ATM Vendors Threaten, Stop Research Presentation

An anonymous reader writes "A presentation about 'The Underground Economy,' by Italian white hat hacker and security expert Raoul Chiesa, was replaced at the last minute during last week's Hack In The Box conference. The reason behind this cancellation was that Chiesa received legal pressure from ATM vendors over the fact that the originally scheduled presentation covers details of various techniques and exploits of vulnerabilities that cyber criminals use to break into ATMs — flaws that have been known for a long time."

Publish it on Piratebay instead

[commodore64_love]

No government nor corporation has a right to muzzle our mouths.

Re:Publish it on Piratebay instead

[countertrolling]

No government nor corporation has a right to muzzle our mouths.

No they don't, but they did and they do... And the public couldn't care less. If he put it on piratebay, he can still get in trouble. His name is all over it. Only anonymous disclosure can remedy this.

Re:Publish it on Piratebay instead

[commodore64_love]

Why would he be in trouble? It's not illegal to speak or publish your thoughts. That's the reason why the US Bill of Rights and EU Charters of Fundamental Rights exist.

Re:Publish it on Piratebay instead

[Michael+Kristopeit]

if the governments or corporations have the ability to convince people to muzzle themselves, and no one who depends on the protection of their savings will stand up to fight for the self-muzzled, then any "rights" are irrelevant.

Re:Publish it on Piratebay instead

[techsoldaten]

Here are the slides.

http://www.slideshare.net/null0x00/raoul-nullcon2010-day1

He gave this presenation at nullcon already. Nothing too creepy there...

M

Re:Publish it on Piratebay instead

[s0litaire]

What we really need is a "Wiki" we can "leak" things to...
what's it called again.... ermm Pirate-leaks, no Wiki-Bay
Nope can't remember the name...

Re:Publish it on Piratebay instead

[MagicM]

He edited out the "creepy" slides (37 and 39).

Re:Publish it on Piratebay instead

[Sponge+Bath]

They don't have the right, but they do have the guns and goons.

Re:Publish it on Piratebay instead

No government nor corporation has a right to muzzle our mouths.

They did/do not. They just brought the consequences of going against their will to the mind of a few people.

And with enough money to make someones life miserable thats all thats really needed.

Re:Publish it on Piratebay instead

[Yuan-Lung]

Why would he be in trouble? It's not illegal to speak or publish your thoughts.

Really?

I am thinking of a number.... it's between 13,256,278,887,989,457,651,018,865,901,401,704,639 and 13,256,278,887,989,457,651,018,865,901,401,704,641

Re:Publish it on Piratebay instead

[countertrolling]

It's not illegal to speak or publish your thoughts.

It's not illegal to take pictures either, but people are still being harassed for it. Those rights are regularly violated, and not enough people stand up to it to take notice. Our rights don't mean much if nobody will defend them.

Why would he be in trouble?

Precedence. People have been arrested for revealing exploits. And several conferences have been canceled in the states over these issues in the past also.

The safest bet by far is to remain anonymous. The information is more important than the guy's ego.

Re:Publish it on Piratebay instead

That's the problem, it's practically on piratebay already. Somebody pipes up and wants to tell the rest of the world outside of the "underground" that this thing exists and is being used and he gets a slap in the face with a hot cup of shut the fuck up.

Re:Publish it on Piratebay instead

[techsoldaten]

Yeah, I hear there were graphic depictions of live naked taranatulas on both slides, glad he pulled them.

M

Re:Publish it on Piratebay instead

[Peach+Rings]

How do ATM vendors cancel a conference anyway? Shouldn't the correct response for Hack in the Box to give be a hearty fuck off?

Re:Publish it on Piratebay instead

There hackers, not rich. I bet the ATM vendors and there clients feel its worth a lot of money to keep this as quiet as possible, and thus able to put a lot of legal power behind there statements.

Re:Publish it on Piratebay instead

They're, as in "THEY ARE." Not "there." It's really not that hard. *sigh* Kids these days...

Re:Publish it on Piratebay instead

Whatsay you and I go photograph the Miami-Dade's metrorail system...

Re:Publish it on Piratebay instead

[Zwets]

I am thinking of a number.... it's between 13,256,278,887,989,457,651,018,865,901,401,704,639 and 13,256,278,887,989,457,651,018,865,901,401,704,641

Hmmm... "between inclusive" or "between exclusive"?

Re:Publish it on Piratebay instead

[JockTroll]

It's not illegal, but Big Money makes and enforce its own laws. And the most important of those laws is: we're rich and powerful, obey us or else.

Too bad nobody calls their "else". People don't know their rights anymore, or are afraid to defend them. Unfortunately with good reason because there's plenty of both public and private uniformed thugs who make up the law on the spot and exercise their might with the power of the baton.

Another decade of this, or less, and the populace will have been forced into submission, ready to do anything if ordered to by an "authority figure".

Wise up, people: organize yourselves, gather in pro-rights associations and have lawyers on your side. When a person or group of people is harassed by uniformed or suited goons, take them to court. Have the fact publicized by the press or by any means necessary. Embarass them, ridicule them, nothing kills fear more than laughter. Nothing hurts more than a good lawsuit.

A guy I knew once was just touched by a private security guard at a mall who was trying to play Dirty Harry. He immediately fell to the ground screaming like a stuck pig. A friend nearby promptly shouted "MY GOD WHAT HAVE YOU DONE TO HIM!" He remained still on the ground and another friend (female) kept screaming "MURDERER! MURDERER!"

It was PRICELESS. All caught on tape. People around gathered, and this uniformed guy was probably thinking if he had better run away or gun down everyone. Manager got called. Ambulance was called. Police appeared. Although this guy wasn't hurt, the fact that he had been pushed by the guard with no reason (seen on the CCTV when the security firm tried to exculpate themselves) was ground for criminal charged against the guard and for a big lawsuit against the firm by the mall management. The bad publicity (thing ended up on TV and papers) caused the firm to lose all contracts throughout the city and collapsed in a couple of months.

Play hard. We can win, but gloves must come off. If they shit on you, you shit back. With some diarrhoea.

Re:Publish it on Piratebay instead

[Michael+Kristopeit]

They don't have the right [to muzzle], but they do have the guns and goons.

yeah, i realized the "muzzle" might have been a gun reference and not a reference to a tool to stop animals from biting humans.

Re:Publish it on Piratebay instead

You missed the other "there" which should be "their."
It's really not that hard. *sigh* Grammar nazis these days...

Re:Publish it on Piratebay instead

[cdrguru]

Lawsuit. Everything in the US is driven by lawsuits.

Real simple. You call up the conference chairperson (or the venue where the conference is being held) and say "Our lawyer wants to thenk you for accepting liability for our ATM losses for the next six months. Of course, if you don't go ahead with the ATM security presentation we wouldn't have a case."

