No subject


Wed Nov 1 13:33:48 EST 2006


"PIN entry must be performed in such a way that cashiers, checkout
attendants, customers, and people nearby cannot easily observe the PIN
during entry by the cardholder. Therefore, PCI requires that the PIN entry
device be equipped with proper shielding protection for privacy - "to
provide a means to deter the visual observation of the PIN values as they
are being entered by the cardholder," '
=20
Is a little at odds with the 25% shoulder surf statistic Eoin commented on
earlier in the week.=20
=20
Maybe card companies should ask restaurant staff that use the handhelds how
often they see the entire pin of the customer, (without actually trying).
Remember its not something they can look away from as they generally have to
walk the customer through the new process and of course make sure that the
customer leaves a tip at the appropriate stage when paying!
(In our line of work its very good to be negative.....in a positive kind of
way.)
T

-----Original Message-----
From: Chris Madden [mailto:chris.madden at trintech.com]=20
Sent: 12 October 2005 11:16
To: 'Tony Palmer'; OWASP-Ireland at lists.sourceforge.net
Subject: RE: [OWASP-Ireland] chip & pin



Hi Tony,

=20

In general, the requirements for the "privacy shield" for pin entry devices
were relaxed since PCI PED superseded Visa's VisaPED specs.=20

Germany, having the most stringent PED security requirements in
Europe/worldwide, has not relaxed their requirements.

=20

AFAIK, this relaxation is partly related to accessibility and disability
requirements/specifications.

=20

PCI PED and VisaPED specify things like the minimum angle from the '5' key
(5 being the middle key on the keypad) to the top of the wall of the privacy
shield above and to the sides of the '5' key.

=20

For handheld terminals, the requirements for the privacy shield are also
relaxed - the rationale being that the user can use their body as a shield
when they are holding the terminal.

=20

See VisaPED section 3.4 Privacy Shield Requirement:
http://international.visa.com/fb/vendors/pin/Visa_PED_Program_Guide.pdf for
more info.

=20

Chris

=20


  _____ =20


From: Tony Palmer [mailto:tony.palmer at vordel.com]=20
Sent: 11 October 2005 11:37
To: Eoin.Keary at allianz.ie; OWASP-Ireland at lists.sourceforge.net
Subject: RE: [OWASP-Ireland] chip & pin

=20

Hi,

 One thing that really bugs me about the new chip and pin system is way in
which the pin is entered. Some of the terminals such as those in
supermarkets offer little in the way of privacy when inputting the pin. Up
to now pins have been mostly used at ATM's where your body is a good
physical screen, but now usually the terminal is between you and the
retailer, more often than not in plain view of other cusomers too.=20

A step back for pin security???

T

-----Original Message-----
From: owasp-ireland-admin at lists.sourceforge.net
[mailto:owasp-ireland-admin at lists.sourceforge.net] On Behalf Of
Eoin.Keary at allianz.ie
Sent: 11 October 2005 12:28
To: OWASP-Ireland at lists.sourceforge.net
Subject: [OWASP-Ireland] chip & pin


http://news.bbc.co.uk/2/hi/business/4320072.stm        =20

BBC has an article on Chip and Pin and the affect it has had on card fraud,
as mentioned by Chris at his PCI presentation last meeting.=20
- might be "marketing guff"? Chris, any comments?=20

Eoin=20




BTW, Next OWASP meeting (End of NoV)=20


Wishlist for next meeting (end of November)=20

1. WebGoat tutorial/walkthrough.
2. WebScarab walkthrough. - DONE
3. Secure Code practices and pitfalls.
4. PCI (Credit card standard) - DONE
5. Integration of security into the SDLC.
6. OWASP Top 10
7. Forensics + best practice for incident response=20


Eoin Keary





xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Allianz Ireland p.l.c. and Allianz Corporate Ireland p.l.c. are companies of
the Allianz Group, Europe's leading global insurer and provider of financial
services.=20
For more information on our products and services log on to www.allianz.ie
or call us on (01)613 3000.

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action or reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you have
received this in error, please contact the sender and delete the material
from your computer.

Allianz Ireland p.l.c. trading as Allianz is regulated by the Irish
Financial Services Regulatory Authority (IFSRA).=20
Allianz Corporate Ireland p.l.c. trading as Allianz is regulated by the
Irish Financial Services Regulatory Authority (IFSRA).
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx






This e-mail is business-confidential and may be privileged. If you are not
the intended recipient, please notify us immediately and delete it. If the
email does not relate to Vordel's business then it is neither from nor
authorized by Vordel. Thank you.



