They call it the “Johnny Carson attack” for the entertainer’s comic pose as a psychic divining the contents of an envelope.

Tom Heydt-Benjamin tapped an envelope against a black plastic box connected to his computer. Within moments, the screen showed a garbled string of characters that included this: fu/kevine, along with some numbers.

Heydt-Benjamin then ripped open the envelope. Inside was a credit card, fresh from the issuing bank. The card bore the name of Kevin E. Fu, a computer science professor at the University of Massachusetts, Amherst, who was standing nearby. The card number and expiration date matched those numbers on the screen.

The card companies have implied through their marketing that the data are encrypted to make sure that a digital eavesdropper cannot get any intelligible information. American Express has said its cards incorporate “128-bit encryption,” and J.P. Morgan Chase has said that its cards, which it calls Blink, use “the highest level of encryption allowed by the U.S. government.”

But in tests on 20 cards from Visa, MasterCard and American Express, the researchers here found that the cardholder’s name and other data were being transmitted without encryption and in plain text. The researchers could skim and store the information from a card with a device the size of a couple of paperback books, which they cobbled together from readily available computer and radio components for $150.

They say they could probably make another one even smaller and cheaper: about the size of a pack of gum for less than $50. And because the cards can be read even through a wallet or an item of clothing, the security of the information, the researchers say, is startlingly weak.

“Would you be comfortable wearing your name, your credit card number and your card expiration date on your T-shirt?” said Heydt-Benjamin, a graduate student.

Sometimes you have to wonder if the marketing types who build adverts on “security” ever have the slightest clue what they’re talking about?



  1. Mark says:

    Uncle Dave Lookin’ GOOD my man.

  2. sirfelix says:

    The US has moved from a product driven market to a marketing driven market. As a design engineer I’ve seen too many cases where sales creates a marketing strategy before the engineers have even finalized the prototype testing. Then we have to scramble to get the product out the door half-working as advertised.
    You end up with crap being returned and then engineering gets blamed for it.

  3. OhForTheLoveOf says:

    We see this vividly in PC game design – and it is part of what is killing the industry.

    Development costs are high, in many cases approaching the budgets of feature films. Hardware costs on the cutting edge are high, and the cutting edginess of hardware is short lived. The game I am working on today may be dated tomorrow, so marketing demands I release it now – not quite finished, but kinda finished… and now I’m patching.

    As a gamer, I know my fate. I buy hardware – it gets old. I buy software, I need to patch it. It’s kinda fun. The way pain must be fun for the master’s slave. Whip me again, harder…

    But for Joe Average, he wants it to work. And it is concievable that in a million years it will not occur to him that there is a patch for Game X or to go to the developer’s website to look for tech support. He put it in the drive and it don’t work.

    Amazing as it seems, we really can’t count on the buyer to understand the specs. You could say, well consumers are stupid, and maybe they are… but we just spent 20 million dollars on Game X and we need to sell X units… so instead of accusing buyers or being dumb… maybe we should be streamlining the system and removing flaws?

    Oh look… The consol model…

    Xboxes are Playstations are adorable and good for a lark. But serious and immersive titles require the PC. That’s where the big boys play and I don’t want that industry to die.

    That said, I better start practicing with that stupid Xbox controller… 🙁

  4. ChrisMac says:

    also see: piracy/advertising

  5. JohnnyCarson says:

    Speaking of the Late Night Legend –

    40% off any Johnny Carson DVD at johnnycarson.com

    In honor of the late Johnny Carson on what would have been his 81st birthday, we’re offering 40% OFF any Carson DVD.

    All you have to do is visit http://www.JohnnyCarson.com and use the special offer code Birthday when you check out. Offer is valid from 10/23/06 – 10/29/06.


0

Bad Behavior has blocked 4891 access attempts in the last 7 days.