Slashdot Mirror
Scammer Plants a Fake ATM At Defcon 17
Groo Wanderer writes "Normally, a well-crafted fake ATM would skim a lot of card information before it was noticed, if it was ever noticed at all. Because it is safer for the criminals and harder to prosecute, financial crimes like this are spreading fast. If you are smart, you don't try to pull one off in the middle of a computer security convention where the attendees are very good at spotting such scams. That said, some not-so-bright criminal tried to plant a fake ATM at Defcon. He now has one less fake ATM and a whole lot of investigators on his tail."
One wonders if it wasn't just bait to get security to tip their hand for a more thought out caper.
I Need someone to rebuild a Digitech Digital Delay pedal for me....for me...for me...for me.
I know we've been pulling out of Iraq, but going down to Defcon 17 just seems ridiculous.
Article contains the terms "ATM Machine" and "PIN Number". Read at your own risk.
FTA, "Conference organizers notified local law enforcement who hauled away the machine on Thursday or Friday".... Wouldn't they have been better served monitoring the device to see who came and picked it up?
Sorry, I'm no expert here. Is there a way to monitor if the device was broadcasting wirelessly, preventing the need of a physical retrieval?
You stereotypers are all the same...
They make it sound like this was done by criminals. Who's to say it wasn't really a job offer in disguise? ;) "First person here to notice this gets a job offer."
#fuckbeta #iamslashdot #dicemustdie
Even if they could monitor it wirelessly, they should have just carefully disabled the wireless transmission (aluminum foil?) and grabbed whoever came to check in on it.
Too bad the scumbag didn't die in the process. It would be such a nice Darwin Award winning material...
If they'd left it and watched, they may have been complicit in the skimming. On the other hand, if they put a warning sign on it or turned it off, the perps would notice and scarper instead of loading it up.
I think the real fail was the cops hauling the machine away without asking for help from the Defcon attendees. Sort of like a guy having a heart attack at a cardiologists convention and the cops keeping everybody back until an ambulance can arrive and take him to a hospital.
I would call shenanigans as soon as I didn't get any cash out of the machine.
Certainly not the smartest place to attempt a legitimate scan but a great place to test one out. Shoot a good quantity of the countries security experts and if he could of pulled it off he would have been hailed for it. I thought the typical atm scam was not an entire fake atm though, thats pretty idiotic. Usually its just an unnoticeable attachment to an existing atm that gets card numbers and maybe can capture pin entries through video or something, but seriously who in there right mind is going to use any sort of machine that accesses the internet out of a friggin hacking conference anyways. Anyone who has been to any defcon knows they'd banner your partial account number, name and pin for everyone to see jeez. but you just had to buy that 'pwn'd by hckz0rz3d' t-shirt didn't you...
I wish I noticed it. I would have gotten a starbucks card and see if I could withdraw some cash...
Test your net with Netalyzr
That's what I call good product placement.
C'mon, it was Defcon. Law Enforcement did the right thing... there are laws and regulation for a reason, you know.
0100010001101001011001 0100100000011010010110 1110001000000110000100 1000000110011001101001 0111001001100101
I think the real fail was the cops hauling the machine away without asking for help from the Defcon attendees.
The true FAIL was the Defcon attendees failing to spot and realize that the cops hauling the machines away were fake, and the ATM was real.
Tell your friends about xenu.net
How about both fake cops and a fake ATM?
Yeah it wasn't hard to notice I'm sure as it was the only ATM at the conference. Any machines set up at a hacking conference that are going to be accessing or appear to be accessing the internet are asking you, "Can we please show everyone how much of a moron you are?" but of course one can't deny the need for that "pwn'd by hckz0rz3d" t-shirt... it'd almost be worth it too...
Article contains the terms "ATM Machine" and "PIN Number". Read at your own risk.
People - and by this I mean people on Slashdot, I've not seen anyone complain about it elsewhere - always complain about that. But what's the alternative?
