ATM Vendors Threaten, Stop Research Presentation 134
An anonymous reader writes "A presentation about 'The Underground Economy,' by Italian white hat hacker and security expert Raoul Chiesa, was replaced at the last minute during last week's Hack In The Box conference. The reason behind this cancellation was that Chiesa received legal pressure from ATM vendors over the fact that the originally scheduled presentation covers details of various techniques and exploits of vulnerabilities that cyber criminals use to break into ATMs — flaws that have been known for a long time."
Publish it on Piratebay instead (Score:5, Insightful)
No government nor corporation has a right to muzzle our mouths.
Re: (Score:2, Insightful)
No government nor corporation has a right to muzzle our mouths.
No they don't, but they did and they do... And the public couldn't care less. If he put it on piratebay, he can still get in trouble. His name is all over it. Only anonymous disclosure can remedy this.
Re: (Score:2)
Why would he be in trouble? It's not illegal to speak or publish your thoughts. That's the reason why the US Bill of Rights and EU Charters of Fundamental Rights exist.
Re:Publish it on Piratebay instead (Score:4, Insightful)
Why would he be in trouble? It's not illegal to speak or publish your thoughts.
Really?
I am thinking of a number.... it's between 13,256,278,887,989,457,651,018,865,901,401,704,639 and 13,256,278,887,989,457,651,018,865,901,401,704,641
Re: (Score:1)
Hmmm... "between inclusive" or "between exclusive"?
Re:Publish it on Piratebay instead (Score:5, Informative)
13,256,278,887,989,457,651,018,865,901,401,704,640
I am protected by this law, which nullifies any other law: "Congress shall make no law... abridging the freedom of speech, or of the press" and "The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people." and "The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people."
Give me the paper that was banned from the conference. I'll publish it. I don't give a frak.
Re:Publish it on Piratebay instead (Score:5, Interesting)
The DMCA makes even knowing that number a crime. Publishing it here even more so. Though I doubt you will, you could spend the rest of your life and every penny you will ever make convincing a series of judges that the First Amendment supersedes the DMCA.
I'm not saying this is right. I'm specifically saying its wrong.
Re: (Score:2)
I know a guy who fought a similar case. He created a website about a new mall coming to his town, to provide information to residents about what stores would be there and what it would look like.
After the mall was completed the owner sued the webmaster, claiming the name of the dot-com site was copyrighted. It took about 4 years and eventually rose to the level of the US Supreme Court, but the webmaster won. His website was protected by the Constitution. It ended-up costing zero out of his pocket becaus
Re: (Score:2)
Re: (Score:2)
What is it about the legality of libraries that is shocking to you? The fact that they can loan out (not make additional copies of) copyrighted material? That is covered by the First Sale Doctrine http://en.wikipedia.org/wiki/First_sale_doctrine [wikipedia.org]
BTW, some other thread today or yesterday had a comment mentioning something about libraries being paid for by our tax dollars. While that is true now, it wasn'
Re: (Score:2)
Re: (Score:2)
Actually, no. Since there are endless debates over whether there are Constitutional rights to Native Americans, children, criminals, foreigners, illegal aliens, tarrarists (though what's wrong with paving roads, I don't know), etc, it follows that the Bill of Rights is really just a list of permissions. A right is just that, a right. It cannot be given, it cannot be taken away. It is. A permission must be given and may be taken away at the discretion of the giver. It follows that there is no, and never real
Re: (Score:2)
Re: (Score:2)
Your private thoughts cannot be taken from you, so there is the first right. Your emotions, state-of-mind, knowledge, intellect and understanding are likewise yours and yours alone.
Secondly, there's very little you really own anyway - virtually everything you claim is rented, licensed or mortgaged - and it's actually quite hard to take something you don't have in the first place.
Thirdly, the ability of group X to take something is not the same as group X then owning it. Let us say that the US enshrined the
Re: (Score:1)
Your private thoughts cannot be taken from you, so there is the first right. Your emotions, state-of-mind, knowledge, intellect and understanding are likewise yours and yours alone.