What do you do? I guess if you have the legal fund to stack up against the in-house counsel of a couple of banks it doesn't matter, let them threaten away. But really, who wants to take that risk?

That's all it is, a calculated risk.

Re:Publish it on Piratebay instead

The ambiguity is what makes his thought legal.

As for the thread... remember that the laws in Italy aren't the same as the ones in the US.

Re:Publish it on Piratebay instead

[Sulphur]

s^mouths^moufs^

Re:Publish it on Piratebay instead

If the ATM makers are slacking and don't want to fix these vulnerabilities, they should be punished .... This guy has to put these presentations up on the internet and let people read it and screw those ATMs.

Re:Publish it on Piratebay instead

[aBaldrich]

A few days ago slashdot published a very interesting article about that. The second link is what you are looking for.

Re:Publish it on Piratebay instead

[commodore64_love]

13,256,278,887,989,457,651,018,865,901,401,704,640

I am protected by this law, which nullifies any other law: "Congress shall make no law... abridging the freedom of speech, or of the press" and "The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people." and "The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people."

Give me the paper that was banned from the conference. I'll publish it. I don't give a frak.

Re:Publish it on Piratebay instead

[commodore64_love]

>>>What do you do?

Say nothing, hang up, and continue with my original plans. I will not be intimidated, even if it leads to my own imprisonment. Better to live free, than to be on my knees licking the boots of some lawyer, corporation, or politician.

Remember the Ghetto Riots in Germany? Had I been alive at the time, I probably would have been part of them. I will not walk peacefully into a shower room. Nor will I give-up my right to open my mouth and speak-out, or publish any paper I desire. To do that would be the same as making myself a slave with a muzzle that my master jerks every now and then.

Re:Publish it on Piratebay instead

[jd]

They weren't just live and naked, either. I hear Arachnids Gone Wild is paying him a fortune for the originals.

Re:Publish it on Piratebay instead

[justin12345]

The problem is you don't really have to be convicted of a crime to be thrown in jail, have your property confiscated, or have your life ruined. My aunt is a criminal defense attorney. She defends people the government (US not Italian) has declared potential criminals. According to her, unless you are a very wealthy individual, simply being accused of a serious crime will either land you in jail for a while, ruin you financially, or most likely both. If you have a generous family they might be able to sell a house to keep you out of jail on bail (assuming you are declared innocent). In the end, most people plea bargain, which usually results in some sort of parole arrangement where their every move is monitored by a bunch of thugs that got all Cs in high school.

The DMCA makes even knowing that number a crime. Publishing it here even more so. Though I doubt you will, you could spend the rest of your life and every penny you will ever make convincing a series of judges that the First Amendment supersedes the DMCA.

I'm not saying this is right. I'm specifically saying its wrong.

Re:Publish it on Piratebay instead

[Smallpond]

If the ATM makers are slacking and don't want to fix these vulnerabilities, they should be punished .... This guy has to put these presentations up on the internet and let people read it and screw those ATMs.

Mostly vulnerabilities are in the protocols. Changing them requires updating ATMs, switches and bank software. It could be rolled out gradually, but in the meantime they would still have to support the old protocols. Its pretty easy to find information on this stuff anyway:

http://www.javvin.com/networksecurity/ATMNetworkSecurity.html

Re:Publish it on Piratebay instead

[zippthorne]

The proper thing to do, in that case, is to make sure you don't actually have any assets that can be recovered. It's not as if there isn't gigantic heap of ways do do that, mostly involving "incorporating" and they very words, "limited liability."

Re:Publish it on Piratebay instead

[jd]

Actually, no. Since there are endless debates over whether there are Constitutional rights to Native Americans, children, criminals, foreigners, illegal aliens, tarrarists (though what's wrong with paving roads, I don't know), etc, it follows that the Bill of Rights is really just a list of permissions. A right is just that, a right. It cannot be given, it cannot be taken away. It is. A permission must be given and may be taken away at the discretion of the giver. It follows that there is no, and never really has been, any "Constitutional right" to free speech.

(The original draft of the Magna Carta got very close to actually creating legal rights, by openly stating that violation of those rights by the Government was a criminal offense that could be punished as such, eliminating any notion of Sovereign Immunity. Neither the final version nor the US Constitution has such a clause, and both the US and UK exempt the Government from any legal action.)

It's not like you could seriously do anything. The majority of Americans would be more likely to regard you as an economic criminal than to agree with the publication of anything that could make them aware of the risks. America is a very risk-averse culture - not through not taking risks, but through not wanting to think about them too much. Far from becoming a folk hero and/or a martyr to free speech, if you got thrown in jail, you'd be much more likely labeled "one of the Bad Guys". The Government might even end up more popular, not less. The quaint but utterly incorrect notion that an individual can do anything worth a damn might apply to small towns but never applied to the US historically and certainly doesn't in a country estimated at 300 million. Especially in a country where people have always played second-fiddle to corporate culture.

Re:Publish it on Piratebay instead

[thePowerOfGrayskull]

13,256,278,887,989,457,651,018,865,901,401,704,639 and 13,256,278,887,989,457,651,018,865,901,401,704,641

Too easy. 13,256,278,887,989,457,651,018,865,901,401,704,640.123,552,754,203,344,346,122,675

Re:Publish it on Piratebay instead

[thePowerOfGrayskull]

The same way that slashdotters read the summary.

Re:Publish it on Piratebay instead

[aztracker1]

One's rights simply are, if you follow your logic to an extreme, then you have no rights because anything you have, or are could be taken by force. The principles of rights established are simply things you have/are. The right to own property was never established in the constitution, but simply is.

Re:Publish it on Piratebay instead

[ticktickboom]

Remind me: Why do we want to kill off this excellent free service??? simply because its free...

Re:Publish it on Piratebay instead

Wiki Leaks...

Re:Publish it on Piratebay instead

[wmac]

If you want to hurt people and jeopardize their life (economic or whatever) by being selfish, every government has the right to avoid that.

Re:Publish it on Piratebay instead

[Mattcelt]

While technically correct, you're missing the point of the document. The US Constitution and the Declaration of Independence both expressly recognize that there some "natural" rights granted by a power higher than the government: "endowed by their Creator with certain unalienable Rights".

And the Bill of Rights is similar. While not "granting" the rights, per se (because they are granted by the "Creator", and cannot therefore be granted by the government), it expressly forbids the government from passing any law which artificially restricts those rights.

Re:Publish it on Piratebay instead

[jd]

Your private thoughts cannot be taken from you, so there is the first right. Your emotions, state-of-mind, knowledge, intellect and understanding are likewise yours and yours alone.