This e-mail is business-confidential and may be privileged. If you are not
the intended recipient, please notify us immediately and delete it. If the
email does not relate to Vordel's business then it is neither from nor
authorized by Vordel. Thank you.

------=_NextPart_000_0003_01C5CF22.57305470
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns=3D"http://www.w3.org/TR/REC-html40" xmlns:v =3D=20
"urn:schemas-microsoft-com:vml" xmlns:o =3D=20
"urn:schemas-microsoft-com:office:office" xmlns:w =3D=20
"urn:schemas-microsoft-com:office:word" xmlns:p =3D=20
"urn:schemas-microsoft-com:office:powerpoint" xmlns:oa =3D=20
"urn:schemas-microsoft-com:office:activation" xmlns:st1 =3D=20
"urn:schemas-microsoft-com:office:smarttags"><HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=3Dus-ascii">
<TITLE>Message</TITLE>

<META content=3D"MSHTML 6.00.2900.2722" name=3DGENERATOR><!--[if !mso]>
<STYLE>v\:* {
	BEHAVIOR: url(#default#VML)
}
o\:* {
	BEHAVIOR: url(#default#VML)
}
w\:* {
	BEHAVIOR: url(#default#VML)
}
.shape {
	BEHAVIOR: url(#default#VML)
}
</STYLE>
<![endif]--><o:SmartTagType downloadurl=3D"http://www.5iantlavalamp.com/"=20
name=3D"place"=20
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"></o:SmartTagType><o:SmartTagType=20
downloadurl=3D"http://www.5iantlavalamp.com/" name=3D"country-region"=20
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"></o:SmartTagType><!--[if !mso]>
<STYLE>st1\:* {
	BEHAVIOR: url(#default#ieooui)
}
</STYLE>
<![endif]-->
<STYLE>@font-face {
	font-family: PMingLiU;
}
@font-face {
	font-family: Arial Black;
}
@font-face {
	font-family: Tahoma;
}
@font-face {
	font-family: @PMingLiU;
}
@font-face {
	font-family: sans-serif;
}
@page Section1 {size: 612.0pt 792.0pt; margin: 72.0pt 90.0pt 72.0pt 90.0pt; }
P.MsoNormal {
	FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"
}
LI.MsoNormal {
	FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"
}
DIV.MsoNormal {
	FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"
}
H2 {
	FONT-WEIGHT: normal; FONT-SIZE: 12pt; MARGIN: 12pt 0cm 6pt; FONT-FAMILY: Arial
}
H3 {
	FONT-WEIGHT: normal; FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt 36pt; TEXT-INDENT: -36pt; FONT-FAMILY: "Times New Roman"; mso-list: l2 level3 lfo4
}
H4 {
	FONT-WEIGHT: normal; FONT-SIZE: 10pt; MARGIN: 0cm 0cm 0pt 43.2pt; TEXT-INDENT: -43.2pt; FONT-FAMILY: Arial; mso-list: l2 level4 lfo4
}
H5 {
	FONT-WEIGHT: normal; FONT-SIZE: 10pt; MARGIN: 0cm 0cm 0pt 50.4pt; TEXT-INDENT: -50.4pt; FONT-FAMILY: "Times New Roman"; mso-list: l2 level5 lfo4
}
H6 {
	FONT-WEIGHT: normal; FONT-SIZE: 10pt; MARGIN: 0cm 0cm 0pt 57.6pt; TEXT-INDENT: -57.6pt; FONT-FAMILY: Arial; mso-list: l2 level6 lfo4
}
P.MsoListNumber2 {
	FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt 32.15pt; TEXT-INDENT: -18pt; FONT-FAMILY: "Times New Roman"; mso-list: l1 level1 lfo1
}
LI.MsoListNumber2 {
	FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt 32.15pt; TEXT-INDENT: -18pt; FONT-FAMILY: "Times New Roman"; mso-list: l1 level1 lfo1
}
DIV.MsoListNumber2 {
	FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt 32.15pt; TEXT-INDENT: -18pt; FONT-FAMILY: "Times New Roman"; mso-list: l1 level1 lfo1
}
P.MsoListNumber3 {
	FONT-SIZE: 10pt; MARGIN: 0cm 0cm 0pt 49.9pt; TEXT-INDENT: -21.6pt; FONT-FAMILY: "Times New Roman"; mso-list: l4 level1 lfo2
}
LI.MsoListNumber3 {
	FONT-SIZE: 10pt; MARGIN: 0cm 0cm 0pt 49.9pt; TEXT-INDENT: -21.6pt; FONT-FAMILY: "Times New Roman"; mso-list: l4 level1 lfo2
}
DIV.MsoListNumber3 {
	FONT-SIZE: 10pt; MARGIN: 0cm 0cm 0pt 49.9pt; TEXT-INDENT: -21.6pt; FONT-FAMILY: "Times New Roman"; mso-list: l4 level1 lfo2
}
P.MsoListNumber4 {
	FONT-SIZE: 10pt; MARGIN: 0cm 0cm 0pt 60.45pt; TEXT-INDENT: -18pt; FONT-FAMILY: "Times New Roman"; mso-list: l3 level1 lfo3
}
LI.MsoListNumber4 {
