Slashdot Mirror

← Back to Stories (view on slashdot.org)

Citibank Tries to Hush ATM Crypto Vulnerability

Posted by michael on from the be-vewwy-vewwy-qweit dept.

palme999 writes "Citibank is trying to get a gag order for new vulnerabilities found in the cryptographic equipment commonly used to protect the PINs of ATM transactions. The vulnerabilities came to light during a court case involving 'phantom' ATM transactions that users deny making but that banks still charge to customers accounts because they claim their systems are secure."

23 of 385 comments (clear)

  1. ATM? I don't need no stinkin' ATM! by zmcgrew · · Score: 5, Funny

    Hehe.
    The ATM in the WalMart by us runs Windows.
    And it crashes, gives blue screens, and popup error messages all the time.

    Who needs security when the system can't even run stabily?

    --
    Location: Mt. Xinu
    1. Re:ATM? I don't need no stinkin' ATM! by spasm · · Score: 1, Funny

      really? where do you live? {grin}

  2. cool by Anonymous Coward · · Score: 1, Funny

    I've been using automated debit for years to pay all of my bills.

    Maybe I can get all of that money back.

  3. Re:in case of /. by Anonymous Coward · · Score: 2, Funny

    Nice formatting, why not go vomit on some toddlers while you're at it?

  4. Tell 'em to prove it. by Dolemite_the_Wiz · · Score: 4, Funny

    If Citibank sez that their systems are secure. Tell 'em to prove it.

    Dolemite

    --
    Save the World! Use a Quote!
  5. So easy to read! by Anonymous Coward · · Score: 2, Funny

    Thanks for making sure it looked okay!

  6. New System by alaric187 · · Score: 5, Funny

    Oh you guys, that's just Citibank's patented Security Through Litigation (tm) method. I hear it works wonders on keeping financial info secure.

  7. Submission to /. by prgammans · · Score: 5, Funny

    So they submitted it to /. to gag it for them.
    Much quicker then a court order.

  8. PINs can't work, only RSA will do. by Anonymous Coward · · Score: 1, Funny

    We should teach our kids at school how to raise a 200-digit challenge number to a secret 200-digit power, modulo a 200-digit composite public key, all in their head. Then ATM machines could use this math to achieve secure authentication.

  9. Re:and only 15minutes ago.. by kfg · · Score: 4, Funny

    For what it's worth, they're called "cash machines" here in the colonies as well.

    A west coastism is to refer to twenty dollar bills as "Yuppie Foodstamps" because cash machines only dispense twenties, and thus people who rely on them never seem to have anything but.

    KFG

  10. Credit please by grub · · Score: 2, Funny


    involving 'phantom' ATM transactions that users deny making but that banks still charge to customers accounts because they claim their systems are secure

    "Honestly, Mr. Citibank Manager, why would I guy several cases of Fort Garry Ale or Guinness? I demand you credit my account.

    --
    Trolling is a art,
  11. Coincidence..., I think not. by revery · · Score: 2, Funny

    First there was the Phantom Menace, then there was the Phantom Edit, now we have "phantom" transactions... coindidence? I think not.

    George Lucas is involved here somwhere.

    --

    I sense a great disturbance in the fiber, as if a million ATM transactions were suddenly silenced...

  12. Go back to sleep children by ralphus · · Score: 5, Funny
    Everything is ok.

    Your money is safe.

    The world is simple.

    You are with us or against us.

    Go buy yourself something, you deserve it.

    Those in charge know what they are doing and will take care of you.

    --
    Revolutions are never about freedom or justice. They're about who's going to be top dog. -- Kilgore Trout
  13. Old news by MarkGriz · · Score: 2, Funny

    A young John Connor figured out how to crack PINs way back in 1991. How is this "News" for Nerds?

    --
    Beauty is in the eye of the beerholder.
  14. Candid Camera by scottennis · · Score: 4, Funny

    Don't most ATMs have cameras now that take your picture when you do a transaction?