It's interesting to note that you are linking 'rights' to 'ownership', whereas I would think rights have more to do with action and expression than with shit you own.
Instead of having the 'right to speak freely' you have 'right to free speech' as if 'free speech' is something you can take and own. Thinking like that leads to concepts like 'taking away' things instead of 'preventing you from doing something'. Needless to say, stopping you from 'expressing' or 'doing' is quite different from 'taking something
Re: (Score:2)
>>>I would think rights have more to do with action and expression than with shit you own.
At its core, rights ARE about ownership. You own your own body and you own the various things your body can do - like think, speak, act, create. For example if a politician is granted the power to muzzle your mouth, then you no longer really own yourself - you are now the property of the politician. You're a serf and he's your master.
Natural Rights philosophy was discovered specifically to say, "I am no lo
Re: (Score:1)
Natural Rights philosophy was discovered specifically to say, "I am no longer your property. I am no longer a serf. I can say whatever I please." It was a rebellion against the old feudal system where humans did not own themselves, but instead were owned by the manor's master or lord.
That was very informative. Thanks. However, that is what rights were in the beginning. And since we no longer live in a feudal society (although it's not too far either), the definition calls for revision.
Re: (Score:1)
[...] you have no rights because anything you have, or are could be taken by force.
Provided the statement above is true, 'rights' would simply be a belief. And as with any belief system, they are non-debatable. You either believe you have rights or you don't, and reality ceases to matter.
Re: (Score:2)
Re: (Score:1)
The ability to protect and enforce one's rights (even if defined in believe) is the reality of them. The government's recognition of this expands on that concept.
Of course. Beliefs are like that: it's real as long as you believe, and you act accordingly.
Re: (Score:2)
While technically correct, you're missing the point of the document. The US Constitution and the Declaration of Independence both expressly recognize that there some "natural" rights granted by a power higher than the government: "endowed by their Creator with certain unalienable Rights".
And the Bill of Rights is similar. While not "granting" the rights, per se (because they are granted by the "Creator", and cannot therefore be granted by the government), it expressly forbids the government from passing a
Re: (Score:2)
Actually, the Constitution goes further even though it is ignored wholesale. It declares any such violation to not be an act of government at all, which in theory makes whoever does it guilty of a whole host of crimes no different than if I walk up to a stranger and forceably kidnap him and lock him in a cage.
Re: (Score:2)
>>>whether there are Constitutional rights to Native Americans, children, criminals, foreigners, illegal aliens, tarrarists
Constitutional Law applies to any landmass where the US Government currently has jurisdiction. Although there are scumbag politicians who try to claim otherwise, in order to remove the shackles the constitution places on them, they are wrong. The Law is the law and applies everywhere within the US jurisdiction.
Re: (Score:2)
I am protected by this law
Show where where in that law it says you have freedom from responsibility* for your words, and I'll agree.
*Just for the sake of argument, lets say that sharing that number is a Bad Thing. Yes, I know what that number is, but I'm not here to argue whether it is a Bad Thing to share. I'm simply stating that the 1st amendment is not the be-all, end-all, do-anything-I-want-and-get-away-with-it law you seem to be implying it is. I will agree that perhaps the federal government doesn't have the power to do a
Re: (Score:2)
13,256,278,887,989,457,651,018,865,901,401,704,639 and 13,256,278,887,989,457,651,018,865,901,401,704,641
Too easy. 13,256,278,887,989,457,651,018,865,901,401,704,640.123,552,754,203,344,346,122,675
Re:Publish it on Piratebay instead (Score:5, Interesting)
It's not illegal to speak or publish your thoughts.
It's not illegal to take pictures either, but people are still being harassed for it. Those rights are regularly violated, and not enough people stand up to it to take notice. Our rights don't mean much if nobody will defend them.
Why would he be in trouble?
Precedence. People have been arrested for revealing exploits. And several conferences have been canceled in the states over these issues in the past also.
The safest bet by far is to remain anonymous. The information is more important than the guy's ego.