Secondly, there's very little you really own anyway - virtually everything you claim is rented, licensed or mortgaged - and it's actually quite hard to take something you don't have in the first place.

Thirdly, the ability of group X to take something is not the same as group X then owning it. Let us say that the US enshrined the true right to own some specific type of property. That property would then be yours absolutely and no seizure - by other individuals or by the Government - could alter your ownership. This actually applies to certain classes of antiquity, which is why those items cannot be owned by Governments, museums or private collectors - no matter how obtained - unless the accepted owner authorizes that transfer of ownership. New Zealand, Egypt and Iraq have obtained many items back that way, as have some percentage of Jewish families persecuted in WW2. Of course, this implies a means of enforcement. The US doesn't recognize the ICJ and the ICJ - unlike the European Court of Human Rights - doesn't deal with disputes between individuals and governments. However, recognition of the ICJ and abandonment of Sovereign Immunity would certainly cripple opportunities for abuse.

Re:Publish it on Piratebay instead

[sjames]

Actually, the Constitution goes further even though it is ignored wholesale. It declares any such violation to not be an act of government at all, which in theory makes whoever does it guilty of a whole host of crimes no different than if I walk up to a stranger and forceably kidnap him and lock him in a cage.

Re:Publish it on Piratebay instead

[shentino]

Simple.

They come in with lawyers and threaten to sue the living daylights out of them if they don't comply.

Re:Publish it on Piratebay instead

[nagnamer]

[...] you have no rights because anything you have, or are could be taken by force.

Provided the statement above is true, 'rights' would simply be a belief. And as with any belief system, they are non-debatable. You either believe you have rights or you don't, and reality ceases to matter.

Re:Publish it on Piratebay instead

[nagnamer]

Your private thoughts cannot be taken from you, so there is the first right. Your emotions, state-of-mind, knowledge, intellect and understanding are likewise yours and yours alone.

It's interesting to note that you are linking 'rights' to 'ownership', whereas I would think rights have more to do with action and expression than with shit you own.

Instead of having the 'right to speak freely' you have 'right to free speech' as if 'free speech' is something you can take and own. Thinking like that leads to concepts like 'taking away' things instead of 'preventing you from doing something'. Needless to say, stopping you from 'expressing' or 'doing' is quite different from 'taking something from you'.

If you objectify your action, you, at the same time, externalize it. It's as if it's not something you can do, but something you must obtain (or be given) in order to use. So, from the very beginning it's formulated in a way that introduces the concepts of 'giving' and 'taking away'.

With actions, there is nothing to 'give' or 'take'. You can only forcibly prevent them (or choose not to).

Re:Publish it on Piratebay instead

[nagnamer]

You missed the other "there" which should be "their."

It was just a warning shot.

Re:Publish it on Piratebay instead

[nagnamer]

A guy I knew once was just touched by a private security guard at a mall who was trying to play Dirty Harry. He immediately fell to the ground screaming like a stuck pig.

Good going. You blew the cover now. Your friend will not be thrown into jail and forced to pay the security company for damages.

Re:Publish it on Piratebay instead

[JockTroll]

So what? Good luck using that post as evidence, and the company cannot sue anyone because they do not exist anymore. They're closed, bankrupt, gone. :)

Anyway, the little scene was only needed to call attention. It was illegal for the guard to grab the guy since he hadn't given him any reason to do it, but without the drama nobody would have noticed and the manager would not have wanted to see the CCTV footage in order to avoid possible lawsuits - he had an interest in demonstrating the robocop wannabe had violated both the law and the premises' policy by playing Tough Guy.

Had the "victim" not thrown the little scene and his friends not called attention to the fact, he would have simply been another citizen mistreated by a dumb thug in a silly uniform, and we already have plenty of them. By calling the public's attention to the illegal action of the aforementioned thug, and causing the management to check out the facts (in order to avoid damage of course, not in the interests of justice), a lesson has been taught to many a rent-a-goon.

Remember some things: those clowns cannot even touch you unless you give them GOOD reason to do it, and pointing at a silly hat on a stand is not a good reason. They're not police officers, they cannot search you and they cannot detain you unless you've done something really illegal and even then, they must immediately call the police. If they simply detain you, check your nation's laws because they can be charged for kidnapping. Call the cops yourself in such a case: have the emergency number on a one-touch call on your phone and press it, talk loud, it will be recorded.

You're as helpless as you want to be. They want you to believe you're helpless, but it's still not the case. The law can bite both ways.

Re:Publish it on Piratebay instead

[nagnamer]

Remember some things: those clowns cannot even touch you unless you give them GOOD reason to do it

It also helps to know that 'these clowns' happen to be ordinary people like you (?) and me (???), and they also happen to work in a system. Whether you hate the system or not, that has nothing to do with them. And fucking with a random clown is not going to dismantle the system. It will simply remove one of its agents (the sec worker and sec company), but that's about the extent of the damage you are able to inflict. Another sec company will fill the void.

Re:Publish it on Piratebay instead

[JockTroll]

Well, "ordinary people" do not go around playing Dirty Harry because they believe they can. And it was not about fucking up a random agent, it was about setting an example: security firms now working in the area are far more careful, and the incident prompted the local authorities to investigate past complaints into what were correctly perceived as abuses of power on the part of overzealous (read: braindead self-sodomizing coprophage) security personnel. Abuses on the part of rent-a-thugs are now taken far more seriously and as a consequence, those clowns behave because they know darn well they can't get another job that easily (not with an assault charge and after being fired for improper conduct).

Dismantling the system would be nice, because a good rebuild is in order. For the moment, we can hammer out some bends, however. Don't think you cannot make a difference, that's what they want you to think. Take no shit from anyone. Organize yourselves. Defend your rights.

Re:Publish it on Piratebay instead

[nagnamer]

Dismantling the system would be nice, because a good rebuild is in order. For the moment, we can hammer out some bends, however. Don't think you cannot make a difference, that's what they want you to think. Take no shit from anyone. Organize yourselves. Defend your rights.

Point is, if people stopped taking shit from other people, the system would be considered dismantled. The reason that doesn't happen is that the system is still in place and supported by those who fall victim to it.

Re:Publish it on Piratebay instead

[commodore64_love]

I know a guy who fought a similar case. He created a website about a new mall coming to his town, to provide information to residents about what stores would be there and what it would look like.

After the mall was completed the owner sued the webmaster, claiming the name of the dot-com site was copyrighted. It took about 4 years and eventually rose to the level of the US Supreme Court, but the webmaster won. His website was protected by the Constitution. It ended-up costing zero out of his pocket because the justices ordered the mall to pay for all legal expenses.

