Slashdot Mirror

← Back to Stories (view on slashdot.org)

Graphics Programs Uncover Secret PINs

Posted by Zonk on from the not-so-secret-then dept.

Errtu76 writes "The BBC is running a story stating that, among other programs, The Gimp and Photoshop have been identified as possible tools for uncovering PINs via the mail." From the article: "The researchers collected lots of so-called Pin mailers and then tested how secure they were. Many were defeated using bright lights shone at an angle on to the paper. Other Pins could be read by scanning the letter and then adjusting some of the image qualities in popular programs such as GIMP, Adobe Photoshop and Paintshop Pro."

28 of 363 comments (clear)

  1. It's become sentient by Anonymous Coward · · Score: 5, Funny

    OMFG the Gimp icon just looked at me

    1. Re:It's become sentient by DenDave · · Score: 2, Funny

      it's oogling us! Beware the gimp ain't asleep... other than that I love it when an article has a "Mr. Bond" my imagine runs wild and I can just see Sean Connery holding a sheet of paper into the light and saying "well I'll just get this off to Q, now get me another vodka-martini, shaken, not stirred.." BTW vodka martini shaken is absolutely delicious! Just make sure you get dry martini! hrmmm *thinking* it's friday, my pal the bartender is working tonight... yep.. time to don the white dinner jacket and light up a cuban... *mumbling* nobody does it better....

      --
      -if at first you don't succeed, stay the heck away from paragliding.
    2. Re:It's become sentient by intangible · · Score: 2, Funny

      I'd much rather have to deal with this gimp instead of the one from Pulp Fiction.

  2. 1 out of 2 by suso · · Score: 2, Funny

    Now, if only they'd make a program that let's me remotely break into people's mailboxes and steal their mail. Then I'd be all set.

    1. Re:1 out of 2 by robslimo · · Score: 3, Funny

      Agreed. I was wondering how this had anything to do with "Your Rights Online," but a remote mailbox exploit might do the trick.

      Let's get cracking.

    2. Re:1 out of 2 by rf0 · · Score: 3, Funny

      I've been seeing people recommending that you now write password down on postits on your montor as its actually more secure than most online passwords now days

      rus

      --
      Cheap UK and US VPS
    3. Re:1 out of 2 by ArsonSmith · · Score: 4, Funny

      I use passwdgen and make 3-5 passwords and write them on sticky notes and stick to my monitor. Kinda funny when people ask, "Arent you the security guy?"

      --
      Paying taxes to buy civilization is like paying a hooker to buy love.
    4. Re:1 out of 2 by Qil'elPhil · · Score: 4, Funny

      I think the point is that none of the passwords on the sticky note are actually in use.

      Which begs the really Zen-like question:

      "If a password is not in use, is it really a password or just a bunch of letters and numbers (and whatever else you use)?"

      --
      This sig is made from 100% recycled bytes. No keys were typed in the creation process.
  3. Don't tell me... by It+doesn't+come+easy · · Score: 4, Funny

    No one knew until now that scanning a document in black and white and adjusting the black/white threshold value can make it easier to read marginal text? Wow. Sounds like a patent application to me. Whatever.

    --
    The NSA: The only part of the US government that actually listens.
  4. PIN Number by Anonymous Coward · · Score: 1, Funny

    Maybe people will quit calling them Personal Identification Number numbers.

    1. Re:PIN Number by maxwell+demon · · Score: 1, Funny

      Not to forget the popular Liquid Crystal Display display.

      --
      The Tao of math: The numbers you can count are not the real numbers.
    2. Re:PIN Number by syrinx · · Score: 2, Funny

      How else will we access our accounts in the ATM machines, other than by putting in our PIN numbers and reading the LCD display?

      --
      Quidquid latine dictum sit, altum sonatur.
    3. Re:PIN Number by Anonymous Coward · · Score: 1, Funny

      I suppose you could call it a PI number but then everybody would be trying to enter 3.14159... in the AT machine...