Re: (Score:2)
How do ATM vendors cancel a conference anyway? Shouldn't the correct response for Hack in the Box to give be a hearty fuck off?
Re: (Score:2)
Lawsuit. Everything in the US is driven by lawsuits.
Real simple. You call up the conference chairperson (or the venue where the conference is being held) and say "Our lawyer wants to thenk you for accepting liability for our ATM losses for the next six months. Of course, if you don't go ahead with the ATM security presentation we wouldn't have a case."
What do you do? I guess if you have the legal fund to stack up against the in-house counsel of a couple of banks it doesn't matter, let them threaten away
Re: (Score:2, Troll)
>>>What do you do?
Say nothing, hang up, and continue with my original plans. I will not be intimidated, even if it leads to my own imprisonment. Better to live free, than to be on my knees licking the boots of some lawyer, corporation, or politician.
Remember the Ghetto Riots in Germany? Had I been alive at the time, I probably would have been part of them. I will not walk peacefully into a shower room. Nor will I give-up my right to open my mouth and speak-out, or publish any paper I desire.
Re: (Score:2)
The proper thing to do, in that case, is to make sure you don't actually have any assets that can be recovered. It's not as if there isn't gigantic heap of ways do do that, mostly involving "incorporating" and they very words, "limited liability."
Re: (Score:2)
Re: (Score:2)
Simple.
They come in with lawyers and threaten to sue the living daylights out of them if they don't comply.
Re: (Score:1)
You missed the other "there" which should be "their."
It was just a warning shot.
Re:Publish it on Piratebay instead (Score:5, Interesting)
It's not illegal, but Big Money makes and enforce its own laws. And the most important of those laws is: we're rich and powerful, obey us or else.
Too bad nobody calls their "else". People don't know their rights anymore, or are afraid to defend them. Unfortunately with good reason because there's plenty of both public and private uniformed thugs who make up the law on the spot and exercise their might with the power of the baton.
Another decade of this, or less, and the populace will have been forced into submission, ready to do anything if ordered to by an "authority figure".
Wise up, people: organize yourselves, gather in pro-rights associations and have lawyers on your side. When a person or group of people is harassed by uniformed or suited goons, take them to court. Have the fact publicized by the press or by any means necessary. Embarass them, ridicule them, nothing kills fear more than laughter. Nothing hurts more than a good lawsuit.
A guy I knew once was just touched by a private security guard at a mall who was trying to play Dirty Harry. He immediately fell to the ground screaming like a stuck pig. A friend nearby promptly shouted "MY GOD WHAT HAVE YOU DONE TO HIM!" He remained still on the ground and another friend (female) kept screaming "MURDERER! MURDERER!"
It was PRICELESS. All caught on tape. People around gathered, and this uniformed guy was probably thinking if he had better run away or gun down everyone. Manager got called. Ambulance was called. Police appeared. Although this guy wasn't hurt, the fact that he had been pushed by the guard with no reason (seen on the CCTV when the security firm tried to exculpate themselves) was ground for criminal charged against the guard and for a big lawsuit against the firm by the mall management. The bad publicity (thing ended up on TV and papers) caused the firm to lose all contracts throughout the city and collapsed in a couple of months.
Play hard. We can win, but gloves must come off. If they shit on you, you shit back. With some diarrhoea.
Re: (Score:1)
A guy I knew once was just touched by a private security guard at a mall who was trying to play Dirty Harry. He immediately fell to the ground screaming like a stuck pig.
Good going. You blew the cover now. Your friend will not be thrown into jail and forced to pay the security company for damages.
Re: (Score:1)
So what? Good luck using that post as evidence, and the company cannot sue anyone because they do not exist anymore. They're closed, bankrupt, gone. :)
Anyway, the little scene was only needed to call attention. It was illegal for the guard to grab the guy since he hadn't given him any reason to do it, but without the drama nobody would have noticed and the manager would not have wanted to see the CCTV footage in order to avoid possible lawsuits - he had an interest in demonstrating the robocop wannabe had v
Re: (Score:1)
Remember some things: those clowns cannot even touch you unless you give them GOOD reason to do it
It also helps to know that 'these clowns' happen to be ordinary people like you (?) and me (???), and they also happen to work in a system. Whether you hate the system or not, that has nothing to do with them. And fucking with a random clown is not going to dismantle the system. It will simply remove one of its agents (the sec worker and sec company), but that's about the extent of the damage you are able to inflict. Another sec company will fill the void.