	FONT-SIZE: 10pt; MARGIN: 0cm 0cm 0pt 60.45pt; TEXT-INDENT: -18pt; FONT-FAMILY: "Times New Roman"; mso-list: l3 level1 lfo3
}
DIV.MsoListNumber4 {
	FONT-SIZE: 10pt; MARGIN: 0cm 0cm 0pt 60.45pt; TEXT-INDENT: -18pt; FONT-FAMILY: "Times New Roman"; mso-list: l3 level1 lfo3
}
A:link {
	COLOR: blue; TEXT-DECORATION: underline
}
SPAN.MsoHyperlink {
	COLOR: blue; TEXT-DECORATION: underline
}
A:visited {
	COLOR: purple; TEXT-DECORATION: underline
}
SPAN.MsoHyperlinkFollowed {
	COLOR: purple; TEXT-DECORATION: underline
}
STRONG {
	COLOR: red; FONT-FAMILY: "Arial Black"
}
P.minute {
	FONT-SIZE: 10pt; MARGIN: 0cm 0cm 0pt; LAYOUT-GRID-MODE: line; FONT-FAMILY: Arial
}
LI.minute {
	FONT-SIZE: 10pt; MARGIN: 0cm 0cm 0pt; LAYOUT-GRID-MODE: line; FONT-FAMILY: Arial
}
DIV.minute {
	FONT-SIZE: 10pt; MARGIN: 0cm 0cm 0pt; LAYOUT-GRID-MODE: line; FONT-FAMILY: Arial
}
SPAN.EmailStyle22 {
	COLOR: navy; FONT-FAMILY: Arial; mso-style-type: personal-reply
}
P.Default {
	FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; COLOR: black; FONT-FAMILY: Arial
}
LI.Default {
	FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; COLOR: black; FONT-FAMILY: Arial
}
DIV.Default {
	FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; COLOR: black; FONT-FAMILY: Arial
}
DIV.Section1 {
	page: Section1
}
OL {
	MARGIN-BOTTOM: 0cm
}
UL {
	MARGIN-BOTTOM: 0cm
}
</STYLE>
</HEAD>
<BODY lang=3DEN-US vLink=3Dpurple link=3Dblue>
<DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN class=3D212303510-12102005>From=20
Section 3.4 </SPAN></FONT></DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN class=3D212303510-12102005>"PIN=20
entry must be performed in such a way that cashiers, checkout attendants,=20
customers, and people nearby cannot easily observe the PIN during entry by the=20
cardholder. Therefore, PCI requires that the PIN entry device be equipped with=20
proper shielding protection for privacy &#8211; "to provide a means to deter the=20
visual observation of the PIN values as they are being entered by the=20
cardholder," '</SPAN></FONT></DIV>
<DIV><FONT size=3D2><SPAN class=3D212303510-12102005></SPAN></FONT><FONT=20
size=3D2><SPAN class=3D212303510-12102005><FONT face=3DArial=20
color=3D#0000ff></FONT></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT size=3D2><SPAN class=3D212303510-12102005><FONT face=3DArial=20
color=3D#0000ff>Is a little at odds with the 25% shoulder surf statistic Eoin=20
commented on earlier in the week. </FONT></SPAN></FONT></DIV>
<DIV><FONT size=3D2><SPAN class=3D212303510-12102005><FONT face=3DArial=20
color=3D#0000ff></FONT></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT size=3D2><SPAN class=3D212303510-12102005><FONT face=3DArial=20
color=3D#0000ff>Maybe card companies should ask restaurant staff that use the=20
handhelds how often they see the entire pin of the customer, (without actually=20
trying). Remember its not something they can look away from as they generally=20
have to walk the customer through the new process and of course make sure that=20
the customer leaves a tip at the appropriate stage when=20
paying!</FONT></SPAN></FONT></DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN class=3D212303510-12102005><SPAN=20
class=3D395104310-12102005>(In our line of work its very good to be=20
negative.....in a positive kind of way.)</SPAN></SPAN></FONT></DIV>
<DIV><FONT size=3D2><SPAN class=3D212303510-12102005><FONT face=3DArial=20
color=3D#0000ff>T</FONT></SPAN></FONT></DIV></DIV>
<BLOCKQUOTE dir=3Dltr style=3D"MARGIN-RIGHT: 0px">
  <DIV></DIV>
  <DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr align=3Dleft><FONT=20
  face=3DTahoma size=3D2>-----Original Message-----<BR><B>From:</B> Chris Madden=20
  [mailto:chris.madden at trintech.com] <BR><B>Sent:</B> 12 October 2005=20
