Slashdot Mirror

← Back to Stories (view on slashdot.org)

Graphics Programs Uncover Secret PINs

Posted by Zonk on from the not-so-secret-then dept.

Errtu76 writes "The BBC is running a story stating that, among other programs, The Gimp and Photoshop have been identified as possible tools for uncovering PINs via the mail." From the article: "The researchers collected lots of so-called Pin mailers and then tested how secure they were. Many were defeated using bright lights shone at an angle on to the paper. Other Pins could be read by scanning the letter and then adjusting some of the image qualities in popular programs such as GIMP, Adobe Photoshop and Paintshop Pro."

10 of 363 comments (clear)

  1. And hence.. by domipheus · · Score: 5, Insightful

    And hence the reason for sending the pin seperately from the card becomes clear.

    Nothing to see here... yet again.

  2. Securely store or shred by Winterblink · · Score: 4, Insightful

    Me, whenever I get one of these things I either shred the bejesus out of it or store it in a secure place. I NEVER trust the trash for things like this, or even receipts from places I use my credit card. Lots of them still print the whole number on the paper. :/

    --
    "I'm a leaf on the wind. Watch how I soar."
    -Hoban Washburn
  3. Next you'll tell us... by Gopal.V · · Score: 4, Insightful

    To carry your ATM card in tin-foil faraday cage because it can be read by a device hidden in your office elevator ?.

    PIN codes are just there to protect a person's card from random pickpocketing. Also this "exploit" needs access to the mail containing the PIN , before the user reads it and changes it. It is very unlikely that somebody will be able to do this easily - the obvious suspects being your kid brother who signed for your credit card when it came at your home and your shopping crazy sister. It needs very clear physical access on day-to-day basis.

    This belongs in the same category as mothers steaming opening letters - maybe you should read Saki's shock tactics about how to handle that scenario.

    --
    Quidquid latine dictum sit, altum videtur
  4. Overhyped title by Iriel · · Score: 5, Insightful

    The key point of this article (before the industry response) is not about some great new way to use photo editing software to steal someone's PIN number. The majority of it discusses the dangers of using new methods of mailing PIN and passwords that can be read by the HUMAN EYE, sometimes with no more technology than the ability to tilt the paper and shine a bright light.

    The problem is not with the gimp or photoshop, but poor printing techniques that could put your 'secure' password information at risk with the simplest of methods. It still deserves a mention in YRO because I've even had a few letters mailed to me with PIN information like this. The letter had already been partially broken on one side due to handling, and I could see the PIN in the sunlight through the thin sheet even though that thin sheet is meant to let you know if someone has tampered with your information.

    --
    Perfecting Discordia
    www.stevenvansickle.com
  5. Re:Better recourse by avalys · · Score: 4, Insightful

    locks only keep honest men out

    An honest man keeps himself out.

    --
    This space intentionally left blank.
  6. Re:1 out of 2 by Asprin · · Score: 5, Insightful


    Unfortunately, I think your point is going to be lost on some people.

    While the article certainly has a point in pointing out the problem, at least in this scenario the criminal has to hit his targets old school: manually and one-at-a-time. This is a time-consuming, slow process that forces them to be in the geographic neighborhood of their victims.

    I am more concerned about security privacy issues with data stored online, where you can hack a database 3,000 miles away and get 10 million PINs in an afternoon. Now *that's* an increase in productivity.

    --
    "Lawyers are for sucks."
    - Doug McKenzie
  7. Criminal by PhYrE2k2 · · Score: 4, Insightful
    Opening or intercepting mail (at least in the US and Canada) not addressed to you is a criminal offense. So we're already talking criminals who have to commit an offense here in order to do so. At that point, why not open it? You're already stealing mail, you're about to steal a PIN number and hence some money from a bank where you'll be on video camera, who not just open the damn message- the person won't know for a few days that it's not arrived yet.

    When did a criminal get this sudden hit of "oh my- what am I doing- I can't _OPEN_ this letter! I'll just scan it and see what i can find". This is someone who already intercepted mail and is about to commit fraud. Just open the envelope and call it a day.

    FYI: From the Canada Post Corporation Act
    Every person commits an offence who, except where expressly authorized by or under this Act, the Customs Act or the Proceeds of Crime (Money Laundering) and Terrorist Financing Act, knowingly opens, keeps, secretes, delays or detains, or permits to be opened, kept, secreted, delayed or detained, any mail bag or mail or any receptacle or device authorized by the Corporation for the posting of mail.

    Every person commits an offence who unlawfully and knowingly abandons, misdirects, obstructs, delays or detains the progress of any mail or mail conveyance.
    --

    when you see the word 'Linux', drink!
    1. Re:Criminal by dk.r*nger · · Score: 5, Insightful

      At that point, why not open it?

      Because you want the victim to actually recieve the letter, activate the card and not be suspicious. Otherwise you'll just have the PIN of an inactive credit card, which is worth squat/zip/nada.

      Mailing the PIN and relying on that it will arrive unread is an important part of the chain of trust on credit cards.

  8. Re:Better recourse by Have+Blue · · Score: 4, Insightful

    "Integrity means doing the right thing when no one is watching." -anonymous

  9. Re:Better recourse by ArsonSmith · · Score: 5, Insightful

    No, Locks keep lazy men honest.

    --
    Paying taxes to buy civilization is like paying a hooker to buy love.