Re: (Score:1)
Well, "ordinary people" do not go around playing Dirty Harry because they believe they can. And it was not about fucking up a random agent, it was about setting an example: security firms now working in the area are far more careful, and the incident prompted the local authorities to investigate past complaints into what were correctly perceived as abuses of power on the part of overzealous (read: braindead self-sodomizing coprophage) security personnel. Abuses on the part of rent-a-thugs are now taken far
Re: (Score:1)
Dismantling the system would be nice, because a good rebuild is in order. For the moment, we can hammer out some bends, however. Don't think you cannot make a difference, that's what they want you to think. Take no shit from anyone. Organize yourselves. Defend your rights.
Point is, if people stopped taking shit from other people, the system would be considered dismantled. The reason that doesn't happen is that the system is still in place and supported by those who fall victim to it.
Re: (Score:1)
Actually that's not the case. It's only in recent times that people have stopped reacting, stopped (mostly) taking to the streets and stopped caring because there's an overwhelming feeling that the adversary is just too powerful to take on. We allowed too many "authority figures" to play Gene Hunt and make up laws on the spot, we allowed too many private interests to buy the law.
If this defeatist attitude had existed at the beginning of the Industrial Revolution, people would still be forced to work ungodly
Re: (Score:1)
they only swallow the offences down because they think there's nothing they can do.
Which basically supports the system, so it's just as good.
Re: (Score:1)
Now look, I see you're not the usual loserboy and you understand pretty well the matter. You say correctly that inaction supports the abusers, I say that we must act to correct this. I say, never swallow and offense. Never "get over it". Fight. They will always get away scot-free unless people rise up and challenge them and for every discomfort this may cause you, remember that the future holds far worse if the abusers are left unfought. It may take a million men to march and make a difference, but it takes
Re:Publish it on Piratebay instead (Score:5, Insightful)
What we really need is a "Wiki" we can "leak" things to...
what's it called again.... ermm Pirate-leaks, no Wiki-Bay
Nope can't remember the name...
Re: (Score:2)
Re: (Score:1, Insightful)
Re:Publish it on Piratebay instead (Score:4, Informative)
Here are the slides.
http://www.slideshare.net/null0x00/raoul-nullcon2010-day1 [slideshare.net]
He gave this presenation at nullcon already. Nothing too creepy there...
M
Re:Publish it on Piratebay instead (Score:5, Informative)
He edited out the "creepy" slides (37 and 39).
Re: (Score:3, Funny)
Yeah, I hear there were graphic depictions of live naked taranatulas on both slides, glad he pulled them.
M
Re: (Score:2)
They weren't just live and naked, either. I hear Arachnids Gone Wild is paying him a fortune for the originals.
Re: (Score:3, Informative)
They don't have the right, but they do have the guns and goons.
Re: (Score:1)
s^mouths^moufs^
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
If the ATM makers are slacking and don't want to fix these vulnerabilities, they should be punished .... This guy has to put these presentations up on the internet and let people read it and screw those ATMs.
Mostly vulnerabilities are in the protocols. Changing them requires updating ATMs, switches and bank software. It could be rolled out gradually, but in the meantime they would still have to support the old protocols. Its pretty easy to find information on this stuff anyway:
http://www.javvin.com/networksecurity/ATMNetworkSecurity.html [javvin.com]
This isn't dangerous in the way they claim (Score:5, Insightful)
Re:This isn't dangerous in the way they claim (Score:4, Interesting)
I don't trust ANY banks. As for ATM security, the new "chip / pin" on credit and debit cards in Europe is insecure, even more so as cards STILL have the magnetic strip on them, which has the exact same details in the chip on the magnetic strip, making the inclusion of the chip pointless.
