Slashdot Mirror

← Back to Stories (view on slashdot.org)

Graphics Programs Uncover Secret PINs

Posted by Zonk on from the not-so-secret-then dept.

Errtu76 writes "The BBC is running a story stating that, among other programs, The Gimp and Photoshop have been identified as possible tools for uncovering PINs via the mail." From the article: "The researchers collected lots of so-called Pin mailers and then tested how secure they were. Many were defeated using bright lights shone at an angle on to the paper. Other Pins could be read by scanning the letter and then adjusting some of the image qualities in popular programs such as GIMP, Adobe Photoshop and Paintshop Pro."

8 of 363 comments (clear)

  1. It's become sentient by Anonymous Coward · · Score: 5, Funny

    OMFG the Gimp icon just looked at me

  2. And hence.. by domipheus · · Score: 5, Insightful

    And hence the reason for sending the pin seperately from the card becomes clear.

    Nothing to see here... yet again.

  3. Overhyped title by Iriel · · Score: 5, Insightful

    The key point of this article (before the industry response) is not about some great new way to use photo editing software to steal someone's PIN number. The majority of it discusses the dangers of using new methods of mailing PIN and passwords that can be read by the HUMAN EYE, sometimes with no more technology than the ability to tilt the paper and shine a bright light.

    The problem is not with the gimp or photoshop, but poor printing techniques that could put your 'secure' password information at risk with the simplest of methods. It still deserves a mention in YRO because I've even had a few letters mailed to me with PIN information like this. The letter had already been partially broken on one side due to handling, and I could see the PIN in the sunlight through the thin sheet even though that thin sheet is meant to let you know if someone has tampered with your information.

    --
    Perfecting Discordia
    www.stevenvansickle.com
  4. Re:1 out of 2 by Asprin · · Score: 5, Insightful


    Unfortunately, I think your point is going to be lost on some people.

    While the article certainly has a point in pointing out the problem, at least in this scenario the criminal has to hit his targets old school: manually and one-at-a-time. This is a time-consuming, slow process that forces them to be in the geographic neighborhood of their victims.

    I am more concerned about security privacy issues with data stored online, where you can hack a database 3,000 miles away and get 10 million PINs in an afternoon. Now *that's* an increase in productivity.

    --
    "Lawyers are for sucks."
    - Doug McKenzie
  5. Dr Nick by kevin_conaway · · Score: 5, Funny

    In the immortal words of Dr. Nick's Diet:

    "If you're unsure about something, rub it against a piece of paper. If the paper turns clear, its your window to weight gain!"

    Have fun eating greasy chicken and stealing PIN numbers

    / Thats right, I said PIN Number.

    // On my way to the ATM machine.

  6. Re:Better recourse by ArsonSmith · · Score: 5, Insightful

    No, Locks keep lazy men honest.

    --
    Paying taxes to buy civilization is like paying a hooker to buy love.
  7. Re:Better recourse by cdn2k1 · · Score: 5, Funny

    No, beer keeps honest men lazy.

  8. Re:Criminal by dk.r*nger · · Score: 5, Insightful

    At that point, why not open it?

    Because you want the victim to actually recieve the letter, activate the card and not be suspicious. Otherwise you'll just have the PIN of an inactive credit card, which is worth squat/zip/nada.

    Mailing the PIN and relying on that it will arrive unread is an important part of the chain of trust on credit cards.