This turned-out to be an important ruling because it also protected sites like paypaylsucks.com or ebaysucks.com, which were facing similar "you can't use our name" lawsuits. Our right to speak freely, and either criticize or support companies, has been protected.

It only takes one man willing to stand-up for his legal rights to nullify portions of the DMCA that are unconstitutional.

Re:Publish it on Piratebay instead

[commodore64_love]

>>>whether there are Constitutional rights to Native Americans, children, criminals, foreigners, illegal aliens, tarrarists

Constitutional Law applies to any landmass where the US Government currently has jurisdiction. Although there are scumbag politicians who try to claim otherwise, in order to remove the shackles the constitution places on them, they are wrong. The Law is the law and applies everywhere within the US jurisdiction.

Re:Publish it on Piratebay instead

[commodore64_love]

>>>I would think rights have more to do with action and expression than with shit you own.

At its core, rights ARE about ownership. You own your own body and you own the various things your body can do - like think, speak, act, create. For example if a politician is granted the power to muzzle your mouth, then you no longer really own yourself - you are now the property of the politician. You're a serf and he's your master.

Natural Rights philosophy was discovered specifically to say, "I am no longer your property. I am no longer a serf. I can say whatever I please." It was a rebellion against the old feudal system where humans did not own themselves, but instead were owned by the manor's master or lord.

By the way this philosophy came from Scotland, an oppressed people who felt they did not own themselves. Coincidence? Not really. Everybody desires to throw-off the shackles that restrain them. It was later copied by the Americans, Canadians, and the Indians who also wanted to throw-off the English Parliament's shackles.

Re:Publish it on Piratebay instead

[JockTroll]

Actually that's not the case. It's only in recent times that people have stopped reacting, stopped (mostly) taking to the streets and stopped caring because there's an overwhelming feeling that the adversary is just too powerful to take on. We allowed too many "authority figures" to play Gene Hunt and make up laws on the spot, we allowed too many private interests to buy the law.
If this defeatist attitude had existed at the beginning of the Industrial Revolution, people would still be forced to work ungodly hours in unsafe conditions and sleeping in barracks-like housing by the factories.
The trend back towards those time has begun the moment the interested parties thought they could get away with it, because rights and liberties cannot simply be won, they must be constantly defended. Besides, those who want to defend their rights are too often divided because they don't like "some" rights defended, while those who want them taken away are united.
Nobody actually supports a system that victimizes them: they only swallow the offences down because they think there's nothing they can do. I - and I'm not alone - say there's PLENTY to be done. Get organized. Get on the line. Fight.

Re:Publish it on Piratebay instead

[justin12345]

Well that is comforting; listening to my Aunt or Slashdot it's kinda shocking libraries are still legal. I'm not the sort to just roll over, but getting into a 1st Amendment court battle frankly scares the shit out of me. I both make (my own) and market (other people's) art that really run the razor's edge of violating other peoples copyrights (for practically no money), its good to know that "fair use" is still something that exists, despite what we hear.

Re:Publish it on Piratebay instead

[nagnamer]

Natural Rights philosophy was discovered specifically to say, "I am no longer your property. I am no longer a serf. I can say whatever I please." It was a rebellion against the old feudal system where humans did not own themselves, but instead were owned by the manor's master or lord.

That was very informative. Thanks. However, that is what rights were in the beginning. And since we no longer live in a feudal society (although it's not too far either), the definition calls for revision.

Re:Publish it on Piratebay instead

[nagnamer]

they only swallow the offences down because they think there's nothing they can do.

Which basically supports the system, so it's just as good.

Re:Publish it on Piratebay instead

[aztracker1]

The ability to protect and enforce one's rights (even if defined in believe) is the reality of them. The government's recognition of this expands on that concept.

Re:Publish it on Piratebay instead

[JockTroll]

Now look, I see you're not the usual loserboy and you understand pretty well the matter. You say correctly that inaction supports the abusers, I say that we must act to correct this. I say, never swallow and offense. Never "get over it". Fight. They will always get away scot-free unless people rise up and challenge them and for every discomfort this may cause you, remember that the future holds far worse if the abusers are left unfought. It may take a million men to march and make a difference, but it takes one Rosa Parks to start.

Re:Publish it on Piratebay instead

[nagnamer]

The ability to protect and enforce one's rights (even if defined in believe) is the reality of them. The government's recognition of this expands on that concept.

Of course. Beliefs are like that: it's real as long as you believe, and you act accordingly.

Re:Publish it on Piratebay instead

[Boomshadow]

Governments have a responsibility to do that to protect the rights of their constituents. Governments do not inherently and SHOULD NOT have rights. Ever.

Re:Publish it on Piratebay instead

[mattack2]

Well that is comforting; listening to my Aunt or Slashdot it's kinda shocking libraries are still legal.

What is it about the legality of libraries that is shocking to you? The fact that they can loan out (not make additional copies of) copyrighted material? That is covered by the First Sale Doctrine http://en.wikipedia.org/wiki/First_sale_doctrine

BTW, some other thread today or yesterday had a comment mentioning something about libraries being paid for by our tax dollars. While that is true now, it wasn't the origin of libraries.

Re:Publish it on Piratebay instead

[justin12345]

Yeah, that is it. Its pretty shocking that hasn't been overturned yet.

Re:Publish it on Piratebay instead

[Golddess]

I am protected by this law

Show where where in that law it says you have freedom from responsibility* for your words, and I'll agree.

*Just for the sake of argument, lets say that sharing that number is a Bad Thing. Yes, I know what that number is, but I'm not here to argue whether it is a Bad Thing to share. I'm simply stating that the 1st amendment is not the be-all, end-all, do-anything-I-want-and-get-away-with-it law you seem to be implying it is. I will agree that perhaps the federal government doesn't have the power to do anything per the 10th amendment, but the states certainly do per that same amendment.

This isn't dangerous in the way they claim

[nixNscratches]

The people who are using it to cause damages already know how this is done. The only dangerous part about something like this is that the public might be made aware of just how far from secure most financial transactions are.

Re:This isn't dangerous in the way they claim

[Wowsers]

I don't trust ANY banks. As for ATM security, the new "chip / pin" on credit and debit cards in Europe is insecure, even more so as cards STILL have the magnetic strip on them, which has the exact same details in the chip on the magnetic strip, making the inclusion of the chip pointless.

Re:This isn't dangerous in the way they claim

[PPH]

the public might be made aware of just how far from secure most financial transactions are.

And that is dangerous exactly how? If the public can be educated to take a few precautions that will keep their accounts and financial data more secure, that's a good thing. If the public comes to understand that the risks involved with certain products or services are too high, they might not buy them. But then the only thing that's endangered is the profit margins of the outfits trying to sell us this garbage.

