Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researcher Discovers ATM Hack, Gets Silenced

Posted by kdawson on from the wait-wait-not-yet dept.

Al writes "A researcher working for networking company Juniper has been forced to cancel a Black Hat presentation that would have revealed a way to hack into ATMs. The presentation focused on exploiting vulnerabilities in devices running the Windows CE operating system, including some ATMs. The decision to cancel was made to give the vendor concerned time to patch the problem, although the company was notified 8 months ago. The article mentions a growing trend in ATM hacking: In November 2008 thieves stole nearly $9 million from more than 130 cash machines in 49 cities worldwide. And earlier this year, the second biggest maker of ATMs, Diebold, warned customers in an advisory that certain cash machines in Eastern Europe had been loaded with malicious software capable of stealing financial information and the secret PINs from customers performing ATM transactions."

57 of 229 comments (clear)

  1. If it's an exploit for ATM *Machines*... by jeffb+(2.718) · · Score: 5, Funny

    ...it must be pretty abstract, since an "automated teller machine machine" is apparently running in emulation anyhow.

    1. Re:If it's an exploit for ATM *Machines*... by N+Monkey · · Score: 5, Funny

      ...it must be pretty abstract, since an "automated teller machine machine" is apparently running in emulation anyhow.

      No. It has to be an "ATM Machine" to in order to be able to enter a "PIN number".

    2. Re:If it's an exploit for ATM *Machines*... by idontgno · · Score: 2, Interesting

      Done.

      --
      Welcome to the Panopticon. Used to be a prison, now it's your home.
    3. Re:If it's an exploit for ATM *Machines*... by RichardJenkins · · Score: 2, Informative

      'ATM' has been a pseudo-acronym since people stopped using the phrase 'automated teller machine' except to pretend that saying 'ATM machine' is silly. Bah!

    4. Re:If it's an exploit for ATM *Machines*... by DeusExMach · · Score: 2, Interesting

      I like how the article you reference states that they're designing a "Proto-prototype".

      So! By that logic, they have developed a proto-prototype of a generalized machine maker machine that can be used to construct proto-nano-pin-number-generating-atm-machines using proto-nano-assemblers running on AC current.

      This is worse than spaceballs: the video tape.

      Now became then, just now. ...everybody got that?

    5. Re:If it's an exploit for ATM *Machines*... by Anonymous Coward · · Score: 3, Funny

      in order to be able to enter a "PIN number".

      So what your saying is, I have to enter a PI number... Damn, this is gonna take a while

      3.1415....

    6. Re:If it's an exploit for ATM *Machines*... by DeadCatX2 · · Score: 2, Funny

      I hope the keypad isn't connected to the computer via the USB bus

      --
      :(){ :|:& };:
    7. Re:If it's an exploit for ATM *Machines*... by commodoresloat · · Score: 3, Funny

      Oh, just STFU up.

    8. Re:If it's an exploit for ATM *Machines*... by DMUTPeregrine · · Score: 3, Informative

      PNS syndrome is a horrible, horrible thing.

      --
      Not a sentence!
    9. Re:If it's an exploit for ATM *Machines*... by schon · · Score: 3, Informative

      The 'C' in NIC stands for 'Controller', not 'Card'.

      some people, including 3Com and Cisco, disagree with you.

  2. Ridiculous by Anonymous Coward · · Score: 5, Insightful

    So they've had 8 months warning, and now suddenly when researchers want to publish they now want time to fix it? Not indicative of a company that gives a flying fuck about security. They don't deserve time.

    1. Re:Ridiculous by Anonymous Coward · · Score: 5, Interesting

      No, they don't... but it depends on the hack.

      If it gives out free money, only harming the company which didn't seem to care, then no, don't give them any more time.

      If the hack gives them access to innocent people's account details, and they'd be out money, and/or time fighting the bogus withdrawals, then yes, give them time to fix it.

    2. Re:Ridiculous by furby076 · · Score: 4, Insightful

      You're right they don't deserve it - but giving information to criminals to make it easier for them to steal - thus hurting society as a whole - is not the answer. Unfortunately the security of ATM's is greater then these researches desire to present their work.

      --

      I do not support "The Man". I also do not support your irrational stupidity
    3. Re:Ridiculous by nthitz · · Score: 2, Insightful

      Agreed, 8 months is long enough. If they haven't fixed it by now, they certainly need some incentive to!