It could be referred as "Personal Identification Number" which is just overly long and besides, everybody just knows it as PIN. They could just say "it would scan their card information and record the PINs they entered" but I don't think it is very good. I know the capitalization makes the necessary difference between "pins" and "PINs" here but honestly, that version still looks a bit out of place to me.
One could say "PIN code". It is the version usually used here in Finland ("PIN-koodi") but the difference to PIN number gets very small.
PIN isn't just an acronym for Personal Identification Number. It is, in itself, a name for a short, usually 4 to 8 digits long digit based password. I could bet a lot of money that most of people don't convert the acronym to words when they read text.
Besides, the ATM machine is used what, once? Most of the time it uses just ATM.
With the massive amount of acronyms we have, especially short ones, a lot of them have multiple meanings. While it is relatively easy to understand these ones in this context, I fully support people adding an additional word to tell which meaning of some acronym is meant in a given situation. At least once in an article. There has been too many times I've seen some acronym, tried to google it, found a dozen different meanings and have had no idea of which it refers to.
So you think of it more like finding a bomb at an explosives convention. Fair enough -- the cops were probably worried about some guy in the back yelling whatever the ATM equivalent of, "Cut the BLUE wire!" is. ;)
They could have covertly had an undercover agent place an "out of order" sign on it; perhaps after trying to use a 'special' jailbait ATM card and PIN number, and the device failing to dispense $$$.
Just like a citizen might do as a service to others when they found the ATM didn't seem to be working..
The perps would probably send someone to investigate why they weren't getting any numbers. If investigators were recording with video surveillance, they could get leads that way.
I would think that the hardware would be considered a loss once placed.
---- Booth was a patriot ----
If the cops were fake, it could have been the perps' emergency method of retrieving their fake ATM to use it again later.
But if people at Defcon called the police, it's unlikely that fake cops would be dispatched, that is: unless the scammers were police insiders themselves.
Do thieves actually come back for these? I'd definitely expect it to be wirelessly transmitting, or to be watching for a special card to be inserted to which it would download the skimmed information.
In order to do that, they would have had to leave it out in the open and allowed people to use it, so as not to make the criminal suspicious when he returns to retrieve it. You then have people making transactions of questionable legality (I didn't read to see if it actually dispensed money or just showed an error after getting the PIN), and increase the possible damage if it is transmitting in a way they didn't uncover or if the criminal manages to extricate the information while they're watching it.
They're better served by taking it away and studying it for clues as to the criminal.
But, did they use an Hotel phone or a outside line?
I say it could be an Hotel Security inside job.
Tim S
They were smart enough to place the machine in one of the few spots in the hotel where there was no security camera to catch them, Priest said. "It was literally right next to the hotel security entrance." So even the security officials don't like to be spied on.
Science will save us. The question is, will it destroy us first?
I get it. It's a local law enforcement inspection device disguised as a fake ATM
Sorry, Las Vegas casino Hotel. There are cameras in the toilets. They likly already know who they are.
Living in Chile
The fake-ATM problem is just a man in the middle attack. We've known how to deal with MITM attacks for decades: use public-key cryptography and a secure key exchange algorithm like Diffie-Hellman to create an authenticated, secure channel. That's how SSL works.
Credit and debit cards should contain a small microprocessor that communicates with bank, check its identity, and establish a secure channel. Even if an attacker could read and modify traffic between the card and the bank, he couldn't interfere with the transaction (other than by stopping it entirely).
Of course, this scheme doesn't allow offline credit card processing, but that's rare these days. If you still need to bother, just use an old-fashioned imprint machine.
The larger problem is just of backwards compatibility, which is why we'll never see the sensible scheme above implemented in our lifetimes.