Re:This isn't dangerous in the way they claim

[Moddington]

It may be pointless now, but there's always the possibility that they're using cards with both the old strip and the new chip as an intermediate step, to try to shift card owners over to using just the chip a little more softly. Of course, it could also just be another example of incompetence in security.

Re:This isn't dangerous in the way they claim

[__aagmrb7289]

There are some real problems with that argument. While it's true that there are people exploiting the vulnerabilities in the wild, the number of people who'd LIKE to be exploiting these weaknesses is far greater than the number who are.

Think of it this way - with computer exploits, you often have a small group that has a bunch of exploits they keep under lock and key in order to pull of the jobs they want to do. But you've got a LOT of people who, if given a tool to take advantages of those exploits, would use them - and use them a lot. We call them script kiddies. The same is true, if not more so, in the world of actual $$ - don't you think? Not EVERYONE would try to take advantage of this knowledge - but MORE people would - and that number would likely be significant.

Of course, FIXING these attack vectors would be the preferred method for dealing with the problem, instead of trying to suppress the information. But that's where the real world goes head-to-head with our ideals.

Re:This isn't dangerous in the way they claim

[abigsmurf]

You are completely wrong about what you think chip and pin is.

The magnetic strip on the card contains the exact same information as on regular cards.

The chip contains the pin, if the pin is guessed incorrectly 3 times, the card will lock itself. If a chip and pin terminal senses a pin, it will not authorise a transaction without the pin (which on correct entry will cause the card to send an encrypted 'pin verified' code to the bank).

The only way chip and pin cards have been compromised (outside of cards using outdated protocols in a lab envoironment) is standard card skimming. You copy the magnetic stripe and PIN from a compromised terminal to clone the card. This only works if you use the cloned card on a non-chip and pin terminal. To do this you need to leave the country as all terminals in the UK (and other chip and pin countries) are required to be chip and pin. Nothing like someone suddenly making a massive purchase 1000 miles away in a different country 30 minutes after making one in their home country to flag up a transaction with the bank.

Basically, the only practical vulnerability at the moment for chip and pin is a vulnerability for strip only cards. There's a reason there's been massive reductions in ATM fraud in chip and pin countries.

Re:This isn't dangerous in the way they claim

[Pingmaster]

it's not card owners using/not using the chip that is the problem, it's the retailers. I don't know how many places I've gone to that still don't use the chip readers (most of which already have machines that accept the chip) and I'm forced to use the magnetic strip. The worst is, we're not talking about little mom-and-pop convenience stores, places like Wal-Mart and Canadian Tire still don't accept chip cards.

Re:This isn't dangerous in the way they claim

[lgw]

There are actually exploits to extract the PIN (or otherwise make the card usable in a chip-and-PIN reader), given a lot of time and equipment applied to a given card. The terminal-card protocol has some issues, apparantly.

But the practical upshot of chip-and-PIN in most places is that, in the old system when your magstripe was duped you'd have quite limited liability, but now when you're the victim of the exact same attack you bear the entire cost (at most banks) because "you must have told someone your PIN".

And chip-and-PIN is a credit card thing, why are you going on about ATM fraud?

Re:This isn't dangerous in the way they claim

[abigsmurf]

Yeah there was some lab people who demonstrated that it was possible on some specific cards using a specific type of terminal that you could confuse the reader into sending a verified code. It was incredibly unlikely to ever be used 'in the wild' as it needed expensive equiptment and older generation chip and pin cards (which are all expiring now anyway.

One of the strengths of chip and pin is that the chips on the cards themselves can carry new versions of the protocol, as well as the readers.

I (and millions of other Brits) have a chip and pin debit card in my wallet that I use as my sole method of getting cash out.

In the UK it's mandated by law that the banks have to prove that you were negligent with your card details to refuse to pay out (very difficult to do).

Re:This isn't dangerous in the way they claim

What I really hate about this new format is that I get to choose between (a) holding on to my card and exposing my PIN entry, OR (b) masking my entry under my hand, but having to let go of my card to do it.

Oh, and posting AC because this is a borrowed pc... (heh, captcha is 'durable')

Re:This isn't dangerous in the way they claim

[lgw]

It was incredibly unlikely to ever be used 'in the wild' as it needed expensive equiptment and older generation chip and pin cards (which are all expiring now anyway.

Sure, we're safe until electronic equipment gets smaller, faster, and cheaper. :) And the second most common weakness in electronic security systems (after poor key managment) is "fall back to less secure mode", which chip-and-PIN is plagued with. Sure, it may eventually evolve into something secure, but there's currently no end in sight for the ability to extract money from a stolen card.

It's great that the UK has that consumer protection, BTW; I wish there was more of that spirit going around.

Re:This isn't dangerous in the way they claim

The weirdest thing I've seen is from a gas station here in Germany:
They have machines to use the chip / PIN and the register randomly tells them to use that or to just use the magnetic strip with a signature. Because it's "more secure" that way.

Yeah, sure. Because my signature is actually ON the card for everybody to copy whereas the PIN is only in my head.

Re:This isn't dangerous in the way they claim

[Island+Admin]

Here in Ireland, you can hardly get by with out a chip on your card. I have had serious problems with my U.S credit and debit cards excepting at ATMS ... DOH!

Re:This isn't dangerous in the way they claim

[Jezral]

Seriously? You're paranoid about letting go of your card for the 3 seconds it takes to enter the PIN? The card remains right in front of you, no more than 4cm away from your hands...

Where do you live where stealing cards at the payment terminal in full public view is so frequent that you feel a need to be paranoid about it? I've never even heard of such a case of theft/assault.

No, the real problem with the chip system is that when you put the card in the holder, the security code is facing away from you, visible to the store clerk...

Re:This isn't dangerous in the way they claim

Actually the big problem with chip and pin cards is mail fraud. Most of the fraudulent transactions are from attackers getting legitimate duplicates mailed to them. thereby negating the security of the pin. The worst part of this, and the reason people hate them, is that with the pin, most card companies have skirted around consumer protection laws and are leaving the consumer responsible for fraudulent activity because "it is impossible for the cards to be used fraudulently."

Re:you'd rather your bank was burgled?

[countertrolling]

you'd rather your bank was burgled?

No, I'd rather hold the bank responsible for any loss. They should have to replace the money. With that kind of incentive, they might actually try to make their systems a bit more secure. An important step in this direction would be to quit using cheap commodity systems in their networks.

Re:you'd rather your bank was burgled?

[schon]

presenting this information can only decrease the security and value of your savings.

You're an idiot.

As the article states, the information is already known by the bad guys. Keeping it secret helps the bad guys, and hurts everyone else. Making it public will encourage the banks to fix the vulnerabilities, which will increase the security and value of my savings.

anyone that argues that the information needs to be public is probably broke.

