Henry Schwarz's
ATM & EFT-POS
Security Blog
My much sought-after opinions
›
The banking security site BankInfoSecurity interviewed me about malware on ATMs. Link
Dark Reading
›
The cyber security news site Dark Reading interviewed me about malware on ATMs. Link
Hit the street
›
I was interviewed about hacking in a financial news website called The Street. Link
R.I.P. Barnaby
›
Today I was profoundly saddened to learn of the passing of Barnaby Jack at the age of 35. A few years ago Barnaby attacked my ATM, and he d...
Bob Woodward, Carl Bernstein, Henry Schwarz
›
The Washington Post asked me for comment on a heist involving ATMs.
Published
›
The ATM Industry Association recently published its End-To-End Encryption Best Practices Guide, of which I served as Technical Editor, and m...
Swipe a strip(e)
›
Public Service Announcement: A magnetic stripe card is manufactured by adhering a strip of magnetic tape, and a card-holder may swipe it...
Black Hat USA 2012 **versus** ATM and EFT-POS
›
I've just returned from the Black Hat USA 2012 infosec conference. Here are some of the presentations which may apply to the ATM and EF...
NIST, the National Institute of Shameful Typos
›
Sunbathing on an idyllic tropical vacation, I was absently skimming over NIST's 3DES encryption specification, when suddenly I was harsh...
OK everybody, we've finally made it from 1DES to 3DES, now let's keep on going to AES. Come on, let's go, who's with me?! Um, hello? Anyone?
›
AES is the symmetric crypto algorithm du jour , but AES remains largely unused by retail banking terminals, which have only recently been dr...
Black Hatted
›
At the Black Hat conference in 2010, an ATM designed and built by my employer was setup on stage, and a security researcher demonstrated an ...
Remote key loading and the false dichotomy of certificates versus signatures
›
For RKL, the XFS standard defines a "scheme using certificates" and a "scheme using signatures", and the industry has ta...
Comparing a 112 bit apple with a 2048 bit orange
›
I am grateful to marketers who boast that their crypto products' key lengths are 2048 bit as opposed to a mere 112 bit, for it is too ra...
On the uselessness of self-signed SSL certificates
›
I have observed some hosts using "self-signed" certificates when using SSL to protect their communications with banking terminals....
Home
View web version