eGospodarka.pl
eGospodarka.pl poleca

eGospodarka.plFinanseGrupypl.biznes.bankiCitibank - blokuje info o problemach z bezpieczenstwemCitibank - blokuje info o problemach z bezpieczenstwem
  • Data: 2003-02-21 09:26:54
    Temat: Citibank - blokuje info o problemach z bezpieczenstwem
    Od: Sterowany ludojad <l...@l...dot> szukaj wiadomości tego autora
    [ pokaż wszystkie nagłówki ]


    Wczoraj na BugtraQ pokazasł się post informujący o próbie zablokowania
    przez Citibank informacji o potencjalnej dziurze w bezpieczeństwie kart
    płatniczych.
    Chodzi o to, że pracownicy Citibanku mogą w banalny sposób (jak twierdzi
    autor) zdobyć PIN-y do kart płatniczych klientów Citibank.

    Więcej:
    >Citibank is trying to get an order in the High Court today gagging
    >public disclosure of crypto vulnerabilities:
    >
    > http://www.cl.cam.ac.uk/ftp/users/rja14/citibank_gag
    .pdf
    >
    >I have written to the judge opposing the order:
    >
    > http://www.cl.cam.ac.uk/ftp/users/rja14/citibank_res
    ponse.pdf
    >
    >The background is that my student Mike Bond has discovered some
    >really
    >horrendous vulnerabilities in the cryptographic equipment
    >commonly
    >used to protect the PINs used to identify customers to cash
    >machines:
    >
    > http://www.cl.cam.ac.uk/TechReports/UCAM-CL-TR-560.p
    df
    >
    >These vulnerabilities mean that bank insiders can almost
    >trivially
    >find out the PINs of any or all customers. The discoveries
    >happened
    >while Mike and I were working as expert witnesses on a
    >`phantom
    >withdrawal' case.
    >
    >The vulnerabilities are also scientifically
    >interesting:
    >
    > http://cryptome.org/pacc.htm
    >
    >For the last couple of years or so there has been a
    >rising tide of
    >phantoms. I get emails with increasing frequency
    >from people all over
    >the world whose banks have debited them for ATM
    >withdrawals that they
    >deny making. Banks in many countries simply
    >claim that their systems
    >are secure and so the customers must be
    >responsible. It now looks like
    >some of these vulnerabilities have also been
    >discovered by the bad
    >guys. Our courts and regulators should make
    >the banks fix their
    >systems, rather than just lying about
    >security and dumping the costs
    >on the customers.
    >
    >Curiously enough, Citi was also the bank
    >in the case that set US law
    >on phantom withdrawals from ATMs (Judd v
    >Citibank). They lost. I hope
    >that's an omen, if not a precedent ...
    >
    >Ross Anderson



    Co sądzić o banku, który stara się blokować takie informacje?


    fifka
    --
    Pozdrowienia dla babci Helenki

Podziel się

Poleć ten post znajomemu poleć

Wydrukuj ten post drukuj

Najnowsze wątki z tej grupy


Najnowsze wątki

Grupy

Szukaj w grupach

Eksperci egospodarka.pl

1 1 1

Inne grupy