No, the people who argue that the information needs to be public actually understand the issue here.

ahh yes...

[polle404]

Security through obscurity, we all know how well that works... *sigh

Re:ahh yes...

Security through obscurity, we all know how well that works... *sigh

Hey, I still have MY money, so fuck you it works.

Makes perfect sense

If researches aren't allowed to talk about those flaws, perhaps they'll just go away?

Black hat confrence?

[countertrolling]

in the USA?? I would not recommend that at all. Just put it on the net from a secure location..

Re:Black hat confrence?

The conference was in Amsterdam. Amsterdam != United States of America by any stretch of the imagination.

Re:Black hat confrence?

[countertrolling]

:-) You didn't RTFA!

For your edification: This unexpected development makes me wonder if Barnaby Jack's previously thwarted demonstration will actually take place at this year's Black Hat USA taking place later this month.

HTH...

China?

[AnonymousClown]

in the USA?? I would not recommend that at all. Just put it on the net from a secure location..

Have the Chinese host it.

Dear China: Please host this to show the decadent capitalist pigs who are enslaved by the banks how their system is screwing them over.

Re:China?

[ToasterMonkey]

Have the Chinese host it.

Dear China: Please host this to show the decadent capitalist pigs who are enslaved by the banks how their system is screwing them over.

Uh yah, please do. China doesn't have banks, laws, or lack of freedom of speech after all. Go for it dude.

Re:you'd rather your bank was burgled?

the people who argue that the information needs to be public actually understand the issue here.

It seems to me that the people that understand the issue here the most have chosen not to go forward with their public presentation.

Re:you'd rather your bank was burgled?

[CastrTroy]

While I'm not sure if they are legally responsible, I would have to say that they do bear the cost. I have had my bank card duped twice in the last 4 years, and both times the bank fixed the problem before I even realized the money was gone. I'm not sure which banks you deal with, but of all the times I have had this happen to me, or any body I personally know, the bank has put the money back in the account very quickly. Granted it would be better if it didn't happen in the first place. However, depending on how severely the system is flawed, it may not be possible to fix the problem at all, without changing out all the current machines, and settling on a new standard, which may again have its own list of faults.

It always backfires

[retardpicnic]

Remember when Jeff Moss had his talk cancelled, or Kim Zetter? All it did was make people salivate to read thier presentation when they released it online at a later date. The last thing you want to do to this demographic is tell them the info is "too dangerous (see awesome) for them to hear. It will be everywhere with in the week.

Re:It always backfires

[ComputerGeek01]

Remember when Jeff Moss had his talk cancelled, or Kim Zetter? All it did was make people salivate to read thier presentation when they released it online at a later date. The last thing you want to do to this demographic is tell them the info is "too dangerous (see awesome) for them to hear. It will be everywhere with in the week.

This is exactley right, in the precious words of my 18 months old neice "Hahaha, you can't tell me no."

Re:you'd rather your bank was burgled?

[Jarjarthejedi]

It seems to me that the people who understand the issue here the most have been intimidated into inaction by people who might or might not understand the issue but understand that revealing any flaws in their methods would mean less profit for them, and that's all they care about.

Re:you'd rather your bank was burgled?

[AnonymousClown]

What in the World ...

Any devaluation that may be happening with the dollar is irrelevant to this discussion. Chewbacca would have been more relevant to the discussion.

The banks will do what they always do: pass any costs plus a hefty markup to the consumer. The banks make more money on fees and penalties than they ever did as honest bankers. Like they do now. $3.00 ATM fees?!? The transaction is pretty much free to them. Sure , they have a lot of bogus "costs" they say they incur, but the fact of the matter is ATM fees are extremely profitable gravy that are only beat in profitability by the fees that cell phone carriers charge for text messages.

Re:you'd rather your bank was burgled?

[Jarjarthejedi]

so EVERY bad guy, including would-be bad guys, already know this? do you know it? how about you post it as an anonymous response to this comment.... i mean, it's everywhere, right?

Oh yes, because the fact that someone far removed from the problems doesn't know the details of it prove that no one could possibly already know the details. I mean, it's so obvious, no security issues exist, because I don't know about them, so if I don't know about them, then no one can, because they can't be well known. IT'S PERFECTLY REASONABLE LOGIC! /sarcasm

you mean the issue where more exposure can only lead to more exploitation, and degradation of the value of a dollar?

*citation needed*

are offenders currently prosecuted and convicted?

Probably not. It's kind of hard to arrest and prosecute someone for doing something you don't even know is possible...

if the specific exploit was plugged, would others ALWAYS still exist?

Ah yes, the great 'there will always be problems, so why bother fixing them' argument. Remind me never to work with you, you're the worst kind of person for working on technology. Will there always be issues? Probably, though not certainly. Should those issues be fixed as quickly as possible (prioritizing bigger issues of course). YES. Period. Not fixing the problem and silencing people to keep it hidden is the worst kind of security that exists. It's like sticking your head in the sand so you can't see the bad things happening around you, and it's bound to cause more issues than just fixing the problem would. But heck, if it's never going to be perfect, why not just open the thing up so that people can steal money whenever they want?

Re:you'd rather your bank was burgled?

GOD FORBID they should step up and take responsibility for the problem. No we'll just sweep this one under the rug and hope no one is looking. Then they have the audacity to threaten the author if he reveals what he knows. Bastards. I agree with others that Wikileaks is probably the best way to do this. Beware those who seek to control information for they see themself as your master (someone here has that as their sig and it seemed appropriate for the occasion). Shoehornjob

Funny

[acalltoreason]

Its funny that they think, I'm assuming, that not letting someone speak about it is helping them in any way. The more people who know about vulnerabilities the safer we are because while there will be more people working to exploit it, there are also more people working to patch it.

Re:you'd rather your bank was burgled?

[The+Wild+Norseman]

where are all the headlines pointing out how easily tumbler locks can be opened?

This isn't a headline of how easy it is to bypass ATM security, per se (as what you're implying), this is if, for example, Schlage or Master tries to tell a locksmith that he cannot give a presentation on some of the vulnerabilities of a padlock. There are ALREADY dozens of books out there for sale in major bookstores and Amazon.com detailing how to pick locks -- describing techniques and tools (and some books tell you where to obtain these tools). The lock-making companies have responded not by attempting to curtail the freedom to publish this information, but to make the locks stronger and more difficult to bypass.

security isn't about building the biggest wall.

Security through obscurity -- which is what the banks are essentially desiring in this case -- isn't all that effective either.

presenting this information can only decrease the security and value of your savings.

No, the bank itself not spending its "hard earned" profits on increasing already known and presented security issues decreases the security and value of your savings.

Re:you'd rather your bank was burgled?

