from NTK:
Out of Africa into the British courts: a shut-the-hell-up
order from DINERS CLUB, demanding that ROSS ANDERSON AND
HIS CANTAB CRYPTO LEAGUE stop being quite so clever
forthwith. Ross' Cambridge team had been asked in as expert
witnesses in a South African "phantom ATM withdrawal" case
against the international credit card. Were, the
prosecution asked them, cashpoints really as secure as the
defence made them out to be? Hold on, said Ross, we'll
check. A few weeks later, Mike Bond and Piotr Zielinksi
uncovered that - despite endless security controls - a bank
insider could crack a cashpoint card's PIN number on an
internal bank network in an average of fifteen tries. One
employee could saunter off with seven thousand ATM PINs in
half an hour, making an easy two million quid out of their
lunchbreak. This is not the sort of detailed exploit that
Citibank, the owners of Diner's Club, would like widely
known. They have therefore commenced legal shutupshutup
proceedings. And if Citibank's plea succeeds, we're sure
everyone who reads the analysis (now mirrored at Cryptome)
will do their best to forget it. Not to mention anyone else
who worked out the exploit (which has existed since the
first ATMs were rolled out) and put it to good use.
http://cryptome.org/pacc.htm
- remember: phantom withdrawals DO NOT EXIST
-------------------------------------------------
a m b i t : networking media arts in scotland
post: [EMAIL PROTECTED]
archive: http://www.mediascot.org/ambit
info: send email to [EMAIL PROTECTED]
and write "info ambit" in the message body
-------------------------------------------------