    4. Re:Ridiculous by Svartalf · · Score: 5, Insightful

      Actually, they HAD time to fix it. It still is highly problematic- but the big problem with all this thinking that bars people from disclosing this stuff at the stage it's at right now is the highly flawed thinking that disclosing a vulnerability discloses it to potential attackers which will use it.

      It's a bad thing to think the bad guys don't already know what you're showing off and presume that they're not doing it. Depending on the hack, they may be prepping for it or already screwing you over with it and you just don't know it yet. If a white/grey hat found it, I can assure you a black hat either has already found it or will shortly.

      --
      I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
    5. Re:Ridiculous by joelmax · · Score: 2, Insightful

      I agree the ATM manufacturer doesn't deserve time, but the consumer does. How would you like it if someone stole your account info on a hacked atm and pillaged your bank accounts and credit card info?? Not too good I'll bet. For the sake of protecting the consumer, this should be withheld.

    6. Re:Ridiculous by poetmatt · · Score: 4, Insightful

      Companies only move upon losses and public fiascos. Politeness should be gone by 8 months. Honestly, "this can slash your profits to 0 or below" doesn't sound like a cause for concern?

      I'm sure departments within the company can make that same argument for losses but those are harder to take care of than simple software fixes that people are nice enough to be willing to tell them what the issue is. I mean how much easier can you get than someone else doing the job for you, that you didn't do originally? etc etc.

    7. Re:Ridiculous by jopsen · · Score: 3, Insightful

      You're right they don't deserve it - but giving information to criminals to make it easier for them to steal - thus hurting society as a whole - is not the answer. Unfortunately the security of ATM's is greater then these researches desire to present their work.

      Releasing the hole does not hurt society, however, it does hurt Diebold customers and partners.

    8. Re:Ridiculous by siloko · · Score: 2, Insightful

      You got it. The OP was right they don't give a fuck about security, what they give a fuck about is profits and a hullabaloo about folk losing cash as a result of compromised machines WILL effect their bottom line so each and every comment makes a difference. However it doesn't change the system that rewards secrecy over competence.

    9. Re:Ridiculous by arose · · Score: 4, Insightful

      Current situation: society as a whole does not know the vulnerability or it's scope, criminals might or might not know the vulnerability and might or might not be actively exploiting it.

      Full disclosure:anyone with enough brains and guts can exploit the vulnerability, society at large can take steps to minimize the risk since it is now known what exactly the risk is.

      --
      Analogies don't equal equalities, they are merely somewhat analogous.
    10. Re:Ridiculous by spun · · Score: 4, Insightful

      You've made the classic mistake of assuming corporations have any motivation to do the right thing, as opposed to the profitable thing. They don't give a rat's ass who is using this hack. All they care about is the price of their shares. If keeping a dangerous vulnerability semi-secret for a few more months will help their share price, they don't really care how many people get screwed over. Think of it this way: if their ATMs were electrocuting people at random, they would do a cost benefit analysis to figure out the likely damages awarded at trials, and compare that to the cost of fixing the problem. If fixing the problem were more expensive, the company would happily go on killing people. You think they care about your freaking finances?

      --
      - None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
    11. Re:Ridiculous by compro01 · · Score: 4, Interesting

      Being as the exploit is already in the fucking wild and being actively exploited, preventing the information from being presented is completely and totally pointless.

      --
      upon the advice of my lawyer, i have no sig at this time
    12. Re:Ridiculous by furby076 · · Score: 3, Insightful

      Releasing the hole does not hurt society, however, it does hurt Diebold customers and partners.

      1) Diebold customers/partners did not cause this issue
      2) If you use an ATM you are a diebold customer
      3) Diebold will pass the cost to companies which use ATMs and they will pass the cost to you
      4) It does hurt society as a whole to enable criminals. Just because you are not directly effected does not make you immune to the effects.

      --

      I do not support "The Man". I also do not support your irrational stupidity
    13. Re:Ridiculous by Talderas · · Score: 4, Interesting

      Not really. Despite the exploit being out there, there is likely only a few malicious people that know about it. If the hack requires physical access to the machine, this means the number of machines that are exploited is less. As other people have mentioned.... once the exploit is significantly more public, that will increase the number of malicious people that know about it and increases the number of exploited machines.

      There's a lot of people who can apply exploits. There aren't as many that can discover them.

      --
      "Lack of speed can be overcome. In the worst case by patience." --Znork
    14. Re:Ridiculous by MightyYar · · Score: 2, Insightful

      Releasing the hole does not hurt society, however, it does hurt Diebold customers and partners.