  11:16<BR><B>To:</B> 'Tony Palmer';=20
  OWASP-Ireland at lists.sourceforge.net<BR><B>Subject:</B> RE: [OWASP-Ireland]=20
  chip &amp; pin<BR><BR></FONT></DIV>
  <DIV class=3DSection1>
  <P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN=20
  style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">Hi=20
  Tony,<o:p></o:p></SPAN></FONT></P>
  <P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN=20
  style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><o:p>&nbsp;</o:p></SPAN></FONT></P>
  <P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN=20
  style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">In general, the=20
  requirements for the "privacy shield" for pin entry devices were relaxed since=20
  PCI PED superseded Visa's VisaPED specs. <o:p></o:p></SPAN></FONT></P>
  <P class=3DMsoNormal><st1:country-region w:st=3D"on"><st1:place w:st=3D"on"><FONT=20
  face=3DArial color=3Dnavy size=3D2><SPAN=20
  style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">Germany</SPAN></FONT></st1:place></st1:country-region><FONT=20
  face=3DArial color=3Dnavy size=3D2><SPAN=20
  style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">, having the most=20
  stringent PED security requirements in Europe/worldwide, has not relaxed their=20
  requirements.<o:p></o:p></SPAN></FONT></P>
  <P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN=20
  style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><o:p>&nbsp;</o:p></SPAN></FONT></P>
  <P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN=20
  style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">AFAIK, this=20
  relaxation is partly related to accessibility and disability=20
  requirements/specifications.<o:p></o:p></SPAN></FONT></P>
  <P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN=20
  style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><o:p>&nbsp;</o:p></SPAN></FONT></P>
  <P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN=20
  style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">PCI PED and VisaPED=20
  specify things like the minimum angle from the '5' key (5 being the middle key=20
  on the keypad) to the top of the wall of the privacy shield above and to the=20
  sides of the '5' key.<o:p></o:p></SPAN></FONT></P>
  <P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN=20
  style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><o:p>&nbsp;</o:p></SPAN></FONT></P>
  <P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN=20
  style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">For handheld=20
  terminals, the requirements for the privacy shield are also relaxed - the=20
  rationale being that the user can use their body as a shield when they are=20
  holding the terminal.<o:p></o:p></SPAN></FONT></P>
  <P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN=20
  style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><o:p>&nbsp;</o:p></SPAN></FONT></P>
  <P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN=20
  style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">See VisaPED section=20
  3.4 Privacy Shield Requirement: <A=20
  href=3D"http://international.visa.com/fb/vendors/pin/Visa_PED_Program_Guide.pdf">http://international.visa.com/fb/vendors/pin/Visa_PED_Program_Guide.pdf</A>=20
  for more info.<o:p></o:p></SPAN></FONT></P>
  <P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN=20
  style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><o:p>&nbsp;</o:p></SPAN></FONT></P>
  <P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN=20
  style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">Chris<o:p></o:p></SPAN></FONT></P>
  <P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN=20
  style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><o:p>&nbsp;</o:p></SPAN></FONT></P>
