Daily Archives: July 21, 2008

Oyster card hack can be revealed

Posted on by

Bet this wouldn’t happen in the US. The Register reports that:

Dutch researchers will be able to publish their controversial report on the Mifare Classic (Oyster) RFID chip in October, a Dutch judge ruled today.

Researchers from Radboud University in Nijmegen revealed two weeks ago they had cracked and cloned London’s Oyster travelcard and the Dutch public transportation travelcard, which is based on the same RFID chip. Attackers can scan a card reading unit, collect the cryptographic key that protects security and upload it to a laptop. Details are then transferred to a blank card, which can be used for free travel.

Around one billion of these cards have been sold worldwide. The card is also widely used to gain access to government departments, schools and hospitals around Britain.

Chipmaker NXP – formerly Philips Semiconductors – had taken Radboud University to court to prevent researchers publishing their controversial report on the chip during a the European computer security conference in Spain this autumn. Spokesperson for NXP Martijn van der Linden said that publishing the report would be “irresponsible” – understandably, the company fears criminals will be able to attack Mifare Classic-based systems.

However, the judge today ruled that freedom of speech outweighs the commercial interest of NXP, as “the publication of scientific studies carries a lot of weight in a democratic society”.

The researchers have always said they don’t intend to include details of how to clone the card and that publications could prevent similar errors occurring in the future. NXP says it is disappointed with the ruling…

I bet they are.

Dublin airport ‘crippled by flakey network card’

Posted on by

From The Register

An air traffic control fault that brought Dublin airport to its knees last week has been traced to an intermittently flakey network card.

Sadly, while the problem was simple enough to diagnose, it’ll be weeks before the airport’s air traffic control system will be able to run at full capacity.

The system went for a little lie down last Wednesday, and while it was back up and running soon enough concerns over its capacity meant authorities had to slash the number of flights in and out of the airport.

It wasn’t until Wednesday that the Irish Aviation Authority was prepared to say “operations at Dublin Airport are now generally meeting demand” though “some minor delays may be experienced at peak times”.

Thales ATM, the makers of Dublin’s ATC system, conducted a review of the system, and after crawling around the airport with their little torches, “confirmed the root cause of the hardware system malfunction as an intermittent malfunctioning network card which consequently overcame the built-in system redundancy”. The flakey card had been responsible for previous problems since June 2.

Apparently, Thales ATM stated ”that in ten similar Air Traffic Control Centres worldwide with over 500,000 flight hours (50 years), this is the first time an incident of this type has been reported”.

So, problem solved? Er, sadly not. The IAA has slapped in further monitoring tools, and plans “an enhancement” to the failure recovery system. But whatever happens, the system will need to be revalidated, which could take weeks. In the meantime, it will “slowly add capacity“, but for safety reasons “will not operate the system to its limit until the system has been re-validated”.

The Irish Times ran several pieces on the ensuing chaos, including this one which, en passant, contained a gem of a quote from RyanAir’s CEO.

Another contentious issue for passengers and airlines is compensation. Under European consumer regulations, passengers must be offered help free of charge while awaiting a rerouted flight, with meals, accommodation if necessary, transport between the airport and accommodation and telephone calls provided. But some airlines resent having to reimburse the cost of disruption which was not their fault. When asked yesterday about his passengers’ complaints that they weren’t offered the courtesy of a cup of a tea or a taxi fare to their hotel, Ryanair’s Michael O’Leary said: “Personally, I think that’s a load of nonsense. You paid an airfare of €40. You saved around €150. Buy your own cup of tea . . . Why are we providing cups of tea because the IAA can’t run a radar system properly?”

Cloud computing terminals worry the PC industry

Posted on by

And so they should. The PC is being commoditized. This from today’s New York Times.

SAN FRANCISCO — The personal computer industry is poised to sell tens of millions of small, energy-efficient Internet-centric devices. Curiously, some of the biggest companies in the business consider this bad news.

In a tale of sales success breeding resentment, computer companies are wary of the new breed of computers because their low price could threaten PC makers’ already thin profit margins.

The new computers, often called netbooks, have scant onboard memory. They use energy-sipping computer chips. They are intended largely for surfing Web sites and checking e-mail. The price is small too, with some selling for as little as $300.

The companies that pioneered the category were small too, like Asus and Everex, both of Taiwan…

What’s strange is that anyone should be surprised by this. It’s been obvious for years that this is what would happen. Outside of the luxury markets, a technology is always commoditized if there’s sufficient demand for what it offers or provides.