>From Bob Hettinga's Philodox Clips email list...The Cryptome link is especially-fascinating. Citibank's use of the courts to try to suppress this information is now failing before their eyes. A good thing, IMNSHO. It should provide a great opportunity for unintentional-humor in the coming days if they keep flailing, (& who knows? They might even try to fix the problem!) :^} If the exploit has existed since the first ATMs, it'd be about time... JMR
>At 4:41 PM +0000 on 2/21/03, Dave Green wrote: . orderly cues >> >> Out of Africa into the British courts: a shut-the-hell-up >> order from DINERS CLUB, demanding that ROSS ANDERSON AND >> HIS CANTAB CRYPTO LEAGUE stop being quite so clever >> forthwith. Ross' Cambridge team had been asked in as expert >> witnesses in a South African "phantom ATM withdrawal" case >> against the international credit card. Were, the >> prosecution asked them, cashpoints really as secure as the >> defence made them out to be? Hold on, said Ross, we'll >> check. (Do any of our South African members have info on this case?) A few weeks later, Mike Bond and Piotr Zielinksi >> uncovered that - despite endless security controls - a bank >> insider could crack a cashpoint card's PIN number on an >> internal bank network in an average of fifteen tries. One >> employee could saunter off with seven thousand ATM PINs in >> half an hour, making an easy two million quid out of their >> lunchbreak. This is not the sort of detailed exploit that >> Citibank, the owners of Diner's Club, would like widely >> known. They have therefore commenced legal shutupshutup >> proceedings. And if Citibank's plea succeeds, we're sure >> everyone who reads the analysis (now mirrored at Cryptome) >> will do their best to forget it. Not to mention anyone else >> who worked out the exploit (which has existed since the >> first ATMs were rolled out) and put it to good use. >> http://cryptome.org/pacc.htm - remember: phantom withdrawals DO NOT EXIST >R. A. Hettinga <mailto: [EMAIL PROTECTED]> >The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> >44 Farquhar Street, Boston, MA 02131 USA >"... however it may deserve respect for its usefulness and antiquity, >[predicting the end of the world] has not been found agreeable to >experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' > --- You are currently subscribed to e-gold-list as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.