There is a reason for following procedure during an investigation. If you have a piece of evidence in a criminal investigation, you don't let people touch it willy nilly because later in trial it could be thrown out on the grounds it was tampered with. The second reason is the criminal could have been watching in the crowd. Letting random invididuals get access to the machine could enable a criminal to erase the data by hitting a reset switch. The police had no idea who planted it there so they could not trust anyone other than law enforcement officials to go near it. This is in no way similar to your cardiologist/heart attack patient scenario.
Camping on quad since 1996.
Maybe that ATM was a demo that would be used by someone having a talk on ATM security and people gullibility to show a point. Now the feds got involved and that expert will have to do his talk at Guantanamo.
Would be somewhat similar to what happens when security experts want to show that a system is vulnerable and get jailed for that.
You then have people making transactions of questionable legality...
Of course, placing a low-tech "Do not use, fake ATM, will steal your information" sign could have worked just as well, and then do as the OP mentioned, place surveillance on the unit.
Comment removed based on user account deletion
Step aside wallet inspector coming though!
Just imagine the headlines if they had succeeded: "Security experts lose bank accounts to scammers."
If you have the cojones to put your fake ATM in a security conference at least have the brains to do it right.
--
Far better if this were an "pentest" with the "we'll stand back and watch" cooperation of the bank whose name is on the ATM. Scenario: White hat hackers to to BigBank and the hotel and say "We want to do a demonstration. We have a fake ATM we want to put in the DefCon hotel. We want to rig it so people's ATM codes are stored in the machine, encrypted, for later retrieval. BUT you, the bank, get the decoding key. At the end of Defcon we'll announce the prank. We'll give a $100 gift card and a a plaque to the first attendee who spots that it's a fake."
Now that would be cool.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
How about real cops and a real ATM ?
What ??? You think those guys are all honest ? Humans is humans.
-Billco, Fnarg.com
... would have been if some thieves backed a pickup truck up in the middle of the night and dragged this thing off.
Have gnu, will travel.
Please don't feed the trolls!
Srry, just had to say that sometime ...
You're taking this more seriously than I am, but OK.
Shouldn't the police assume that the victim at the cardiologists convention had been injected with KCl or adenosine+lidocaine by one of the attendees, and thus wait for independent medical professionals to arrive rather than allowing "random individuals" to act? After all, allowing others access to the guy might cloud any subsequent investigation.
That's certainly a win-win for the cops -- if they delay treatment and the guy dies, their investigation has gone from attempted murder to murder, a plus, and their evidence hasn't been tainted, another plus.
Not funny. It's actually a very good point!
Power tends to corrupt, and absolute power corrupts absolutely.
If this was a legit scam instead of a prank, then there's a saying that applies:
"Only the most foolish mouse hides behind the cat's ear, but only the cleverest cat thinks to look there."
There are some people that if they don't know, you can't tell 'em.
Yeah, like we are going to RTFA the farking article.
That's pretty redundant
No, it's redundant redundant. Pretty redundant is when someone reposts a picture to usenet.
One might assume that one of the DevCon attendees was behind it, and asking them for help would totally be some Ocean's 11 bullshit.
That's certainly a win-win for the cops -- if they delay treatment and the guy dies, their investigation has gone from attempted murder to murder, a plus
I don't think most members of law enforcement would view that as a "plus"......
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
Your comment may have been funny, but it was logically unsound.
--
You keep force fitting an invalid equivalence between these two scenarios. These two scenarios are not the same nor are the assumptions and procedures the same. With the ATM, the evidence for criminal activity was clear and apparent. Also, waiting and following procedure wasn't going to cause anyone to die. With your patient dropping to the floor, there was no apparent evidence for criminal activity. The reasonable assumption to make is to assume the patient is simply having a medical issue (assume no foul play) and get help to the patient as fast as possible. Even if there was evidence, such as a steak knife in his back, the priority is to save the patient's life.
Camping on quad since 1996.
They were just trying to make Spot the Fed a little easier!