Re: (Score:2, Insightful)
Re: (Score:1)
Re: (Score:1)
Re:This isn't dangerous in the way they claim (Score:5, Insightful)
The magnetic strip on the card contains the exact same information as on regular cards.
The chip contains the pin, if the pin is guessed incorrectly 3 times, the card will lock itself. If a chip and pin terminal senses a pin, it will not authorise a transaction without the pin (which on correct entry will cause the card to send an encrypted 'pin verified' code to the bank).
The only way chip and pin cards have been compromised (outside of cards using outdated protocols in a lab envoironment) is standard card skimming. You copy the magnetic stripe and PIN from a compromised terminal to clone the card. This only works if you use the cloned card on a non-chip and pin terminal. To do this you need to leave the country as all terminals in the UK (and other chip and pin countries) are required to be chip and pin. Nothing like someone suddenly making a massive purchase 1000 miles away in a different country 30 minutes after making one in their home country to flag up a transaction with the bank.
Basically, the only practical vulnerability at the moment for chip and pin is a vulnerability for strip only cards. There's a reason there's been massive reductions in ATM fraud in chip and pin countries.
Re: (Score:2)
There are actually exploits to extract the PIN (or otherwise make the card usable in a chip-and-PIN reader), given a lot of time and equipment applied to a given card. The terminal-card protocol has some issues, apparantly.
But the practical upshot of chip-and-PIN in most places is that, in the old system when your magstripe was duped you'd have quite limited liability, but now when you're the victim of the exact same attack you bear the entire cost (at most banks) because "you must have told someone your P
Re: (Score:2)
One of the strengths of chip and pin is that the chips on the cards themselves can carry new versions of the protocol, as well as the readers.
I (and m
Re: (Score:2)
It was incredibly unlikely to ever be used 'in the wild' as it needed expensive equiptment and older generation chip and pin cards (which are all expiring now anyway.
Sure, we're safe until electronic equipment gets smaller, faster, and cheaper. :) And the second most common weakness in electronic security systems (after poor key managment) is "fall back to less secure mode", which chip-and-PIN is plagued with. Sure, it may eventually evolve into something secure, but there's currently no end in sight for the ability to extract money from a stolen card.
It's great that the UK has that consumer protection, BTW; I wish there was more of that spirit going around.
Re: (Score:2)
Seriously? You're paranoid about letting go of your card for the 3 seconds it takes to enter the PIN? The card remains right in front of you, no more than 4cm away from your hands...
Where do you live where stealing cards at the payment terminal in full public view is so frequent that you feel a need to be paranoid about it? I've never even heard of such a case of theft/assault.
No, the real problem with the chip system is that when you put the card in the holder, the security code is facing away from you, vi
Re: (Score:2)
the public might be made aware of just how far from secure most financial transactions are.
And that is dangerous exactly how? If the public can be educated to take a few precautions that will keep their accounts and financial data more secure, that's a good thing. If the public comes to understand that the risks involved with certain products or services are too high, they might not buy them. But then the only thing that's endangered is the profit margins of the outfits trying to sell us this garbage.
Re: (Score:2)
Think of it this way - with computer exploits, you often have a small group that has a bunch of exploits they keep under lock and key in order to pull of the jobs they want to do. But you've got a LOT of people who, if given a tool to take advantages of those exploits, wo
ahh yes... (Score:1)
Security through obscurity, we all know how well that works... *sigh
Actually it can work very well (Score:2)
A large amount of criminals are rather dumb. That is often why they choose a life of crime. In particular, someone who is going to go around trying to hack ATMs is pretty dumb. You aren't going to get a whole lot of money out of them. If the hack is based around someone's particular account, you'll get a max of like $500 per day for an account, that is generally the highest you see withdrawal limits (if you need more you go in the bank). Even if you could get the ATM to empty itself, you'd get maybe $10,000
Re: (Score:2)
You're attempting to give an example where obscurity can have some value towards the security of the system. It sounds convincing, but I am not entirely sold that the people performing ATM fraud are that inept. There are some pretty sophisticated people out there that will obtain the information regardless of how privileged it is.
