> What would you mean by "peal off"? Would that be some kind of physical > tampering? Most smart cards often have some kind of "Tamper Resistant > Sealing". Also if you try to peal of the adhesive coating, you will most > probably break the delicate fuse wire which most Smart Card companies run > in that adhesive coating, thereby making the whole smart-card completely > useless. "The Netherlands Organisation for Applied Scientific Research" has the tools for 'pealing' of the chip layer by layer (thus not the card). Again I do not know the exact technology they use but it is not just your ordenary knive and skrewdriver. More like elektron microscope and the likes. And I do not think they are the only ones on the planet who can. In this fase the are not interested in the working of the whole device as such. They just take the whole thing apart and 'write every thing down'. Later they reconstruct the device in simulators, like putting it in Orcad, and then the creative thinking process starts, I guess. > Tom, if what you are saying is correct, people can make large amounts of > money, just copying smart cards with applications like "Pre Paid Telephone > Cards", "Electronic Purses" etc. > So if you know how a device works you know how to abuse it. IMHO that sort of thinking is what the US calls DMCA. And that is just not right ! Remember "Security is a proces." (c) Bruce If the weakest link of your chain is a badly designed smardcard then what you are saying might be right but a simple trustrelationship between costumer and cashier can just as well be your weak point. What I'm trying to say is that knowing about the inner workings of a piece of technology does not implie you can (or will) abuse it to your or anybody else's advantage. But this discussion is starting to become a bit off topic. Happy cheers, Tom CISPP 27411 (I would have loved the number twenty four seven, four eleven :-) ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Sun Jan 27 2002 - 14:08:01 PST