* Posts by Ben Whitaker

2 publicly visible posts • joined 16 Jul 2007

PIN patterns go mobile

Ben Whitaker

visually impaired:

GrIDsure have already been chatting with the RNIB and have had a positive response about the suitability of the system for the sight-impaired, see this response to the original GrIDsure article on the Reg:

http://www.theregister.co.uk/2007/10/04/pin_fraud/comments/#c_71369

and this:

http://www.gridsure.com/faq/show/411#q_614

The mobile application could be made to read out the numbers on the grid quite easily on most modern phones, which would still be protected from a "shoulder listener" by the GrIDsure system, in the same way as a "shoulder surfer" is defeated. (although that hasn't been built into the existing system)

Ben, from Masabi.

Lightweight Java security app aims to pep up m-commerce

Ben Whitaker

re: will it help fix this

Hi Alan,

I think you were referring to http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102934-1

This is a specific issue for certain SUN JRE's for PC's, and does not affect J2ME.

You are right that any mono-culture is vulnerable to one exploit sweeping through it, but MIDP/J2ME virtual machines on mobile phones are not a mono-culture as they are made by different vendors, running on different OS's and Processors (contrary to popular belief all JRE's are not made by SUN).

Windows is a far worse situation, found in very similar guises on only two major CPU families with similar op codes (the binary codes required to make things happen on the processor when a virus has overflowed data into instruction space).

I have posted more detail about mobile security, with an invitation for people to ask more questions on blog.masabi.com if you have other concerns.

Ben (Masabi)

p.s. I think C-Commerce was a typo, we've never heard of it either, and wondered if it was a US translation to "Cellular-Commerce" or something....