Back in 1990, after the Loma Prieta Earthquake, there was certain bank (damaged by the quake) that was demolished right downtown in Santa Cruz, California. One day I was walking past and noticed in the debris/rubble pile the night deposit box, bread-box style door hanging open, still mounted in a fair portion of the wall it was attached to.
I realized it was exactly the same kind of door that was used on MY banks night deposit box just a few blocks down the street, a bank that still did business.
I had a very boring job at the time and had lots of time to daydream. It is here that I devised my plan.
Late in the night, head down with a pickup and load up the night deposit box from the rubble pile. Take it home. Reproduce the wall the other one, the one at my bank, is mounted in. As it turns out, the night deposit box there was located in a sort of wall "extension" that one could reproduce, lay the fake right over the top (quickly unloaded from the back of a pickup) and as long as it looked right would appear no different. Simply leave it in place with the lock modified so ANY key will open it.
Set it up late Sunday night, around 11pm, and wait for the night deposits from all the businesses that cater to the tourist industry in Santa Cruz every weekend. Head back around 5 am, swing the false wall out of the way, pick up all the deposits, and walk away...
There was even a parking garage across the street for spotters.
Alas, I have morals, so it shall remain a daydream.
No, the true FAIL was that none of the Defcon attendees took pictures of the people servicing the ATM. For security reasons that's the new rule, if you see an ATM being serviced -- you have to take your cell phone and take a picture of whomever is doing the servicing.
I wouldn't put it past these black hat's, that maybe the ATM was real, using their 'guise' of security experts as a human hack so that the 'cops' could 'easily' remove the ATM to compromise a US banking system. H4X status = WIN!
Yea, there is no way someone can enter a casino in vegas, hell go anywhere near the strip, without being caught on hundreds of cameras. so they have a blind spot in one corner of the floor, but there is likly hundreds of hours of video tape covering every step of the delivery.
People Bitch about all the cameras in London. They got nothing on the number of cameras in Vegas.
If the security cameras in Vegas where not the best in World, the cons would have cleaned out the casinos years ago and the customers would not feel safe walking in to and out of the casinos with large amounts of cash.
Living in Chile
I also thought of the same liability over letting it continue to scam people while waiting for the perp. One way to fix that would be to take a screw gun and screw a 3" screw into the slot you put your card into. Nobody could use it, and eventually, the owner of the machine might try to fix it or take it away.
I agree with the other theories presented above... the machine likely is using a prepaid wireless phone to export the data from each transaction so that the machine never needs to be retrieved.
Seth
$5 / month hosted VPS on linux = awesome!
One of the first things that came to mind was whether this was a trick to get IDs of people. Think of it, the FBI would love to get a roster of the event but cant, so they settle for getting account #'s of some of the attendees?
For me the true FAIL of this incident was the idea of what could happen to the criminals once they're identities are made public after they seriously annoyed the attendees of a hacker convention. Can you imagine a group you'd less want to have seeing how they could make your life miserable (excluding the possibility of physical harm)? Good luck ever getting credit again, and that's just for starters...
If the customers are walking out with large amounts of cash, someone's head will roll.
"Thanks for responding office. I am the shift security chief. We identified the actual owner of the ATM, which as it turns out is perfectly legitimate. We do appreciate your swift response, but there is nothing to do at this time. Those kids just didn't know what they were calling about. They're from Canada."
Serious? Seriousness is well above my pay grade.
Relax, it's a HOAX put on by a new Bank.
Actually, the way the laws read in a lot of states, it goes something like this...
I learned this in law enforcement school. I was trained as a first responder. I could stabilize a patient until the paramedics arrived.
While on duty, I am protected by the department regardless of what happens. For example, if a person had a heart attack, and I gave CPR, they may sue for the bruising or cracked rib(s). If I fail to keep them alive, I'm still protected, because I tried to the best of my ability.
