Bank asks Cambridge university to censor student's thesis. University bitch slaps bank. - Polidicks

[url]http://www.boingboing.net/2010/12/25/cambridge-university-1.html[/url] [quote]After the UK banking trade association wrote to Cambridge university to have a student's master's thesis censored because it documented a well-known flaw in the chip-and-PIN system, Cambridge's Ross Anderson sent an extremely stiff note in reply:[/quote] [quote=the letter]Second, you seem to think that we might censor a student's thesis, which is lawful and already in the public domain, simply because a powerful interest finds it inconvenient. This shows a deep misconception of what universities are and how we work. Cambridge is the University of Erasmus, of Newton, and of Darwin; censoring writings that offend the powerful is offensive to our deepest values. Thus even though the decision to put the thesis online was Omar's, we have no choice but to back him. That would hold even if we did not agree with the material! Accordingly I have authorised the thesis to be issued as a Computer Laboratory Technical Report. This will make it easier for people to find and to cite, and will ensure that its presence on our web site is permanent.... ...Fifth, you say 'Concern was expressed to us by the police that the student was allowed to falsify a transaction in a shop in Cambridge without first warning the merchant'. I fail to understand the basis for this. The banks in France had claimed (as you did) that their systems were secure; a French TV programme wished to discredit this claim (as Newsnight discredited yours); and I understand that Omar did a No-PIN transaction on the card of a French journalist with the journalist's consent and on camera. At no time was there any intent to commit fraud; the journalist's account was debited in due course in accordance with his mandate and the merchant was paid. It is perfectly clear that no transaction was falsified in any material sense. I would not consider such an experiment to require a reference to our ethics committee. By that time the Newsnight programme had appeared and the No-PIN attack was entirely in the public domain. The French television programme was clearly in the public interest, as it made it more difficult for banks in France to defraud their customers by claiming that their systems were secure when they were not. You complain that our work may undermine public confidence in the payments system. What will support public confidence in the payments system is evidence that the banks are frank and honest in admitting its weaknesses when they are exposed, and diligent in effecting the necessary remedies. Your letter shows that, instead, your member banks do their lamentable best to deprecate the work of those outside their cosy club, and indeed to censor it.[/quote] [url=http://www.cl.cam.ac.uk/~rja14/Papers/ukca.pdf]Full letter[/url] This warms my heart.

Cool cool, good to see someone standing up about this kind of thing.

So, what does this Flaw do?

+1,000 badass points to Cambridge

Thank you Cambridge. At least someone won't be silenced.

Cambridge is awesome.

These are the kind of people who shun ignorance and pursue truth. These are the kind of people who help bring change. These are the kind of people we must always strive to be. EDIT: Also, 3000th post.

Second, then fifth? For a university they sure don't know how to count :xd:

[QUOTE=Zeke129;26969648]Second, then fifth? For a university they sure don't know how to count :xd:[/QUOTE] The "..." means that parts of it were taken out.

[QUOTE=Rastadogg5;26969691]The "..." means that parts of it were taken out.[/QUOTE] The :xd: means something too

[QUOTE=Zeke129;26969707]The :xd: means something too[/QUOTE] It generally doesnt imply that you weren't serious though

[QUOTE=Zambies!;26969495]So, what does this Flaw do?[/QUOTE] Allows you to break in to any EMV enabled bank account via cloning of the EMV through monitoring the communication from access points to the bank. Frankly, it's damn easy, all you need is a listening post between the access point and the bank. And bam, you now have the ability to harvest and clone any victim's card.

the more well known it becomes the quicker it'll be fixed the same concept goes behind white-hat hacking and i don't even want to think about the gigantic nightmare computer security would be without it

[QUOTE=ExplodingGuy;26969789]Allows you to break in to any EMV enabled bank account via cloning of the EMV through monitoring the communication from access points to the bank. Frankly, it's damn easy, all you need is a listening post between the access point and the bank. And bam, you now have the ability to harvest and clone any victim's card.[/QUOTE] And why on earth would the banks want this silenced? That seems stupid... Well, they're stupid, but still.

[QUOTE=HumanAbyss;26970082]And why on earth would the banks want this silenced? That seems stupid... Well, they're stupid, but still.[/QUOTE] It costs money to fix things, plus the huge numbers of new complaints.

[QUOTE=HumanAbyss;26970082]And why on earth would the banks want this silenced? That seems stupid... Well, they're stupid, but still.[/QUOTE] They don't want their customers to know that their "secure system" has a security hole the size of Texas.

[QUOTE=CjienX;26969776]It generally doesnt imply that you weren't serious though[/QUOTE] yes it does and it's zeke come the fuck on

[QUOTE=ExplodingGuy;26970203]They don't want their customers to know that their "secure system" has a security hole the size of Texas.[/QUOTE] Basically this. The banks now know, and they want to try and silence this so more customers don't get stressed over it. However the opposite has happened here. Now that Cambridge has essentially bitch slapped the banks, it's giving the story more exposure. Suck on it banks.

Maybe I can get my £200 back now. Fucking banks. "The system is secure, it's your fault!". No it fucking wasn't, my card never left my wallet and certainly never travelled to spain.

brb applying to Cambridge.

[QUOTE=Tetracycline;26970245]yes it does and it's zeke come the fuck on[/QUOTE] No he called me out I legitimately thought that CAMBRIDGE UNIVERSITY believes that five comes after two

[QUOTE=CjienX;26969776]It generally doesnt imply that you weren't serious though[/QUOTE] where have you been

Haha, cambridge cant even count from 2 to 5 xD

i thought cambridge was for pansy nerds I was so wrong. Go Cambridge!

[QUOTE=SEKCobra;26971398]Haha, cambridge cant even count from 2 to 5 xD[/QUOTE] We need a button that combines both the dumb and late buttons.

How bout Doc Clock.

Relevant article by the thesis' author, if anyone wants to read through it: [URL="http://www.cl.cam.ac.uk/%7Eosc22/scd/"]http://www.cl.cam.ac.uk/~osc22/scd/[/URL] A fairly interesting read, although a couple of bits are over my head. This thing here is apparently what's got these banks riled up: [IMG]http://www.cl.cam.ac.uk/%7Eosc22/scd/files/scd.jpg[/IMG]

In Chapter 2: Banks lobby government, thesis is censored in the name of national security, student is arrested under anti-terror laws then charged with an incredibly flimsy fraud charge.

[QUOTE=Edthefirst;26970411]Basically this. The banks now know, and they want to try and silence this so more customers don't get stressed over it. However the opposite has happened here. Now that Cambridge has essentially bitch slapped the banks, it's giving the story more exposure. Suck on it banks.[/QUOTE] [url=http://en.wikipedia.org/wiki/Streisand_effect]Streisand Effect?[/url]

[QUOTE=Cl0cK;26969568]Cambridge is awesome.[/QUOTE] It's still full of stuck up twats, but at least they're looking down the nose at someone they traditionally are kissarses to.