  <DIV=20
  style=3D"BORDER-RIGHT: medium none; PADDING-RIGHT: 0cm; BORDER-TOP: medium none; PADDING-LEFT: 4pt; PADDING-BOTTOM: 0cm; BORDER-LEFT: blue 1.5pt solid; PADDING-TOP: 0cm; BORDER-BOTTOM: medium none">
  <DIV>
  <DIV class=3DMsoNormal style=3D"TEXT-ALIGN: center" align=3Dcenter><FONT=20
  face=3D"Times New Roman" size=3D3><SPAN style=3D"FONT-SIZE: 12pt">
  <HR tabIndex=3D-1 align=3Dcenter width=3D"100%" SIZE=3D2>
  </SPAN></FONT></DIV>
  <P class=3DMsoNormal><B><FONT face=3DTahoma size=3D2><SPAN=20
  style=3D"FONT-WEIGHT: bold; FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">From:</SPAN></FONT></B><FONT=20
  face=3DTahoma size=3D2><SPAN style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Tahoma"> Tony=20
  Palmer [mailto:tony.palmer at vordel.com] <BR><B><SPAN=20
  style=3D"FONT-WEIGHT: bold">Sent:</SPAN></B> 11 October 2005 11:37<BR><B><SPAN=20
  style=3D"FONT-WEIGHT: bold">To:</SPAN></B> Eoin.Keary at allianz.ie;=20
  OWASP-Ireland at lists.sourceforge.net<BR><B><SPAN=20
  style=3D"FONT-WEIGHT: bold">Subject:</SPAN></B> RE: [OWASP-Ireland] chip &amp;=20
  pin</SPAN></FONT><o:p></o:p></P></DIV>
  <P class=3DMsoNormal><FONT face=3D"Times New Roman" size=3D3><SPAN=20
  style=3D"FONT-SIZE: 12pt"><o:p>&nbsp;</o:p></SPAN></FONT></P>
  <DIV>
  <P class=3DMsoNormal><FONT face=3DArial color=3Dblue size=3D2><SPAN=20
  style=3D"FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: Arial">Hi,</SPAN></FONT><o:p></o:p></P></DIV>
  <DIV>
  <P class=3DMsoNormal><FONT face=3DArial color=3Dblue size=3D2><SPAN=20
  style=3D"FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: Arial">&nbsp;One thing that=20
  really bugs me about the new chip and pin system is way in which the pin is=20
  entered. Some of the terminals such as those in supermarkets offer little in=20
  the way of privacy when inputting the pin. Up to now pins have been mostly=20
  used at ATM's where your body is a good physical screen, but now usually the=20
  terminal is between you and the retailer, more often than not in plain view of=20
  other cusomers too. </SPAN></FONT><o:p></o:p></P></DIV>
  <DIV>
  <P class=3DMsoNormal><FONT face=3DArial color=3Dblue size=3D2><SPAN=20
  style=3D"FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: Arial">A step back for pin=20
  security???</SPAN></FONT><o:p></o:p></P></DIV>
  <DIV>
  <P class=3DMsoNormal><FONT face=3DArial color=3Dblue size=3D2><SPAN=20
  style=3D"FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: Arial">T</SPAN></FONT><o:p></o:p></P></DIV>
  <BLOCKQUOTE style=3D"MARGIN-TOP: 5pt; MARGIN-BOTTOM: 5pt; MARGIN-RIGHT: 0cm">
    <P class=3DMsoNormal style=3D"MARGIN-BOTTOM: 12pt"><FONT face=3DTahoma=20
    size=3D2><SPAN style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">-----Original=20
    Message-----<BR><B><SPAN style=3D"FONT-WEIGHT: bold">From:</SPAN></B>=20
    owasp-ireland-admin at lists.sourceforge.net=20
    [mailto:owasp-ireland-admin at lists.sourceforge.net] <B><SPAN=20
    style=3D"FONT-WEIGHT: bold">On Behalf Of=20
    </SPAN></B>Eoin.Keary at allianz.ie<BR><B><SPAN=20
    style=3D"FONT-WEIGHT: bold">Sent:</SPAN></B> 11 October 2005 12:28<BR><B><SPAN=20
    style=3D"FONT-WEIGHT: bold">To:</SPAN></B>=20
    OWASP-Ireland at lists.sourceforge.net<BR><B><SPAN=20
    style=3D"FONT-WEIGHT: bold">Subject:</SPAN></B> [OWASP-Ireland] chip &amp;=20
    pin</SPAN></FONT><o:p></o:p></P>
    <P class=3DMsoNormal style=3D"MARGIN-BOTTOM: 12pt"><FONT face=3D"Times New Roman"=20
    size=3D3><SPAN style=3D"FONT-SIZE: 12pt"><BR></SPAN></FONT><FONT face=3Dsans-serif=20
    size=3D2><SPAN=20
    style=3D"FONT-SIZE: 10pt; FONT-FAMILY: sans-serif">http://news.bbc.co.uk/2/hi/business/4320072.stm=20
    &nbsp; &nbsp; &nbsp; &nbsp;</SPAN></FONT> <BR><BR><FONT face=3Dsans-serif=20