I do get your point. However, let's assume you are entirely correct and obscurity is a worthwhile consideration in security. It does not make it right, legal, or ethical to forc
Black hat confrence? (Score:5, Insightful)
in the USA?? I would not recommend that at all. Just put it on the net from a secure location..
Re: (Score:2)
Have the Chinese host it.
Dear China: Please host this to show the decadent capitalist pigs who are enslaved by the banks how their system is screwing them over.
Uh yah, please do. China doesn't have banks, laws, or lack of freedom of speech after all. Go for it dude.
Re: (Score:1)
:-) You didn't RTFA!
For your edification: This unexpected development makes me wonder if Barnaby Jack's previously thwarted demonstration will actually take place at this year's Black Hat USA taking place later this month.
HTH...
It always backfires (Score:5, Interesting)
Remember when Jeff Moss had his talk cancelled, or Kim Zetter? All it did was make people salivate to read thier presentation when they released it online at a later date. The last thing you want to do to this demographic is tell them the info is "too dangerous (see awesome) for them to hear. It will be everywhere with in the week.
Re: (Score:1)
Remember when Jeff Moss had his talk cancelled, or Kim Zetter? All it did was make people salivate to read thier presentation when they released it online at a later date. The last thing you want to do to this demographic is tell them the info is "too dangerous (see awesome) for them to hear. It will be everywhere with in the week.
This is exactley right, in the precious words of my 18 months old neice "Hahaha, you can't tell me no."
Funny (Score:1, Interesting)
Slides are sanitized (Score:4, Informative)
Even though this is not the first time that ATM vendors prevented a security researcher to publicly disclose findings about flaws in their devices at a conference, this instance is really surprising, since Chiesa held this same presentation at a couple of security conferences already, and the slides he employed are also available [slideshare.net] online.
The thing is these slides are sanitized, the details of the ATM attack were removed.
Does anybody know where to find a non-sanitized version?
or...you could.... (Score:1)
They could try to intimidate you and say stop and desist everybody, but I have to wonder, if by doing this they are not giving the illusion that ATMs are safe. I applauded the effort that one consultant did security wise about the flaw with microsoft, and then turning around and posting on youtube (or whatever) the flaw ....so that M$ could not hide behind their usual crap....they were forced to fix it right away and issue a patch, this tends to let me think the same with this situation, disclose the proble
Re:you'd rather your bank was burgled? (Score:5, Insightful)
you'd rather your bank was burgled?
No, I'd rather hold the bank responsible for any loss. They should have to replace the money. With that kind of incentive, they might actually try to make their systems a bit more secure. An important step in this direction would be to quit using cheap commodity systems in their networks.
Re: (Score:2)
Re: (Score:2)
What decade are you living in? Banks don't bear costs, taxpayers do in the form of bailouts. If the government is just going to print money to give to the banks, why not instead go with a simpler system where a fraudulent ATM withdraw is simply not recorded as a debit to any account? Same inflation either way ...
Re: (Score:1, Insightful)
Try watching "Corrupt Banking System" on Youtube...
You obviously don't know what the Fractional Reserve system is, nor that the banks now OWN all of us, since we can never produce enough goods or labour to pay off all the debts that the banks are allowed to print out of thin air...
Re: (Score:1)
Any devaluation that may be happening with the dollar is irrelevant to this discussion. Chewbacca would have been more relevant to the discussion.
The banks will do what they always do: pass any costs plus a hefty markup to the consumer. The banks make more money on fees and penalties than they ever did as honest bankers. Like they do now. $3.00 ATM fees?!? The transaction is pretty much free to them. Sure , they have a lot of bogus "costs" they say they incur, but the fact of the matt
Re:you'd rather your bank was burgled? (Score:5, Insightful)
presenting this information can only decrease the security and value of your savings.
You're an idiot.
