Slashdot Mirror

← Back to Stories (view on slashdot.org)

Graphics Programs Uncover Secret PINs

Posted by Zonk on from the not-so-secret-then dept.

Errtu76 writes "The BBC is running a story stating that, among other programs, The Gimp and Photoshop have been identified as possible tools for uncovering PINs via the mail." From the article: "The researchers collected lots of so-called Pin mailers and then tested how secure they were. Many were defeated using bright lights shone at an angle on to the paper. Other Pins could be read by scanning the letter and then adjusting some of the image qualities in popular programs such as GIMP, Adobe Photoshop and Paintshop Pro."

9 of 363 comments (clear)

  1. Re:Mail security? by Anonymous Coward · · Score: 1, Informative

    I've lost a couple of credit cards in the post over the last twelves months - dodgy posties - it appears a common problem in the UK. Now have my cards delivered to the local bank office and pick them up myself.

    I digress but I also lost £100 worth of xmas presents thanks to Royal Mail staff on xmas eve last year. Because I was at work, they thought it was a good idea to leave the parcels in my refuse bin at 8am. Guess what happens at 9am every Friday.....

  2. Re:two sheets of mylar by Pig+Hogger · · Score: 4, Informative
    I've always wondered why they didn't just slip some mylar film into those mailers. Mylar was designed in wartime as radar chaff, but is more likely seen today as the bag around your snack or a helium balloon.
    If you look carefully, metallized mylar is not opaque (mylar itself is quite transparent), just like any sufficiently metal film.
  3. Re:DUSTER! by bigattichouse · · Score: 2, Informative

    forgot.. in a reasonably non-humid atmosphere, the fluid evaporates without condensing too much water.. leaving the envelope not too much worse for wear.

    --
    meh
  4. And it goes a little something like this... by McTaggart · · Score: 2, Informative

    You edit curves and drag the centre of the curve down a bit I believe. Also useful for reading notes on the page underneath the one they were written on.

  5. Other ways of reading the PINs by RagingChipmunk · · Score: 2, Informative

    In the book "Spy Catcher" (late 80s) an ex-MI5 guy writes the various ways they used to read the contents of letters without opening the envelope. One clever was was to use a long, thin strip of bamboo to "twirl" the letter around inside the envelope and read it as it was 'scrolling' by.

    Other, easier ways include spraying the envelope with automotive-freon. The envelope becomes transparent while wet, and within seconds the freon completely evaporates.

    Other inventive ideas: Use a strand of high quality fiber optics to have a peek inside.

    Point being, wouldnt it be far more sensible to NOT include the PIN ?!?! Duh.

    --
    The only PT Boat Journal on the web: http://www.PT171.org
  6. Non photographic blue ink by Anonymous Coward · · Score: 2, Informative

    Why don't they just use non photographic blue ink? It won't show up on xerox's and near impossible to make it show up properly on a scanner, especially if it was obfuscated by the envelope. If no one here knows, you can get non photographic blue pencils, comic artists frequently use them so the inker doesn't have to do as much clean up before they start doing the color layers.

  7. Re:Criminal by Anonymous Coward · · Score: 1, Informative

    On any bank card or credit card, the PIN is not on the card. Card number is encoded on the card. PIN is in the bank and in the mailing. The mailing should be destroyed by the recipient.

  8. Re:Provide PIN over the phone? by Charles+Dodgeson · · Score: 2, Informative
    I would think that this type of a system not only thwarts your average pickpockets and mail thieves, but also more ambitious criminals who are willing to go a step further. You'd have to 1) either fake the originating phone #, 2) break into the owner's home and get the actual PIN using their own phone, or 3) have personal details like last four of a SSN-type number, address, birthdate, etc., and by that time the problem is bigger than a stolen PIN.
    Faking a caller line ID is easy. Any modern PBX system can do it, such as asterisk. As for your number three, that information is much easier to get then a PIN.
    --
    Prime numbers are exactly what Alan Greenspan says they are -S. Minsky
  9. Re:Applicability to "Scratch and Save" Coupons? by sjmurdoch · · Score: 3, Informative

    The report (PDF 767kB) deals with the type of PIN mailers where the PIN is printed on the top layer of the paper, but there is a "scramble pattern" underneath it which prevents you from reading the PIN. The scramble pattern is either peeled away or scratched off. If you can pick out the difference between the toner and the scramble pattern you can read the PIN.

    I guess what you are talking about is where the data is printed then covered with a scratch off layer. This technology is common for lottery cards but I have never heard of it being used for PINs. Here you need to see through this layer to get at the data underneath, so the tricks mentioned in the report won't work.

    (I am one of the authors of the report)

    --
    Steven Murdoch.
    web: http://www.cl.cam.ac.uk/users/sjm217/