and one more skimming attack ATMs hacked using MP3 player http://news.com.com/2061-10789_3-6135905.html?part=rss&tag=2547-1_3-0-20&subj=news
from above: The gang targeted freestanding cash dispensers and would tap the phone line between the ATM and a wall socket by placing a two-way adaptor on it and connecting an MP3 player, according to the newspaper. ... snip ... just another in long history of skimming/harvesting of static authentication information somewhat related: http://www.garlic.com/~lynn/aadsm26.htm#4 Citibank e-mail looks phishy and as referred to here http://www.garlic.com/~lynn/2006u.html#42 New attacks on the financial PIN processing x9.59 protocol http://www.garlic.com/~lynn/x959.html#x959 http://www.garlic.com/~lynn/subpubkey.html#x959 attempting to address the whole problem of attackers acquiring (sensitive) static authentication information ... regardless of method, harvesting, skimming, data breaches, phishing, whatever ... effectively for use in any form of replay attack. the design of the x9.59 protocol also attempted to address numerous possible man-in-the-middle attacks ... which still might occur even when switching from static authentication data to dynamic authentication data i.e. the authentication was part of the transaction itself ... as opposed to separately operation (which could possibly open up cracks for man-in-the-middle attacks). --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