When OFF duty, I don't have any such protection, and may lose my ass in court. I was trained to perform those acts, but was not obliged. Pretty much, the lawyer for the victim, who is the person you saved, will tear you up when they say "So where did you go to medical school?" "Did the victim consent to you touching him?" "Being that you work in law enforcement, you thought it would be ok to attack the victim, and leave him with cracked ribs, causing him undue pain and suffering and weeks in the hospital?" As soon as you say "But he was having a heart attack", they'll come back with "But you're not a doctor, who were you to judge this?" You see where that goes. Lawyers are assholes, and some people will grab for money anywhere they can, including from the person who saved their life.
We were told, if you see someone having a heart attack on the street, and you aren't working, call 911. Don't get involved.
So, if someone had a heart attack at a conference of cardiovascular specialists, no, they may not get any treatment, but someone will (hopefully) call 911.
There are good people out there though. An ex-girlfriend was involved in a rather serious car accident. She was in the military, and a base surgeon witnessed it. He stopped, and began treating her to the best of his ability, even though he had no supplies. He called 911, then ensured she didn't move, and started to evaluate her for injuries. Other folks from the base secured the area, and guided traffic away from the scene. The scene was handed off to local law enforcement as they arrived. She was transported by ambulance to a civilian hospital (it happened off-base), where he road along. I was called from the hospital. By the time I got there, she was badly bruised and not terribly happy, but stable. And, no, it was a hit & run. There was a consistent description of the vehicle, but when they saw someone in uniform fall out of the drivers seat onto the ground, the focus was on her, not the other vehicle.
Myself, if I see someone in need, I help whenever possible. When professional help arrives, I'll walk away without giving any information. I care to help. I don't care for fame, fortune, or the lawsuit that may follow.
Serious? Seriousness is well above my pay grade.
It's a Honey Pot.
Hehe... not exactly ;)
More like, by Law Enforcement taking the dummy ATM before the folks attending Defcon could "examine" it, they preserved the chain of evidence, thereby ensuring that what is uncovered during their forensics work will hold up in a court of law to successfully prosecute the perpetrators.
0100010001101001011001 0100100000011010010110 1110001000000110000100 1000000110011001101001 0111001001100101
i work in a position with some authority in a major hotel chain, so i prefer to post this as AC.
get a job in a hotel where you can keep track of the billing information and credit/debit cards that people use.
daily, i physically handle dozens of cards with accurate names and contact information. with my company's online system, i can access huge numbers of customer data. at my particular property, i could scam so many people that it would be ridiculous.
you want scary? how about a small ring of organized hotel/restaurant/retail employees that keep track of the card numbers, security codes, and addresses (where applicable)? irregularly stagger the fraudulent charges in time and location to be difficult or impossible to follow, and you've got a fairly sustainable system of theft.
CT is one state that only has such a law for those certified in first aid, but for other states, all of those questions your hypothetical lawyer asked you would be irrelevant, as you'd be immune under such coverage - consent can be implied if unable to be given, only active refusal being an exclusion, cracked ribs during CPR is not uncommon (there are often exemptions for 'reasonable recklessness' - if a person is trapped in a car but there is no reasonable risk of fire, and you, against protest, extricate them from the vehicle causing or exacerbating a spinal injury), and so on.
"When professional help arrives, I'll walk away without giving any information" - isn't that more bad advice? "Material witness", "leaving the scene of an accident" could both be thrown at you, dependent on jurisdiction.
Ironically, often those who may have most to fear from the above are people who are professionally trained. I have begun training as a paramedic - first thing drilled into me is the same as medical students: "You are NOT a paramedic/doctor until and unless you hold the bit of paper that says you are." The next is that as you are professionally trained and expected to know what you are doing, there can be, dependent upon jurisdiction, less latitude in Good Samaritan laws for events that could reasonably be attributed to incompetence on the part of your response. "Don't carry a 'whacker bag'." - "whacker" is an EMS/LE phrase for someone who likes to hang around the fringes of such professions, a 'wannabe', etc. If you're off-duty, respond and help out how and if you believe you can, but carrying a bag full of medical equipment like you're on duty is just going to get you burnt, in more ways than one - at the very least, your fire dept/chief is most definitely not going to be proud of your efforts.
Several people have suggested this as a possible solution. I suggest you might need to adjust your logic and cause/effect tuning.
Loss of a machine is factored in. These things can't be that expensive to make. Any failure will be assumed to be a sting.
What makes me really wonder about this post is why KDawson took my original submission here:
http://it.slashdot.org/firehose.pl?id=5416205&op=view
and edited ONLY the link. It originally pointed to my site here:
http://it.slashdot.org/firehose.pl?id=5416205&op=view
So, Mr Dawson took the time to leave everything else intact, but go out of his way to hunt down another link to a large corporate site. Hmmmm. He didn't pick the chronologically first one, which mine wasn't, and I can't see any real difference between the articles posted on the topic. The briefing Priest gave wasn't all that long or in depth, so we pretty much all got the same story.
Normally I am not a conspiracy theorist, but I did just spend the better part of a week at Defcon.
Mr. Dawson, can you explain?
-Charlie
I screwed up, blame a week or so of no sleep. The second link should be.....
http://www.semiaccurate.com/2009/08/02/moron-tries-scamming-fake-atm-defcon/
Sorry.
-Charlie
If the police use analogue radios it is quite possible that the crims will hear the cops being dispatched.
An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
They could have covertly had an undercover agent place an "out of order" sign on it;
Really, I'd replace the computer inside the ATM with a Ninja.
An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
Here, as I recall it, the Good Samaritan laws protect the average Joe. Well, as far as that goes. In civil court, any lawyer can argue anything. If it's in front of a jury, regardless if they're instructed "You will ignore the previous question", they still heard it.
The advice on giving medical assistance, even within the bounds of our training, was from the paramedics teaching that portion of the course. They told us more, but basically the lead instructor with 30 years of experience, was currently involved in 3 lawsuits against him, for carrying out his duties properly. He told us he's known those off-duty who jumped in to do "the right thing", just to get burnt as you said.
Now, I'm many many years out of that profession, and I'm sure any certification I previously held is worthless. I am just JW Civilian Smythe now.
I can't say that I've been on a lot of scenes of accidents, but I've been at a few. We'll use a decent example of one that happened a few years ago.
I was at a stop sign, 2nd in line. It was out of a residential area, to cross a busy road at night. My view was obscured by bushes. I heard a screech of tires, and an impact. A truck spun into my view, still on the main road. I got out to help.
I instructed a bystander to call 911.
The driver of the truck, a white male, approx 30, as shaken but physically unhurt and relatively calm. He was already out of his truck by the time I got to the vehicles. I advised him to sit calmly in the grass off the road, and pointed to a safe place. He obeyed.
The driver of the car, a white female, approx 20, was shaken, screaming, complaining of breathing problems and extreme pain to her face. I tried to calm her. Her airbag had deployed, and she barely had a red mark on her nose. I reminded her that she was screaming (it was louder than the tire screeching had been), so she was breathing. I told her she was fine, and to stay in her vehicle and not move around. The paramedics would arrive soon. The "breathing" problem was from the airbag dust. her "broken" nose was a mild abrasion from the airbag. A stupid bystander saw the steam from the radiator and started telling the driver that her car was going to explode. So much for calm. She was screaming more and very insistent on getting out of the car.
The original bystander that I had asked to call 911 handed me the phone, so I could give the brief description of what happened. 2 cars, 0 obvious injuries, road blocked. Please send ambulance and police.
So the guy was doing fine on his own, trying to collect his thoughts on what just happened, as he looked at the front of his truck crushed. He looked a bit sad. I guess he liked his truck.
The girl is now out of her car, shaken, and walking badly (like from the adrenaline rush, not from injury). I walked her to the back of her car, and asked her to please please stand there, holding onto the car until the paramedics arrive. The crazy bystander starts telling her all kinds of shit like "oh my god, you almost died. Your car is on fire, get away from it!"
So, the crazy bystander tells me off, and gets the girl into the grass, where she's hugging her, and rubbing her back. Go ahead, I know how wrong that was. Not much I could do, she wouldn't listen to me, since I wouldn't save her from the "burning" car.
When the police got there, I he glanced around and I pointed out vehicles and owners. I then asked "do you need me for anything, or can I go?" He told me I could leave, he didn't need me for anything.
The final part has happened quite a few times. I wasn't involved in the incident, other than being the first person there. It's easier on the paperwork if the witness list is short. :)
I found out later, the girl was speeding,
Serious? Seriousness is well above my pay grade.
next time, let it dispense HP-printed bills, and when the FED come to arrest me I'll start throwing USC Title 12, Section 144 in their face to remind them that my fraud is just as equal as their fraud.
Interesting. Although, fyi: "I could honestly care less." --> "I could honestly not care less."
Camping on quad since 1996.
Article contains the terms "ATM Machine" and "PIN Number". Read at your own risk.
Asynchronous Transfer Mode? It's in machines all around us, a key protocol in many WANs.
Person In Need? Well, there are always arguments about these numbers.
But it sounds like an interesting juxtaposition of topics; perhaps I should read TFA.
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
Not if you were a pirate on a galleon. They'd understand where the black powder is stored, that you need room to wash ashore - and they very probably never heared about baths and rooms to place them in.
Actually, given the level of detail in the article it's entirely possible that's true.
The article suggests that the only clue that it was fake is that where they expected a camera was just a black hole, and shining a torch in there revealed a PC.
Big deal. Most ATMs these days are basically a PC with a tough number pad and a cash dispenser attached. It's possible (though perhaps unlikely) that the last time the ATM was opened the camera was knocked. One would hope the police made enquiries with whoever was thought to own the ATM before taking it away, but I wouldn't bet on it.
No no no...
You have use your iPhone, since the almighty iPhone is obviously the only phone sufficiently advanced to contain a camera, making it "A hotbed for amateur photography".
iPhone, iPhone, iPhone! Just let me strangle whoever wrote that article, please?
Eat the rich.
Annoyed? Amused is, I think, a more likely reaction.
Reality is the ultimate Rorschach.
You might consider that the cops knew about the ATM. The FBI is not above using illegal means to monitor hackers, and they're probably closely watching everyone at Defcon.
As I said in the title, I'm just giving you a hard time. I can't stand the average American's inflexibility with regard to communicating with people with different backgrounds. Its strange, really.
(American)
Mon chien, il n'a pas du nez. Comment scent-il? TrÃs mauvais!
Coach Z, is that you ?
Squirrel!
My fave was the Yank pronounciation of 'solder' ("sodder"). To this Brit, it sounded like a cross between sodomize and bugger (which mean the same thing). I always cracked up when people asked if I could "sodder" a circuit board for them.
Squirrel!
Con-Fu:
http://isc.sans.org/diary.html?storyid=608
"Stay Alert! Trust No One! Keep Your Laser Handy!"
Maybe the feds put it there to monitor all the hax0rs!!!
They took it to hide the evidence!!!!!!!!!!!!!
It's called the "Good Samaritan Law". You CAN NOT be held liable unless they can prove gross negligence on your part (i.e. jumping up and down on the guy's chest for CPR).
Actually, that's a well disputed point.
It can be said either way, and has effectively the same meaning.
Say caring is on a scale of 0 to 10, 0 meaning no care at all, and 10 meaning absolute care.
I could care less, can still mean that my care could be only a 1.
I couldn't care less should mean my care is only a 0.
Leaving it at "I could care less" implies there is some, but that may drop to nothing, because I don't care much. :)
Bring on the linguistic and logic pseudoexperts to argue the point. I could care less. :)
Serious? Seriousness is well above my pay grade.
You should read up a little on the scope of Good Samaritan laws.
They are not globally recognized. The country or state you are in may simply not have any. If you make a mistake, "oops, I was trying to help" won't always protect you.
The above linked page has a good example of this. If there is a car accident, and you extract the driver or passengers, and they are injured because of it (or their lawyer argues that you made the condition worse), you're screwed. The exception would (usually) be that there was obvious and immediate threat to their life. Like, their car is already on fire, you're probably right to try to get them out. What if one of the passengers had a spinal cord injury, and by moving them you killed them? What if you were mistaken, and the "fire" was just steam from the broken radiator?
Serious? Seriousness is well above my pay grade.
There are 3 combinations right? Let's label care level as C, where Min is 0, and Max is 10. Then Min <= C <= Max of 10. The following would hold true.
With #1 and #3, the statement provides specific and provide useful information. With #2, the statement is unspecific and could result in an infinite number of values for C. #2 isn't very useful in that it communicates an ambiguous thought. Is C close to Min? Close to Max? In the middle? Who knows. Since we strive to communicate effectively, the proper course of action to take when presented with such ambiguity is to discard it. It's by that reasoning I invalidate #2.
Camping on quad since 1996.
Unfortunately you fail to take into account that the world we live in, and the medium we communicate through, is full of shades of gray.
We don't only have the answers, "yes", and "no", but "maybe", "kind of", "possibly", "vaguely", among others. Beyond that, there are lies, half-truths, white lies, and occasionally even the truth.
But for the scale of your calcuation, I would stick with integer values. It keeps your headache to a minimum. Arbitrarily invalidating a valid answer limits your ability to reason.
Serious? Seriousness is well above my pay grade.
Poor guy is prolly still in the back of that ATM :)
How did I fail to take in account of the shades of grey? I specifically mentioned the existence of ambiguity and that #2 was a sliding scale (synonymous with "shades of grey").
I did not eliminate #2 arbitrarily. I eliminated it because it evaluates to a meaningless answer. Also, it doesn't matter if our scale is fractional or not. I can change Max to infinity and still achieve an infinite number of possibilities even with your rule of "integers only". By understanding all the possibilities and their meanings, we have expanded our ability to reason. Avoiding usage of the #2 case does not mean we forget ambiguity exists in our language. It just makes our communication clear and more effective.
Camping on quad since 1996.
Anybody trained and certified in CPR knows about good samaritan laws which protect people from this sort of thing. In fact, anybody trained in CPR also knows failing to do so can be considered negligence if they found you were of adequate legal competence to perform it.
Wow, you really don't have a clue.
1) I am the source, I was there.
2) It is not a blog, it is a news site.
3) Why did they link me the day before then? http://it.slashdot.org/story/09/08/01/1658258/Apple-Keyboard-Firmware-Hack-Demonstrated
4) I won't make this personal and point out my feelings about your intelligence.
-Charlie
In Australia, Queensland, at least, you are protected by law as long as you administer first aid in accordance with what you were taught during your first aid course. If you break ribs administering CPR (which you should, if you're doing it right) boo hoo to them. If they are unconscious or unable to speak coherently, consent to treat is implied. Simply having a first aid qualification does not require you to help, but if you involve yourself in the situation you're required to continue- and calling the emergency services counts as administering first aid. The moment they make us liable for properly administering first aid...
Loss of a machine is factored in. These things can't be that expensive to make. Any failure will be assumed to be a sting.
According to the article, the numbers were logged for later retrieval. That would suggest they had no network connectivity and thus no way of detecting the machine had "failed" until actually going there in preparation to get the data.
Do ATM cards in the US really still not use a security chip? In my country, reading the magnetic information and knowing the code is useless for getting money since all ATMs check the security chip too.