      I'd have to know more details. The manufacturer is not the one who will feel the direct repercussions of this hack - the ATM owners will. It might have been more effective for the researcher to inform some of the larger customers rather than the company. I'd bet that a big bank leaning on Diebold would have been more effective than this researcher disclosing a secret exploit.

      --
      W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
    15. Re:Ridiculous by Hizonner · · Score: 5, Insightful
      1. Diebold (or whoever; I don't know that it's Diebold) customers/partners are primarily banks, which are supposed to be in the business of worrying about securing money. It's negligent for a bank to buy a product without verifying its security. So, yes, they did in some sense cause the problem, or at least they bear a chunk of the blame for it.
      2. If I use an ATM, I am a customer of Diebold's (or whoever's) customer, the bank, not a customer of Diebold. And what I'm paying the bank to do is to secure my transactions. I will admit that I've obviously hired an incompetent bank and am perhaps at fault for doing so, but that doesn't excuse the bank's incompetence. And I think my fault is reduced by the unavailability of banks that actually do their jobs, whereas banks would have access to decent ATMs if it they bothered to demand them.
      3. Where do people get this nonsense? Diebold (or whoever) already charges as much for the ATMs as it can get away with. They don't set prices based on their costs; they set prices based on what customers willl pay, subject only to the proviso that if customers won't pay what it costs to make the product, they won't make the product at all. To a first approximation, in a properly functioning market with competition (and there is competition in ATMs), prices fall to approach marginal cost of production (for the most efficient producer). This doesn't increase marginal cost of production for anybody.
      4. Maybe, except that it's NON-disclosure that actually enables the criminals, and that goes beyond this particular bug and beyond the case of ATMs. Not only does non-disclosure enable ATM manufacturers and whoever else to continue to ignore the problem while the criminals continue to exploit it, but, by ecouraging other companies in similar situations to do the same, it guarantees further problems. To prevent companies in general from ignoring problems, there needs to be a credible threat of disclosure if there isn't prompt action on reported problems. 8 months is way, way more than enough time. In order to maintain the credibility of the threat of disclosure, there needs to actually BE disclosure once in a while, so that companies know they actually have to live up to their responsibilities.
    16. Re:Ridiculous by idontgno · · Score: 2, Informative

      Maybe in some regards, but the electrocuting ATM isn't a great example.

      Oh, I dunno, it's not like there hasn't been precedent for companies systematically ignoring lethal electrocution hazards in their work.

      There exist numerous product safety laws that could affect the criminal culpability of decision makers in a company who refuse to address serious known safety concerns in their products.

      As of 2008, with the passing of the Consumer Product Safety Improvement Act of 2008, the criminal penalty for "knowing, willful violation" is 5 years instead of only 1 year per the original 1972 Comsumer Product Safety Act. So yeah, the risk of imprisonment is something company officers have to consider, outside of a simple cost/benefit analysis. But realistically, if you play the game right, you may be able to stonewall and obfuscate well enough to make "willful, knowing" violation unprovable, taking that risk off the table. After that, consumer protection penalties are just another number in the "cost" side of the equation, with a "probability of occurrence" value that gets artificially deflated (because that stuff never happens to us).

      --
      Welcome to the Panopticon. Used to be a prison, now it's your home.
    17. Re:Ridiculous by Brian+Edwards · · Score: 2, Interesting

      The vendor in question is likely Microsoft:

      "The presentation focused on exploiting vulnerabilities in devices running the Windows CE operating system, including some ATMs. The decision to cancel was made to give the vendor concerned time to patch the problem, although the company was notified 8 months ago."

      My guess is that Microsoft is not excited about fixing bugs in CE, and would rather just extend their "security through obscurity" strategy to include censoring researchers.

    18. Re:Ridiculous by qwijibo · · Score: 2, Insightful

      You're making the assumption that it's a simple software fix. There isn't always someone who knows the software, understands the problem and can figure out how to resolve it in the code.

      A lot of companies hire the cheapest people they can to implement ill-defined code which is duct taped together and released as a product. Once the product is released, all of the expensive ($10/hr) programmers are fired and the product is supported by a group of people who have a script to follow and get paid $2/hr. Once you purchased a product, what incentive does the company have to put a lot of time and money into supporting you? The only incentive is to add enough functionality to get more customers to purchase the product, which you just happen to benefit from.

