Thread: CharlieCards v.v. Oyster (and Octopus?)
View Single Post
  #498   Report Post  
Old February 25th 12, 09:09 PM posted to uk.railway,uk.transport.london,misc.transport.rail.americas
John Levine John Levine is offline
external usenet poster
  
First recorded activity at LondonBanter: Jul 2009
Posts: 158
Default cards, was E-ZPass, was CharlieCards v.v. Oyster (and Octopus?)
Of course, a thief could just steal the lightweight terminal and have
all the days numbers in it. Do you know for a fact that PINs aren't
captured at a local terminal in the UK altered to do so?

That wouldn't work since it's EMV. There's other crypto stuff in the
card that makes it extremely difficult to clone.

Ross Anderson and his security group at Cambridge has done a lot of
work on chip+pin security problems. There are certainly security
issues, but it's considerably more complex than the kind of mag stripe
copying skimming common in the U.S.


--
Regards,
John Levine, , Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. http://jl.ly
Reply With QuoteReply With Quote