Slashdot Mirror

← Back to Stories (view on slashdot.org)

ATM Vendors Threaten, Stop Research Presentation

Posted by Soulskill on from the money-inside-atms-wants-to-be-free dept.

An anonymous reader writes "A presentation about 'The Underground Economy,' by Italian white hat hacker and security expert Raoul Chiesa, was replaced at the last minute during last week's Hack In The Box conference. The reason behind this cancellation was that Chiesa received legal pressure from ATM vendors over the fact that the originally scheduled presentation covers details of various techniques and exploits of vulnerabilities that cyber criminals use to break into ATMs — flaws that have been known for a long time."

13 of 134 comments (clear)

  1. Publish it on Piratebay instead by commodore64_love · · Score: 5, Insightful

    No government nor corporation has a right to muzzle our mouths.

    --
    "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
    1. Re:Publish it on Piratebay instead by countertrolling · · Score: 2, Insightful

      No government nor corporation has a right to muzzle our mouths.

      No they don't, but they did and they do... And the public couldn't care less. If he put it on piratebay, he can still get in trouble. His name is all over it. Only anonymous disclosure can remedy this.

      --
      For justice, we must go to Don Corleone
    2. Re:Publish it on Piratebay instead by Michael+Kristopeit · · Score: 1, Insightful

      if the governments or corporations have the ability to convince people to muzzle themselves, and no one who depends on the protection of their savings will stand up to fight for the self-muzzled, then any "rights" are irrelevant.

    3. Re:Publish it on Piratebay instead by s0litaire · · Score: 4, Insightful

      What we really need is a "Wiki" we can "leak" things to...
      what's it called again.... ermm Pirate-leaks, no Wiki-Bay
      Nope can't remember the name...

      --
      Laters Sol "Have you found the secrets of the universe? Asked Zebade "I'm sure I left them here somewhere"
    4. Re:Publish it on Piratebay instead by Yuan-Lung · · Score: 4, Insightful

      Why would he be in trouble? It's not illegal to speak or publish your thoughts.

      Really?

      I am thinking of a number.... it's between 13,256,278,887,989,457,651,018,865,901,401,704,639 and 13,256,278,887,989,457,651,018,865,901,401,704,641

  2. This isn't dangerous in the way they claim by nixNscratches · · Score: 5, Insightful

    The people who are using it to cause damages already know how this is done. The only dangerous part about something like this is that the public might be made aware of just how far from secure most financial transactions are.

    1. Re:This isn't dangerous in the way they claim by Moddington · · Score: 2, Insightful

      It may be pointless now, but there's always the possibility that they're using cards with both the old strip and the new chip as an intermediate step, to try to shift card owners over to using just the chip a little more softly. Of course, it could also just be another example of incompetence in security.

    2. Re:This isn't dangerous in the way they claim by abigsmurf · · Score: 4, Insightful

      You are completely wrong about what you think chip and pin is.

      The magnetic strip on the card contains the exact same information as on regular cards.

      The chip contains the pin, if the pin is guessed incorrectly 3 times, the card will lock itself. If a chip and pin terminal senses a pin, it will not authorise a transaction without the pin (which on correct entry will cause the card to send an encrypted 'pin verified' code to the bank).

      The only way chip and pin cards have been compromised (outside of cards using outdated protocols in a lab envoironment) is standard card skimming. You copy the magnetic stripe and PIN from a compromised terminal to clone the card. This only works if you use the cloned card on a non-chip and pin terminal. To do this you need to leave the country as all terminals in the UK (and other chip and pin countries) are required to be chip and pin. Nothing like someone suddenly making a massive purchase 1000 miles away in a different country 30 minutes after making one in their home country to flag up a transaction with the bank.

      Basically, the only practical vulnerability at the moment for chip and pin is a vulnerability for strip only cards. There's a reason there's been massive reductions in ATM fraud in chip and pin countries.

  3. Re:you'd rather your bank was burgled? by countertrolling · · Score: 5, Insightful

    you'd rather your bank was burgled?

    No, I'd rather hold the bank responsible for any loss. They should have to replace the money. With that kind of incentive, they might actually try to make their systems a bit more secure. An important step in this direction would be to quit using cheap commodity systems in their networks.

    --
    For justice, we must go to Don Corleone
  4. Re:you'd rather your bank was burgled? by schon · · Score: 5, Insightful

    presenting this information can only decrease the security and value of your savings.

    You're an idiot.

    As the article states, the information is already known by the bad guys. Keeping it secret helps the bad guys, and hurts everyone else. Making it public will encourage the banks to fix the vulnerabilities, which will increase the security and value of my savings.

    anyone that argues that the information needs to be public is probably broke.

    No, the people who argue that the information needs to be public actually understand the issue here.

  5. Black hat confrence? by countertrolling · · Score: 5, Insightful

    in the USA?? I would not recommend that at all. Just put it on the net from a secure location..

    --
    For justice, we must go to Don Corleone
  6. Re:you'd rather your bank was burgled? by lgw · · Score: 2, Insightful

    Never argue with a man who cannot learn how to operate the "Shift" key.

    --
    Socialism: a lie told by totalitarians and believed by fools.
  7. Re:you'd rather your bank was burgled? by Anonymous Coward · · Score: 1, Insightful

    Try watching "Corrupt Banking System" on Youtube...

    You obviously don't know what the Fractional Reserve system is, nor that the banks now OWN all of us, since we can never produce enough goods or labour to pay off all the debts that the banks are allowed to print out of thin air...