      I recently spent a lot of time trying to debug a problem that was being blamed on infrastructure, but turned out to be a known bug in one of the open source java components which was being used in a commercial product. There wasn't anyone employed by the vendor who understood that component, they just relied on it as a critical piece handling all communications in their product.

      It's nice to work with people who actually comprehend their job, but that's clearly in the minority. The larger the company you're dealing with, the higher the probability that there are people in critical positions whose actions cannot be distinguished from random noise. Comprehension is not a measurable metric, which causes many managers to consider it unnecessary.

    19. Re:Ridiculous by sam0vi · · Score: 3, Insightful

      What i think this guy should do is to publish the name of the problematic bank and/or ATM vendor, and give their users a month to withdraw all of their assets from that bank (since they clearly don't care about their customers' finances) and move to another one (of their own choosing). I'm sure as hell they would fix the problem ipso facto. My 2 cents.

      --
      When my Karma level reaches 0 I feel in piece with the Universe
    20. Re:Ridiculous by sjames · · Score: 2, Insightful

      The one and only thing that makes them fix it is the near certain knowledge that the vulnerability will be exposed far and wide after a deadline. It is reasonable to give an extension if it's really a hard problem to solve, but they must feel nearly certain that the problem will come out in public.

      I do agree that it's not a good idea to assume that only the good guys know about the vulnerability.

    21. Re:Ridiculous by Nikker · · Score: 2, Interesting

      I would like to apologize for being an asshole, I did go over the top. The reason I feel concerned is the element of scale. The only difficult part is figuring out the vulnerability once that is done they can out source because the money is there. There may not be a planet of computer elites with the ability to take advantage of this or any exploit for that matter but if the money is there to be made especially in the millions of dollars there is incentive to perfect the process. With that kind of money you could engineer something as simple as a 'mod chip' and with a hand full of people distribute your process, likely not even having to explain really what they are doing. As long as there is ROI people will do it without asking questions so they might not even know who is behind all of this.

      I do agree that publicizing this is not the ideal solution, the sad thing is that Diebold / Sequoia was aware of the issue almost a year now and coming from a company with security minded products why is it I as the person the situation affects cannot do anything to avoid this situation? Is there a visual appearance of these particular machines I can use to determine if I want to take the risk or not? Maybe a visual screen layout? If so then I'm happy to let them do what they please but now that I am informed I want to make a decision based on that. The chance to do so is all I'm asking.

      --
      A loop, by its nature, continues. If that didn't make sense, start reading this sentence again.
  3. WinCE when you say that by mspohr · · Score: 3, Insightful

    I can't believe that people use WinCE for a real world application that requires security and reliability. The morons who built these systems are reaping the reward for their ignorance.

    --
    I don't read your sig. Why are you reading mine?
    1. Re:WinCE when you say that by aristotle-dude · · Score: 5, Informative

      I can't believe that people use WinCE for a real world application that requires security and reliability. The morons who built these systems are reaping the reward for their ignorance.

      A lot of ATM's were previously running IBM OS/2 and were pretty stable. Not only are these ATMs now exploitable but they are also much slower than before they were "upgraded" to WinCE.

      Upgrades are supposed to improve functionality or improve performance but the text UI actually got about 2X slower to respond.

      --
      Jesus was a compassionate social conservative who called individuals to sin no more.
    2. Re:WinCE when you say that by Ray · · Score: 2, Funny

      Uh, no. Now WE'RE reaping the reward for their ignorance.

    3. Re:WinCE when you say that by jonwil · · Score: 2, Interesting

      One big reason to update from OS/2 to Windows is that its a lot easier to add new functionality to the Windows version of the ATM software than it is to add new functionality to the older OS/2 ATM software.

      Examples of new functionality ATM operators may want or need to add:
      1.Advertising (for loans, credit cards etc) whilst the ATM talks to all the computers and you wait for your money to come out
      2.Prepaid credit vouchers of various kinds (e.g. for prepaid mobile phones)
      3.Changes in the law (this last one happened recently here in Australia where there is now a new rule where if you use an ATM that doesn't belong to your bank, the owner of the ATM charges you the fee and not the bank where your account is. Also, the ATM is required to display the cost of this new "direct charge")
      4.Better accessibility for disabled people (e.g. deaf or blind)

  4. Re:What I don't get by 4D6963 · · Score: 5, Funny

    Is why everyone cares so much about Money. It's just pieces of paper and little bits of metal. What really matters is Love!

