>From Bob Hettinga's Philodox Clips email list...The Cryptome
link is especially-fascinating. Citibank's use of the courts to try
to suppress this information is now failing before their eyes. A
good thing, IMNSHO. It should provide a great opportunity for
unintentional-humor in the coming days if they keep flailing, (&
who knows? They might even try to fix the problem!) :^} If the
exploit has existed since the first ATMs, it'd be about time...
JMR
>At 4:41 PM +0000 on 2/21/03, Dave Green wrote:
. orderly cues
>>
>> Out of Africa into the British courts: a shut-the-hell-up
>> order from DINERS CLUB, demanding that ROSS ANDERSON AND
>> HIS CANTAB CRYPTO LEAGUE stop being quite so clever
>> forthwith. Ross' Cambridge team had been asked in as expert
>> witnesses in a South African "phantom ATM withdrawal" case
>> against the international credit card. Were, the
>> prosecution asked them, cashpoints really as secure as the
>> defence made them out to be? Hold on, said Ross, we'll
>> check.
(Do any of our South African members have info on this case?)
A few weeks later, Mike Bond and Piotr Zielinksi
>> uncovered that - despite endless security controls - a bank
>> insider could crack a cashpoint card's PIN number on an
>> internal bank network in an average of fifteen tries. One
>> employee could saunter off with seven thousand ATM PINs in
>> half an hour, making an easy two million quid out of their
>> lunchbreak. This is not the sort of detailed exploit that
>> Citibank, the owners of Diner's Club, would like widely
>> known. They have therefore commenced legal shutupshutup
>> proceedings. And if Citibank's plea succeeds, we're sure
>> everyone who reads the analysis (now mirrored at Cryptome)
>> will do their best to forget it. Not to mention anyone else
>> who worked out the exploit (which has existed since the
>> first ATMs were rolled out) and put it to good use.
>> http://cryptome.org/pacc.htm
- remember: phantom withdrawals DO NOT EXIST
>R. A. Hettinga <mailto: [EMAIL PROTECTED]>
>The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
>44 Farquhar Street, Boston, MA 02131 USA
>"... however it may deserve respect for its usefulness and antiquity,
>[predicting the end of the world] has not been found agreeable to
>experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
>
---
You are currently subscribed to e-gold-list as: [EMAIL PROTECTED]
To unsubscribe send a blank email to [EMAIL PROTECTED]
Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s)
via the web and shopping cart interfaces to help thwart keystroke loggers and common
viruses.
