SEARCH RESULTS
 
Showing 1-10 of 59 records
 
Expand article

.. and now - PIN stealing..

2008-06-19 10:38:00 by Random InfoSec Guy in Security Coin
 
...PINs. PIN numbers - thanks to ANSI's TG3 - are encrypted with a half decent algorithm (and they are looking to strengthen that even more now). Which means that sniffing the traffic will only give you an encrypted number - something which would require a decryption key. A number of security controls like requiring dual control and split...
 
Tags: pin, pin reaches, pin offsets, fake pin pads, atm location, atm, bank pins, atm crime spree, access
 
 
 
 
Expand article

Chip & PIN terminals vulnerable to simple attacks

The Article has images
2008-02-26 20:33:32 by Saar Drimer in Light Blue Touchpaper
...PIN entry devices (PEDs) protect cardholder data. Our paper will be published at the IEEE Symposium on Security and Privacy in May, though an extended version is available as a technical report . A segment about this work will appear on BBC Twos Newsnight at 22:30 tonight We were able to demonstrate that two of the most popular PEDs in the UK...
 
Tags: peds, popular peds, protect cardholder data, peds processor, pin, cardholder data, data, encrypt data, governmental certification bodies
 
 
 
 
Expand article

Chip and PIN Vulnerable

2008-03-12 14:12:29 by schneier in Schneier on Security
 
...PIN created new vulnerabilities. In this paper (see also the press release and FAQ ), researchers demonstrated some pretty basic attacks against the system -- one using a paper clip, a needle, and a small recording device. This BBC article is a good summary of the research And also, there's also this leaked chip and PIN report from APACS, the...
 
Tags: pin, chip, pin report, pretty basic attacks, paper clip, paper, credit card signatures, trade association, bbc article
 
 
 
 
Expand article

Citibank Replaces Some ATM Cards After Online PIN Heist

2008-06-20 20:46:00 by Threat Level in Wired Security
 
In the wake of an arrest of two Brooklyn men caught with over $800,000 in cash, Citibank warns bank customers that their ATM PIN codes may have been leaked in a breach of a "third party" processor. The FBI says a hacked Citibank server was at fault
 
Tags: atm pin codes, citibank server, fbi, processor, party, breach, cash, brooklyn, fault
 
 
 
 
Expand article

ATM Communication - How Secure ?

The Article has images
2008-03-21 12:34:00 by Random InfoSec Guy in Security Coin
...PIN and Key Management for Payment Networks. ANSI has laid out strict guidelines (in their ANSI X9 TG-3 standards checklist, ANSI documents X9.8 and X9.24) for how a customer's PIN should be kept secure: how they should be stored on the card (store only the difference/offset of the encrypted PIN value and the natural PIN), what the minimum...
 
Tags: pin, pin offsets, atm, pin translation, natural pin, key, key management, atm communications, encryption key
 
 
 
 
Expand article

Central Bank of the UAE reports ATM fraud to lenders

The Article has images
2008-03-03 11:41:37 by Evan Francen in The Breach Blog
...PIN numbers, and possible other related information Breach Description The Central Bank of the UAE has issued a statement claiming that criminals installed a card skimming device and video camera on at least one ATM in the UAE. Bank card details and PIN numbers were exposed in the attack that lasted from February 19th - 25th, 2008. Every...
 
Tags: bank card details, card details, bank, bank card, atm, regular card reader, reader, customers, bank customers
 
 
 
 
Expand article

Trusted path

The Article has images
2008-04-04 21:18:17 by Editor in Security x.0
...PIN entry devices (PEDs) currently deployed in the UK (details available in their technical report ). The vulnerability arises partially from insufficient protection of the PEDs from tampering and partially from communications between the card and the device not being encrypted. This effectively breaks the trusted path between customer's card...
 
Tags: path, security, security protocol, strong security protocols, protocols, user, user terminals, common, attack vectors
 
 
 
 
Expand article

Confidential information sent to PinPay.net and SoftCard.biz is exposed

The Article has images
2008-05-08 13:26:03 by Evan Francen in The Breach Blog
...PinPay SoftCard Victims Merchants, Agents and customers Number Affected Unknown Types of Data Name, mailing address, phone number, email address, date of birth, city of birth, sex, and one or more of the following (chosen from drop-down Passport Voting ID card PAN card Driving License card Government issued ID card Social Security Card...
 
Tags: information, drivers license card, license card, card, free card, social security card, sensitive information, sensitive personal information, encrypt sensitive information
 
 
 
 
Expand article

Your 419 Mail Roundup

2008-06-25 13:29:29 by Christopher Boyd in SpywareGuide Greynets Blog
 
...PIN NUMBER which you will use to withdraw all your USD$10 Million Dollars in any ATM SERVICE MACHINE in any part of the world. You are therefore advice to contact the Head of ATM CARD Department of IBTC CHARTERED BANK PLC Contact Person: Dr. Olu James Office email address: pcfc nigeria@yahoo.com Private: +2347084501007 Office:018969906 Tell...
 
Tags: central bank, bank, magical bank card, bank draft, email address, office email address, bank immediately, lycos lottery, office
 
 
 
 
Expand article

Employee fraud at Wells Fargo Home Mortgage affects some customers

The Article has images
2008-07-08 12:58:12 by Evan Francen in The Breach Blog
...PIN), current bank account numbers and last five digits of their Social Security numbers Breach Description We have learned that a former Wells Fargo employee working in our reverse mortgage servicing department inappropriately used another customer's account information. We have taken appropriate action against this individual Reference...
 
Tags: fargo, fargo home mortgage, employee, fargo employee, reverse mortgage loan, reverse mortgage, social security, evan cool, evan