As the article states, the information is already known by the bad guys. Keeping it secret helps the bad guys, and hurts everyone else. Making it public will encourage the banks to fix the vulnerabilities, which will increase the security and value of my savings.
anyone that argues that the information needs to be public is probably broke.
No, the people who argue that the information needs to be public actually understand the issue here.
Re: (Score:2)
It seems to me that the people who understand the issue here the most have been intimidated into inaction by people who might or might not understand the issue but understand that revealing any flaws in their methods would mean less profit for them, and that's all they care about.
Re: (Score:2)
Re: (Score:2)
There is such a tendency on /. to think in black and white.
It's already known by some bad guys. How widely known is another matter altogether - are they discussing it openly on web forums? Discussing it openly on web forums which require registration and somebody who's already on the forum to vouch for you before they'll let you view anything? Discussing it on Usenet? Discussing it under blankets in a locked room after dark?
How widely is it being exploited in the wild? How much is being lost every year
Re: (Score:1, Flamebait)
so EVERY bad guy, including would-be bad guys, already know this? do you know it? how about you post it as an anonymous response to this comment.... i mean, it's everywhere, right?
Oh yes, because the fact that someone far removed from the problems doesn't know the details of it prove that no one could possibly already know the details. I mean, it's so obvious, no security issues exist, because I don't know about them, so if I don't know about them, then no one can, because they can't be well known. IT'S PERFECTLY REASONABLE LOGIC! /sarcasm
you mean the issue where more exposure can only lead to more exploitation, and degradation of the value of a dollar?
*citation needed*
are offenders currently prosecuted and convicted?
Probably not. It's kind of hard to arrest and prosecute someone for doing something you don't even know is possible...
if the specific exploit was plugged, would others ALWAYS still exist?
Ah yes, the
Re: (Score:1)
LOL. No information is "criminal" or "non-criminal". Information is just information and it's good for people to know just how secure the machines they rely on to handle their cash is. Those ATM vendors were just scared that people could know how insecure their hardware and software was, and that they would have to spend money (SHOCK! HORROR!) to address the issue. Better to silence those dangerous "citizens", in the interest of corporate buggery.
Run, coward, run. I live. I hunger. Beware.
Re: (Score:1)
"the flaws are purposefully left in the ATMs to detract would be thieves from arming themselves and stealing money from banks "the old fashioned way".
LOOOOOL! Congratulations, loserboy. You're eligible for the Most Gullible Idiot in the World Award! Either that, or you're a low-level employee of some ATM maker. Either way, my diarrhoea is your shampoo.
Trust your masters, loserboy. Give them all of your money. Do as they say, they know what's better for you. Right.
Re: (Score:2, Interesting)
Says the moron that thinks ignoring the problem is as good as fixing it.
Re: (Score:3, Insightful)
Never argue with a man who cannot learn how to operate the "Shift" key.
Re: (Score:2)
Publication, or the threat thereof is the only way that this problem will get addressed. According to this researcher, these exploits are being used by criminals right now. Its the ATM companies that want this covered up, so that they can present their machines as "totally secure", when in fact they're riddled with more holes than Swiss cheese.
In fact, publication would help the banks, as they would be able to test ATMs to see which ones were vulnerable. This would allow them to hold the ATM vendors acco
Re: (Score:1)
so EVERY bad guy, including would-be bad guys, already know this? do you know it? how about you post it as an anonymous response to this comment.... i mean, it's everywhere, right?
Actually, probably everybody on this conference knows about this already.
Also it's not like he gives a step by step presentation on how to get cash out of an ATM.
Re: (Score:1)
where are all the headlines pointing out how easily tumbler locks can be opened?
This isn't a headline of how easy it is to bypass ATM security, per se (as what you're implying), this is if, for example, Schlage or Master tries to tell a locksmith that he cannot give a presentation on some of the vulnerabilities of a padlock. There are ALREADY dozens of books out there for sale in major bookstores and Amazon.com detailing how to pick locks -- describing techniques and tools (and some books tell you where to obtain these tools). The lock-making companies have responded not by attempti