    Well, with money anyone can get some temporary love! And permanent herpes.

    --
    You just got troll'd!
  5. Release it anyway by Hatta · · Score: 5, Insightful

    You don't need a conference to publicize a security problem. Post it on the internet, and the vendor will have plenty of incentive to implement a fix immediately.

    --
    Give me Classic Slashdot or give me death!
    1. Re:Release it anyway by Tony+Stark · · Score: 2, Insightful

      That's right. IMHO, the reason some companies, such as in this case, suddenly decide to fix something after 8 months is because they are about to lose face. I think it must be a vulnerability that allows the hacker to obtain sensitive information about innocent people, as opposed to the company losing money directly. If the company was losing money, it would've been fixed 8 months ago. However, once it comes out that the company knew about it for 8 months and hasn't fixed it, the company will lose face and lose contracts because of that. That would explain the company's lackadaisical attitude in all of this. I miss the old days. This would've been posted on a BBS 7 months and 29 days ago.

    2. Re:Release it anyway by AndersOSU · · Score: 4, Insightful

      You don't think these ATMs will stay up if an exploit is published do you?

      The sequence of events goes something like this:
      Bank buys shitty ATMs
      Exploits are developed
      People start stealing from ATMs
      Someone gives the ATM manufacturer the exploit and tells them to fix their problem
      People continue to steal from ATMs
      Someone (publicly) threatens to publish
      ATM company says, "hold on give us a minute to fix it"
      People continue stealing from ATMs

      scenario A
      ATM company fixes the problem
      Banks and consumers never know their assets were exposed

      scenario b
      ATM company stalls
      people continue to steal from ATMs
      someone publishes
      a whole lot of money is suddenly stolen in a very short time period
      Banks shut down all vulnerable ATMs
      Customers notice their ATMs don't work - maybe ask questions
      Banks sue ATM manufacturer, become a little more careful about who they do business with in the future

  6. Too much pr0n by mandark1967 · · Score: 4, Funny

    Everytime I see "ATM" these days I think "Anal to Mouth".

    I need to stop surfing the Diabolic site....

    --
    Sig Follows: "Suppose you were an idiot. And suppose you were a member of Congress. But I repeat myself." -- Mark Twain
    1. Re:Too much pr0n by AnalPerfume · · Score: 2, Funny

      Actually ATM (Ass To Mouth) kinda sums up the capitalist system quite well; you have to be fucked in the ass by the corporations to earn money to put food in your mouth. Only the few at the top do the actual fucking. Perhaps naming the machine that you rely on to give you your reward for being an obedient gimp an ATM is another way of giving them a chuckle. Who cares if the ATM's are hacked? The rules they paid their politicians to introduce will ensure the little guy always pays, and the rich never use ATM's. Even when they're working fine, many ATM's charge you for access to YOUR money. You already took a shot in the ass to earn it in the first place.

      In the UK. the banking industry pulled a fast one with chip & pin (something I refuse to use), is it any wonder they pull this shit?

  7. Re:What I don't get by sopssa · · Score: 3, Insightful

    And some more long-term loving aswell. That is, until she has spend all your money.

  8. No surprise here... by Svartalf · · Score: 2, Interesting

    It is quite unsurprising, really. We see the same thing going on in the SCADA security space. The book, Hacking Scada: Industrial Network Security From the Mind of the Attacker , has been held up for at least a year past it's original planned publication date for similar thinking.

    --
    I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
  9. vote of confidence? by moskrin · · Score: 2, Funny

    so diebold's ATMs are as good as their voting machines!

  10. Whenever I hear about ATM hacking.... by Bicx · · Score: 2, Funny

    ... I know in my heart that John Conner is to blame. Or at least his mom, for teaching him how to hack ATMs. What I don't understand is this: why did John Conner only withdraw 3 dollars?

  11. They got the ability to talk though by Sycraft-fu · · Score: 5, Informative

    They are now much easier for the disabled to use. While it was possible for someone who was blind to use an OS/2 ATM, it relied more or less on memorizing what to do. The buttons had braille on them but there wasn't really any feed back other than beeps. So it was a situation of memorize the key presses to do what you want. New ATMs have headphone jacks and can give audio feedback, allowing those with vision problems to use them much easier.

  12. Improve functionality? by Peter+Simpson · · Score: 3, Interesting

    It's an ATM.

    It reads a card, checks your balance and pokes money out a slot.