    When these "phantom transactions" occur, I assume there is a picture taken of a dark wraith in a hooded cloak.

    But seriously, wouldn't the bank have your picture if you had performed a transaction?

    --
    Read any good sonnets lately?
  15. What really happened.. by Metallic+Matty · · Score: 2, Funny

    Citibank Tries to Hush ATM Crypto Vulnerability..

    The problem was discovered in the syste-
    *sounds of struggle*
    Where are you throwing meeeeee...

    1. Re:What really happened.. by LoadStar · · Score: 2, Funny

      We apologise for the fault in the last post. Those responsible have been sacked.

  16. I just had a thought. . . by Rojo^ · · Score: 2, Funny
    The vulnerabilities came to light during a court case involving 'phantom' ATM transactions that users deny making but that banks still charge to customers accounts because they claim their systems are secure."
    What the fuck are there video cameras embedded in ATMs for? When do they turn on? Have my efforts to moon the bank people been completely in vain?
    --
    <:
  17. My experience with ATM cameras... by bearl · · Score: 5, Funny

    So here's my ATM camera story...

    In 1983, my first job out of college was as an internal auditor at a small regional bank that had only seven branches. We were just installing ATMs and most of our customers were elderly types who weren't interested in these new fangled computers. I, being young and more enlightened, loved them, used them all the time, and rarely carried much cash at all, preferring to just stop by a convenient ATM for a fresh withdrawal. This was in the days when banks considered ATMs as a money saver because customers would use the ATM rather than coming inside to bother a teller, thus saving the bank loads of money by reducing the number of tellers they had to employ, so there were no fees. But I digress...

    One of our older patrons had his ATM card misappropriated by a handyman, family member, or other close associate, and said villian used the card to make several large withdrawals. The customer reported the problem, we told the system to capture the card on the next use, and waited.

    Within a week, the card was used, and captured. The film from the camera was sent off (these days it's probably digital). The ATM company found that either our tellers had been ordering the wrong kind of film for our ATMs, or they had been sending us the wrong kind, or the tellers where installing it wrong, or something. They sent a note with that info to our President, explaining that the photo was probably the wrong person and wouldn't hold up in court, along with the developed photograph.

    Fortunately he read the note before he looked at the photograph, because the guy in the photo was me! He came into my office and with as serious an expression as he could manage, told me they had the photo back, and had their man (I didn't know about the problem with the film at this point). He slid open the envelope, and there in stark black and white was me, probably on a Saturday morning, unshaven and in a dirty Ramones t-shirt.

    I stuttered for a few seconds but he couldn't hold it together and started laughing. Needless to say that photo appeared all over the bank for the next several years, along with signs like "Have you seen this man?" and "Do not serve - notify security." We figured that since I used the ATM so much, I was probably on 85% of the photos on the film. The odds were pretty good that with the indexes being wrong I would come up, but it couldn't have been a worse photograph.

    Oh, eventually the real crook was caught because he came into the bank to complain that the ATM had taken "his" card and the replacement hadn't arrived yet.

  18. Re:ATMs are fallible in lots of ways by shotgunefx · · Score: 3, Funny

    I got shorted $20 dollars once. Luckily I counted it in front of the ATM (which has a video, most here do) and got really pissed off.

    I held it up and counted, like there was a little guy in there and started screaming at it. I went to my bank the next day, and the say they had to review it. A few days later they credited me. I assume one of the things they did was look at the tape.

    Now I always count it in front of the camera so if there is a problem I've got proof.

    --

    -William Shatner can be neither created nor destroyed.
  19. Re:and only 15minutes ago.. by L7_ · · Score: 3, Funny

    But there is no other way to tell if you're alive in Wisconsin unless you go to the Pulse Machine.

  20. Re:An old vulnerability by blair1q · · Score: 4, Funny

    When does he get out of prison?

  21. m$ wants sites to stay unavailable by klparrot · · Score: 2, Funny
    Click the Refresh button, or try again later.

    Gotta love how when the server gets too busy, it suggests you keep hammering it. :)