eGospodarka.pl
eGospodarka.pl poleca

eGospodarka.plFinanseGrupypl.biznes.bankiCitibank - blokuje info o problemach z bezpieczenstwem › Citibank - blokuje info o problemach z bezpieczenstwem
  • Path: news-archive.icm.edu.pl!pingwin.icm.edu.pl!news.icm.edu.pl!news.nask.pl!news.ip
    artners.pl!not-for-mail
    From: Sterowany ludojad <l...@l...dot>
    Newsgroups: pl.biznes.banki
    Subject: Citibank - blokuje info o problemach z bezpieczenstwem
    Date: 21 Feb 2003 09:26:54 GMT
    Organization: Internet Partners
    Lines: 73
    Message-ID: <s...@g...softwired.wfc>
    Reply-To: f...@T...na.grubych.nogach.pl
    NNTP-Posting-Host: 217.153.17.69
    Mime-Version: 1.0
    Content-Type: text/plain; charset=iso-8859-2
    Content-Transfer-Encoding: 8bit
    X-Trace: news2.ipartners.pl 1045819614 36265 217.153.17.69 (21 Feb 2003 09:26:54 GMT)
    X-Complaints-To: a...@i...pl
    NNTP-Posting-Date: 21 Feb 2003 09:26:54 GMT
    User-Agent: slrn/0.9.7.4 (Linux)
    Xref: news-archive.icm.edu.pl pl.biznes.banki:223077
    [ ukryj nagłówki ]


    Wczoraj na BugtraQ pokazasł się post informujący o próbie zablokowania
    przez Citibank informacji o potencjalnej dziurze w bezpieczeństwie kart
    płatniczych.
    Chodzi o to, że pracownicy Citibanku mogą w banalny sposób (jak twierdzi
    autor) zdobyć PIN-y do kart płatniczych klientów Citibank.

    Więcej:
    >Citibank is trying to get an order in the High Court today gagging
    >public disclosure of crypto vulnerabilities:
    >
    > http://www.cl.cam.ac.uk/ftp/users/rja14/citibank_gag
    .pdf
    >
    >I have written to the judge opposing the order:
    >
    > http://www.cl.cam.ac.uk/ftp/users/rja14/citibank_res
    ponse.pdf
    >
    >The background is that my student Mike Bond has discovered some
    >really
    >horrendous vulnerabilities in the cryptographic equipment
    >commonly
    >used to protect the PINs used to identify customers to cash
    >machines:
    >
    > http://www.cl.cam.ac.uk/TechReports/UCAM-CL-TR-560.p
    df
    >
    >These vulnerabilities mean that bank insiders can almost
    >trivially
    >find out the PINs of any or all customers. The discoveries
    >happened
    >while Mike and I were working as expert witnesses on a
    >`phantom
    >withdrawal' case.
    >
    >The vulnerabilities are also scientifically
    >interesting:
    >
    > http://cryptome.org/pacc.htm
    >
    >For the last couple of years or so there has been a
    >rising tide of
    >phantoms. I get emails with increasing frequency
    >from people all over
    >the world whose banks have debited them for ATM
    >withdrawals that they
    >deny making. Banks in many countries simply
    >claim that their systems
    >are secure and so the customers must be
    >responsible. It now looks like
    >some of these vulnerabilities have also been
    >discovered by the bad
    >guys. Our courts and regulators should make
    >the banks fix their
    >systems, rather than just lying about
    >security and dumping the costs
    >on the customers.
    >
    >Curiously enough, Citi was also the bank
    >in the case that set US law
    >on phantom withdrawals from ATMs (Judd v
    >Citibank). They lost. I hope
    >that's an omen, if not a precedent ...
    >
    >Ross Anderson



    Co sądzić o banku, który stara się blokować takie informacje?


    fifka
    --
    Pozdrowienia dla babci Helenki

Podziel się

Poleć ten post znajomemu poleć

Wydrukuj ten post drukuj

Najnowsze wątki z tej grupy


Najnowsze wątki

Grupy

Szukaj w grupach

Eksperci egospodarka.pl

1 1 1

Inne grupy