    size=3D2><SPAN style=3D"FONT-SIZE: 10pt; FONT-FAMILY: sans-serif">BBC has an=20
    article on Chip and Pin and the affect it has had on card fraud, as=20
    mentioned by Chris at his PCI presentation last meeting.</SPAN></FONT>=20
    <BR><FONT face=3Dsans-serif size=3D2><SPAN=20
    style=3D"FONT-SIZE: 10pt; FONT-FAMILY: sans-serif">- might be "marketing=20
    guff"? Chris, any comments?</SPAN></FONT> <BR><BR><FONT face=3Dsans-serif=20
    size=3D2><SPAN=20
    style=3D"FONT-SIZE: 10pt; FONT-FAMILY: sans-serif">Eoin</SPAN></FONT>=20
    <BR><BR><BR><BR><BR><FONT face=3Dsans-serif size=3D2><SPAN=20
    style=3D"FONT-SIZE: 10pt; FONT-FAMILY: sans-serif">BTW, Next OWASP meeting=20
    (End of NoV)</SPAN></FONT> <BR><FONT face=3Dsans-serif size=3D2><SPAN=20
    style=3D"FONT-SIZE: 10pt; FONT-FAMILY: sans-serif"><BR><BR>Wishlist for next=20
    meeting (end of November)</SPAN></FONT> <BR><BR>1. WebGoat=20
    tutorial/walkthrough.<BR>2. WebScarab walkthrough. - <B><SPAN=20
    style=3D"FONT-WEIGHT: bold">DONE</SPAN></B><BR>3. Secure Code practices and=20
    pitfalls.<BR>4. PCI (Credit card standard) - <B><SPAN=20
    style=3D"FONT-WEIGHT: bold">DONE</SPAN></B><BR>5. Integration of security into=20
    the SDLC.<BR>6. OWASP Top 10<BR>7. Forensics + best practice for incident=20
    response <BR><FONT face=3Dsans-serif size=3D2><SPAN=20
    style=3D"FONT-SIZE: 10pt; FONT-FAMILY: sans-serif"><BR><BR>Eoin=20
    Keary</SPAN></FONT><BR><BR><BR><BR><BR><BR>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx<BR>Allianz=20
    <st1:country-region w:st=3D"on">Ireland</st1:country-region> p.l.c. and=20
    Allianz Corporate Ireland p.l.c. are companies of the Allianz Group,=20
    <st1:place w:st=3D"on">Europe</st1:place>'s leading global insurer and=20
    provider of financial services. <BR>For more information on our products and=20
    services log on to www.allianz.ie or call us on (01)613 3000.<BR><BR>The=20
    information transmitted is intended only for the person or entity to which=20
    it is addressed and may contain confidential and/or privileged material. Any=20
    review, retransmission, dissemination or other use of, or taking of any=20
    action or reliance upon, this information by persons or entities other than=20
    the intended recipient is prohibited. If you have received this in error,=20
    please contact the sender and delete the material from your=20
    computer.<BR><BR>Allianz <st1:country-region w:st=3D"on"><st1:place=20
    w:st=3D"on">Ireland</st1:place></st1:country-region> p.l.c. trading as Allianz=20
    is regulated by the Irish Financial Services Regulatory Authority (IFSRA).=20
    <BR>Allianz Corporate Ireland p.l.c. trading as Allianz is regulated by the=20
    Irish Financial Services Regulatory Authority=20
    (IFSRA).<BR>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx<BR><BR><BR><BR><o:p></o:p></P></BLOCKQUOTE>
  <P class=3DMsoNormal><FONT face=3D"Times New Roman" size=3D3><SPAN=20
  style=3D"FONT-SIZE: 12pt"><BR>This e-mail is business-confidential and may be=20
  privileged. If you are not<BR>the intended recipient, please notify us=20
  immediately and delete it. If the<BR>email does not relate to Vordel's=20
  business then it is neither from nor<BR>authorized by Vordel. Thank=20
  you.<o:p></o:p></SPAN></FONT></P></DIV></DIV></BLOCKQUOTE><br>This e-mail is business-confidential and may be privileged. If you are not<br>
the intended recipient, please notify us immediately and delete it. If the<br>
email does not relate to Vordel's business then it is neither from nor<br>
authorized by Vordel. Thank you.<br>
</body></HTML>

------=_NextPart_000_0003_01C5CF22.57305470--





More information about the Owasp-ireland mailing list