    What increased functionality is there?

    (well, yes, it takes in deposits, too, but...)

    Really, why aren't these things running the most limited OS possible?
    Running WinXP on them is just silly. I would have thought WinCE would
    be more locked down, but apparently not.

    The comment about OS/2 machines being more secure is interesting.
    I'd rather have IBM running my cash machines than Microsoft.

    1. Re:Improve functionality? by Lumpy · · Score: 2, Funny

      New from microsoft.

      Windows 7 ATM edition. now with richer multimedia and features! giveyour customers access to a media center while they wait for their money!

      Dont laugh, Somewhere a manager in microsoft though of this and pitched it.

      --
      Do not look at laser with remaining good eye.
  13. Another odd device running Windows CE by RyoShin · · Score: 2, Insightful

    It's unfortunately not too odd to hear that ATMs run Windows (especially with some of the error messages I've seen). But there are even odder devices running Windows.

    I work at a somewhat-hated international retailing chain that will go unnamed, and while working there the other night my merchandise scanner, one of the portable hand-held ones used on the floor, froze. Not uncommon, but when I reset it it booted into Windows CE. A normal windows desktop. I tried starting Windows Media Player, but it wouldn't do anything. The funny thing is that when it works properly, it uses minimal ASCII art and no graphics at all.

    Why these kind of things need to use Windows is beyond me. Windows, security issues aside, is alright for general purpose machines, but not highly-specialized machines like a scanner or ATM.

    1. Re:Another odd device running Windows CE by TheRealMindChild · · Score: 3, Insightful

      Why these kind of things need to use Windows is beyond me. Windows, security issues aside, is alright for general purpose machines, but not highly-specialized machines like a scanner or ATM.

      Sir, you are confusing Desktop Windows with Embedded Windows. While the source base is starting to be shared, their targets and goals are substantially different. Windows CE IS meant to be highly-specialized for highly-specialized machines. You don't even have to build in graphical output. I've seen usable CE images take up ~2MB of memory total.

      --

      "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
  14. MS doesn't recommend WinCE either . . . by PolygamousRanchKid+ · · Score: 2, Informative

    . . . from TFA:

    The operating system used in the affected system, Windows CE, poses hurdles to a quick fix. Microsoft recommends that Windows CE is used for "low-end cash-dispensing ATMs," while Windows XP Embedded and Windows XP Professional are used on more full-featured ATMs, according to a white paper on kiosk and ATM operating-system platforms issued by the software maker. Windows XP Embedded, the latest version of which is Windows Embedded Standard 2009, and Windows XP Professional are more secure because they are easier to update, the software giant says.

    --
    Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
  15. Never fear, BH presentation likely by 2gravey · · Score: 5, Interesting

    For those of you who aren't aware, the Black Hat tradition for vulnerability presentations which have been similarly blocked due to court orders, etc. is to offer BH a replacement safe/bland presentation and then deliver the banned exploit demonstration regardless. This action typically results in a large lawsuit against the researcher's employer, subsequent termination of the researcher, and a short-lived rock star notoriety for the researcher making the afore mentioned termination totally worth it.

  16. Not forced! by Sockatume · · Score: 5, Informative

    The article is transparent in saying that he chose to cancel his own presentation on his own volition, because it hadn't been fixed yet.

    --
    No kidding!!! What do you say at this point?
  17. Re:Is this an overstated problem? by maxume · · Score: 2, Funny

    I'm pretty sure the proper /. unit for theft/time is the Madoff. Guessing that he stole about 25 billion dollars over 30 years (this is just an off the cuff estimate, the actual value of the Madoff may vary), 9 million dollars per month (I think that's what the summary says) is a rate of about 0.13 Madoffs.

    --
    Nerd rage is the funniest rage.
  18. How it works. by mbarkhau · · Score: 4, Interesting

    I only read this on another forum so take with a grain of salt.

    The hack is based on the assumption that if you make a withdrawal from an ATM and don't take the money you forgot to take it, so the machine takes the money back and refunds the amount to your account.

    The thing is that the machine doesn't have a way to count how much bills it takes back, so you can just take the bills from the middle and you will get a full refund.

    Supposedly this also works if you take the money right before the ATM pulls back in the money.

  19. Inconceivable! by Anonymous Coward · · Score: 2, Funny

    You've made the classic mistake ...

    Starting a land war in Asia or going up against a Sicilian when death is on the line?

    (Inconceivable!)