instead of making loans.
How about we go and hold the event with guns/information trained on the CEOs of companies who are sitting on billions in cash instead of hiring.
I like this Anderson guy.
17 Alfred E Newman,
“Its time we defund such “higher education” and see if it survives on its own.”
Ahhh… Spoken like a true moran.