In association with heise online

13 February 2010, 11:09

The H Week - TPM and Chip and PIN cracked

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Some significant 'cracks' for this week; an American researcher has extracted TPM keys by opening chips and tapping in to the internal buses and a University of Cambridge team has been able to fool a Chip and PIN system into accepting any 4 numbers as a valid PIN. OpenOffice promises more stable and swift operation with version 3.2 but, while well established in Germany, it has yet to win a similar following elsewhere. Mozilla was mildly embarrassed by its warnings of poisoned add-ons and a basic security bug was found in GNOME.

Features

The H published two features this week and another issue in the Kernel Log series covering what's coming in Linux 2.6.33. The feature 'Android versus Linux' examined the issues which can occur if a developer starts maintaining their own development tree for the Linux kernel, while in our second feature we took a look at the latest KDE desktop.

Open Source

On a nation-by-nation basis, adoption of the free office suite OpenOffice is particularly uneven with the biggest uptake being in Germany, according to Webmasterpro. The release of the new, faster, more stable, version 3.2 may help balance this out. Oracle backtracked over closing Kenai, blaming poor communication and said Kenai will live on in java.net. Sourceforge backed down on blanket blocking access from countries affected by US export regulations. Matt Asay moved from Alfresco to become Canonical's new COO and Facebook added support for the open XMPP standard to Facebook Chat.

Open Source Releases

Security

The H week closed with the news that security researchers had discovered a means of completing a 'Chip and PIN' transaction using any four digits as a valid PIN. Earlier in the week came news of an American researcher who had broken the security of TPM chips by slicing them open and connecting to their internal data buses. Oracle released an unscheduled patch for a critical vulnerability in the WebLogic Server Node Manager. Mozilla warned its users of two add-ons it thought contained malware and then had to admit it was wrong about one of them. A bug has been found in the GNOME desktop that on many systems means that desktop locking can be easily bypassed.

Security Alerts

To see all last week's news see The H's last seven days of news and to keep up with The H, subscribe to the RSS feed, or follow honlinenews on Twitter. You can follow The H's own tweeting on Twitter as honline.

(trk)

Print Version | Send by email | Permalink: http://h-online.com/-929416
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit