Slashdot Mirror

← Back to Stories (view on slashdot.org)

2010 Bug Plagues Germany

Posted by CmdrTaco on from the well-that-was-ten-years-late dept.

krou writes "According the Guardian, some 30 million chip and pin cards in Germany have been affected by a programming failure, which saw the microchips in cards unable to recognize the year change. The bug has left millions of credit and debit card users unable to withdraw money or make purchases, and has stranded many on holiday. French card manufacturer Gemalto accepted responsibility for the fault, 'which it is estimated will cost €300m (£270m) to rectify.' They claim cards in other countries made by Gemalto are unaffected."

3 of 233 comments (clear)

  1. Revenge at last by egandalf · · Score: 5, Funny

    It only took 65 years, but they finally got their revenge for those invasions. Subtle, the french are, very subtle and patient. Like mice.

    --
    Those who have telepathy have no need to RTFA.
  2. Re:Effected? by hicks107 · · Score: 5, Funny

    Eye was going two say the same thing. They knead to insure they are spelling things the write weigh.

  3. Remind me of another story... by langelgjm · · Score: 5, Interesting

    Reminds me of a story I mention every so often. When I was an undergrad, I along with a few other enterprising students discovered that our university ID cards stored our social security numbers in the clear on the magnetic stripe. We eventually brought this to the attention of the school, who rushed to find a solution. They needed a unique identifier that was also not important information. They quickly settled on using our "university ID numbers" - arbitrary numbers whose value had no importance to the individual, and they reissued cards to the entire university.

    A few weeks after they finished reissuing cards, one of us discovered that the "university ID number" was a primary key in the school's LDAP database. By using a directory browser, you could look up any student, staff, or faculty member by name, and obtain their university ID number. Since this was the number on their ID card, and their ID card controlled access to buildings, labs, etc., it was trivial to obtain access privileges to pretty much anywhere on campus. Want to make it look like the president of the university broke into the nuclear reactor? Look him up, write his ID number to a magnetic stripe card (we had built the hardware to do this, as well as to "fake" cards, which allowed us to simple type in numbers and generate signals, without actually making a card), and have at it.

    Again, it was brought to the attention of the university. After a failed attempt to begin disciplinary action against one of us, they recalled everyone's cards and wrote new, presumably pseudo-random identifiers to them that were not publicly accessible.

    Moral of the story? In your rush to fix one problem, make sure you don't create an even bigger one.

    --
    "Anyone who [rips a CD] is probably engaging in copyright infringement." - David O. Carson