[Michael+Kristopeit]

i wasn't talking about devaluation that may, or definitely is, happening... i was talking about the devaluation that would exist if every person in america held a tool that could extract an arbitrary amount of unearned dollars from any ATM.

so it seems you believe the banks should upgrade their entire ATM hardware infrastructure, and yet you complain about a fee and claim the transaction is "pretty much free".... yeah, except for their costs. a french fry is pretty much free to mcdonald's. why do they charge for them?

Re:you'd rather your bank was burgled?

[Michael+Kristopeit]

you mean the issue where more exposure can only lead to more exploitation, and degradation of the value of a dollar?

*citation needed*

so you are suggesting that publishing instructions on how to perform an act will lead to less people executing that act....... *logic needed*

the great 'there will always be problems, so why bother fixing them' argument. Remind me never to work with you, you're the worst kind of person for working on technology.

ahhh yes, the classic "don't point out the potential of man in the middle network attacks, or the ability of humans to get inside a closed box" argument.

you aren't qualified to work with me.

Re:you'd rather your bank was burgled?

[h4rr4r]

Says the moron that thinks ignoring the problem is as good as fixing it.

Re:you'd rather your bank was burgled?

[CastrTroy]

Maybe the people who are trying to stop the information from going public are some of the same people who are exploiting the flaws. The more public the flaws, and the more people exploiting it, the more likely it is that the flaw will be fixed. If you were making lots of money from an existing flaw, wouldn't you want that flaw to remain open?

Re:you'd rather your bank was burgled?

[Michael+Kristopeit]

only a moron would conclude that i think the problem should be ignored. i think that publishing the details of how to steal money from banks is irresponsible... and it seems so do the people that were going to present it, as they have concluded it is in their best interest to not present it.

Re:you'd rather your bank was burgled?

[gmthor]

so EVERY bad guy, including would-be bad guys, already know this? do you know it? how about you post it as an anonymous response to this comment.... i mean, it's everywhere, right?

Actually, probably everybody on this conference knows about this already.
Also it's not like he gives a step by step presentation on how to get cash out of an ATM.

Re:you'd rather your bank was burgled?

[lgw]

What decade are you living in? Banks don't bear costs, taxpayers do in the form of bailouts. If the government is just going to print money to give to the banks, why not instead go with a simpler system where a fraudulent ATM withdraw is simply not recorded as a debit to any account? Same inflation either way ...

Re:you'd rather your bank was burgled?

[lgw]

Never argue with a man who cannot learn how to operate the "Shift" key.

Re:you'd rather your bank was burgled?

Michael Kristopeit: YOU ARE NOTHING!

Re:you'd rather your bank was burgled?

[JockTroll]

"so you are suggesting that publishing instructions on how to perform an act will lead to less people executing that act....... *logic needed*"

Everybody who has half a brain and went through basic chemistry knows enough to wreak some toxic havoc. Hint: bleach + ammonia. Do you think we should ban chemistry books, wannabe inquisitor masturbator boy? Afraid of knowledge? Scared by science? Did a science jock beat you up in high school, loserboy? Did he twist your arms while reading Aristotle?

Re:you'd rather your bank was burgled?

Try watching "Corrupt Banking System" on Youtube...

You obviously don't know what the Fractional Reserve system is, nor that the banks now OWN all of us, since we can never produce enough goods or labour to pay off all the debts that the banks are allowed to print out of thin air...

Actually it can work very well

[Sycraft-fu]

A large amount of criminals are rather dumb. That is often why they choose a life of crime. In particular, someone who is going to go around trying to hack ATMs is pretty dumb. You aren't going to get a whole lot of money out of them. If the hack is based around someone's particular account, you'll get a max of like $500 per day for an account, that is generally the highest you see withdrawal limits (if you need more you go in the bank). Even if you could get the ATM to empty itself, you'd get maybe $10,000-20,000. Ok well that is on a device that has a camera, and belongs to a financial institution. Banks have a lot of pull with law enforcement and a lot of reason to want to catch someone stealing from their ATMs.

So, doing this would be a dumb crime. Doing it once, the only real way you are going to have a chance not to get caught, doesn't net you enough to be worth it. Doing it on a recurring basis pretty much guarantees you get caught. It is just not a smart crime.

As such the sort of people who would do it are not the sort who are going to sit and carefully investigate ATM security, perhaps buy their own and test it. They are the kind of criminal who would do it if there's a how to guide. If someone gives them the directions, they'll say "Hey, easy money!" and do it.

Thus keeping it obscure really DOES work. This "Security through obscurity doesn't work," thing is a bogus statement that people online like to parrot. While it isn't the best kind of security, it doesn't mean it is worthless.

In the real, physical, world you have to accept that all security is imperfect. No matter what you do, someone can get by it. You can have an underground vault surrounded by trained armed guards, doesn't matter. All someone needs is an attack force large enough to get rid of your guards and sufficient time and tools to physically dismantle your protections. There is no magic, perfect, "Nobody can get past this." You can only aim for two things:

1) Having security good enough that nobody who would try to get through it could. Whatever level of threat you are likely to face, you have security that can stop that.

2) Having security that seems good enough that nobody will try. Make it intimidating to the point that nobody is going to even attempt to get around it.

Well, part of #2 is obscurity. You don't tell people everything you are doing. They don't know what all they have to get past. Their ability to try and draw up a plan is compromised by the fact that they do not know what all they have to deal with.

Take something like, say, the security of the CIA building. There's plenty of security you can see, they have their own, armed, police force, there are physical barriers and so on. However if you think that's all there is you are a fool. What else might there be? You don't know, and that makes it real hard to plan how to overcome.

Re:Actually it can work very well

[EdIII]

You're attempting to give an example where obscurity can have some value towards the security of the system. It sounds convincing, but I am not entirely sold that the people performing ATM fraud are that inept. There are some pretty sophisticated people out there that will obtain the information regardless of how privileged it is.

I do get your point. However, let's assume you are entirely correct and obscurity is a worthwhile consideration in security. It does not make it right, legal, or ethical to forcibly suppress another person's right to free speech.

They can enjoy their obscurity up the point that somebody discloses the information and removes it. Nothing more than that.

On the other hand, what is the value of disclosure? I feel that it forces companies to acknowledge their failings and work on making the product or service better. I think transparency in companies providing security can only be a good thing.

I have an example too. Adobe (burn in hell). Their document security is about as strong as a wet piece of toilet paper and everybody knows it. Yet they abused their power and used some quite thuggish people at the FBI to unlawfully, unethically, and quiet disgracefully take away a person's freedom that simply showed the world how worthless they were. If a company chooses security through obscurity and can pull it off for years on end with few incidents... more power to them. However, acting like authoritarian thugs and suppressing information is where it just goes too far.