    4. Re:PIN Number by xtracto · · Score: 3, Funny

      Man... I really hate those TLA acronyms...

      --
      Ubuntu is an African word meaning 'I can't configure Debian'
  5. Mail security? by Splintax · · Score: 1, Funny

    I think one of the issues here is mail security.

    I mean come on, how expensive is it to get a damn lock on your mailbox? :-\

  6. Re:two sheets of mylar by Mignon · · Score: 4, Funny
    Mylar was designed in wartime as radar chaff

    How well does it work at blocking CIA mind-control rays? I'm worried that my tinfoil hat isn't up to the task against their post-9/11 spy satellite upgrades.

  7. The usual /. Spin by Xentor · · Score: 2, Funny

    Yes, that's right... Big, powerful headline... Why not just say something like:

    "All your pin are belong to GIMP!"

    This has nothing to do with the graphics programs and everything to do with bad-quality printing methods.

    --
    "The amount of intelligence on this planet is a constant. The population is growing." -Cole's Axiom
  8. My 100% effective solution by Anonymous Coward · · Score: 2, Funny

    Wrap the PIN mailings inside bank notes. All these programs should have banknote scanning prevention as Uncle Sam mandates, so covering the mailings inside of bank notes should solve the PIN theft problem. If this causes the currency theft problem to rise, we can simple wrap the currency inside gold leaf.

  9. Re:Bah. by Poromenos1 · · Score: 2, Funny

    Haha, probably. But then the mods were also redundant by modding it as redundant twice :p

    --
    Send email from the afterlife! Write your e-will at Dead Man's Switch.
  10. Re:two sheets of mylar by maxwell+demon · · Score: 2, Funny

    Don't worry. The fact that you still worry shows that mind control still doesn't work. It's when you stop worrying, then you should worry.

    --
    The Tao of math: The numbers you can count are not the real numbers.
  11. Just Great! by miTTio · · Score: 1, Funny

    "Poor print exposing Pin numbers"

    If some has my Personal Identification Number Number, they may use it in an Automatic Teller Machine Machine.

  12. Dr Nick by kevin_conaway · · Score: 5, Funny

    In the immortal words of Dr. Nick's Diet:

    "If you're unsure about something, rub it against a piece of paper. If the paper turns clear, its your window to weight gain!"

    Have fun eating greasy chicken and stealing PIN numbers

    / Thats right, I said PIN Number.

    // On my way to the ATM machine.

  13. RFC - SPIT and the digitalisation of all paper by ACORN_USER · · Score: 2, Funny
    I'm sick to death with paper and important papers in particular. I think that in this day and age, it is really a joke that I have worry about draws filled with crumpled and unread letters printed in red ink.

    With all the fuss over identity theft and so forth, I propose SPIT ( Spit on PDA Id Tracking )which boils down to a Pocket PC's which you SPIT on. After your spit has been authenticated, you can use your snot key to decrypt all documents which were previously paper based!

    Please feel free to contribute your own spit to this new project.

  14. Re:Better recourse by cdn2k1 · · Score: 5, Funny

    No, beer keeps honest men lazy.

  15. Re:Better recourse by Anonymous Coward · · Score: 1, Funny

    But wouldn't it just be easier to hit strangers about the head with a sock of nickels and take their cash?

    If I had a sock full of nickels, I wouldn't need to take cash from strangers by force.

  16. That's all we need... by cdn2k1 · · Score: 2, Funny

    is for GIMP and Photoshop to be found illegal under the Patriot Act...

  17. ego inflation by dan+the+person · · Score: 4, Funny

    I knew this article would eventually make it to slashdot after i saw the rare mention of the GIMP in mainstream media...

  18. Re:Better recourse by Frank+T.+Lofaro+Jr. · · Score: 3, Funny

    Well in the military, "denial devices" are not something you'd ever want to encounter, so "delaying devices" is usually what you use. :)

    Hitting strangers with a sock of nickels isn't Slashdot worthy. Hiting them with a sock full of RFID identification tags is. :)

    --
    Just because it CAN be done, doesn't mean it should!