Re:you'd rather your bank was burgled?

[quanticle]

Publication, or the threat thereof is the only way that this problem will get addressed. According to this researcher, these exploits are being used by criminals right now. Its the ATM companies that want this covered up, so that they can present their machines as "totally secure", when in fact they're riddled with more holes than Swiss cheese.

In fact, publication would help the banks, as they would be able to test ATMs to see which ones were vulnerable. This would allow them to hold the ATM vendors accountable, rather than just having to accept a certain level of "loss" from ATMs.

Re:you'd rather your bank was burgled?

[jimicus]

There is such a tendency on /. to think in black and white.

It's already known by some bad guys. How widely known is another matter altogether - are they discussing it openly on web forums? Discussing it openly on web forums which require registration and somebody who's already on the forum to vouch for you before they'll let you view anything? Discussing it on Usenet? Discussing it under blankets in a locked room after dark?

How widely is it being exploited in the wild? How much is being lost every year through this sort of fraud? How much would it cost to fix?

Re:you'd rather your bank was burgled?

... so arguing logic in response to ignorance, according to you, makes someone scared of knowledge and science, and the reason that that someone would be scared of knowledge and science would be assumed to be because a "science jock" beat them up in high school.

living up to your username at least. wouldn't someone scared of knowledge be too scared of having the knowledge of being scared of knowledge that they would never actually be scared of it? or is that too much science and logic for you? do you rely more on weak stereotypes and dogma?

i never said ban the information. i said that publicly presenting this specific case is irresponsible and doesn't teach anyone anything other than how to steal from banks... an act that has no non-criminal use, in direct opposition to chemistry which always has a potential non-criminal use. the presentation is no more useful to a banker or banking student or society, than would be a text explaining why leaving the bank's money out in the open in the lobby utilizing the honor system is worse than hiring a teller and putting the money in a drawer kept closed with a 6 pin tumbler lock. at the same time, putting all money sequentially behind every known security lock, guarded by armed men is too wasteful for a commercial bank to remain in business, and also suggests the local populace requires this level of protection from themselves and their neighbors.

PEOPLE CAN STEAL FROM BANKS. THE JUSTICE DEPARTMENT PROSECUTES AND CONVICTS PEOPLE THAT STEAL FROM BANKS. YOU ARE ONLY AS SECURE AS YOUR NEIGHBOR CHOOSES TO ALLOW YOU TO BE. DEAL WITH IT.

Get Use to It!

This is the same as when anti-white racists put pressure on any forum that tries to have speakers speak about the facts of the genetic basis of racial differences in intelligence and more importantly morality and behavior.

No one tries to save free speech there! Even when it is the destruction of their race that is at stake!

Re:you'd rather your bank was burgled?

[Delarth799]

And your a hell of a lot more secure with an alarm system and security cameras and deadbolts on your doors than unlocked doors and no security system.

Slides are sanitized

[prxp]

According to TFA:

Even though this is not the first time that ATM vendors prevented a security researcher to publicly disclose findings about flaws in their devices at a conference, this instance is really surprising, since Chiesa held this same presentation at a couple of security conferences already, and the slides he employed are also available online.

The thing is these slides are sanitized, the details of the ATM attack were removed.

Does anybody know where to find a non-sanitized version?

Re:you'd rather your bank was burgled?

[JockTroll]

LOL. No information is "criminal" or "non-criminal". Information is just information and it's good for people to know just how secure the machines they rely on to handle their cash is. Those ATM vendors were just scared that people could know how insecure their hardware and software was, and that they would have to spend money (SHOCK! HORROR!) to address the issue. Better to silence those dangerous "citizens", in the interest of corporate buggery.

Run, coward, run. I live. I hunger. Beware.

The bigger danger...

Is that chip-and-pin is supposed to be "secure" so the liability for fraudulent transactions can be shifted back onto the consumer, or at the least, they are expected to somehow prove their innocence (that they didn't leak their pin somehow) which is generally impossible.

In the manner in which they are currently deployed, chip and pin cards are no more secure than regular non-chipped cards, but not everybody recognizes this.

Re:you'd rather your bank was burgled?

and perhaps like an algae tank in an aquarium, the flaws are purposefully left in the ATMs to detract would be thieves from arming themselves and stealing money from banks "the old fashioned way".

US currency is backed ONLY by TRUST. trust in a government of the people. trust in OURSELVES.

when people like JockTroll make themselves known as a threat to that trust, i don't run. there is nothing to beware that a few bullets can't stop.

you are NOTHING.

Re:you'd rather your bank was burgled?

and i assume you like to do your banking with your neighborhood tellers behind a wall of bulletproof glass or steel bars. i assume you think the lack of class in your banking experience is riddled with holes... JUST LIKE CHEESE! i mean, i can see a pile of $100 bills just sitting there in the tray in the drawer right behind the counter (i'm 6'4")... how stupid could they be? i could just jump over this desk, overpower the 22 year old woman, and probably make out with a couple grand. why would the banks allow this to happen? why am i not being strip searched before the bank allows me the privilege to speak face to face with the people who i've placed my trust in?

if the would-be exploit publisher wanted to help banks, they could... tell them about it in private. if they wanted to hurt banks, they could... execute the exploit. or are they scared of obviously getting caught and convicted for numerous felonies? if they want to publish their criminal theory, i'm pretty sure they can as long as the anarchist's cookbook is still legal to publish.

i'm only saying that it's a selfish and irresponsible endeavor.

Re:you'd rather your bank was burgled?

[JockTroll]

"the flaws are purposefully left in the ATMs to detract would be thieves from arming themselves and stealing money from banks "the old fashioned way".

LOOOOOL! Congratulations, loserboy. You're eligible for the Most Gullible Idiot in the World Award! Either that, or you're a low-level employee of some ATM maker. Either way, my diarrhoea is your shampoo.

Trust your masters, loserboy. Give them all of your money. Do as they say, they know what's better for you. Right.

or...you could....

[hesaigo999ca]

They could try to intimidate you and say stop and desist everybody, but I have to wonder, if by doing this they are not giving the illusion that ATMs are safe. I applauded the effort that one consultant did security wise about the flaw with microsoft, and then turning around and posting on youtube (or whatever) the flaw ....so that M$ could not hide behind their usual crap....they were forced to fix it right away and issue a patch, this tends to let me think the same with this situation, disclose the problem after 1 week of letting them know, and they will have to force a firmware upgrade to all outlets....that's what most people are forced to do with their machines, ... why not them???

Re:you'd rather your bank was burgled?

do you know what "perhaps" means? kind of an important word to leave out of a quote.

Re:you'd rather your bank was burgled?

Yeah, he likes posting off-topic, retarded shite on topics he knows nothing about. Don't take him seriously or anything...