Sign in to follow this  
DealBot

PIN Scandal 'Worst Hack Ever'

Recommended Posts

QuietLagoon writes "The evolving Citibank PIN scandal is getting worse with each passing day. Gregg Keizer of TechWeb News writes: 'The unfolding debit card scam that rocked Citibank this week is far from over, an analyst said Thursday as she called this first-time-ever mass theft of PINs 'the worst consumer scam to date.' ... The problem...is that retailers improperly store PIN numbers after they've been entered, rather than erase them at the PIN-entering pad. Worse, the keys to decrypt the PIN blocks are often stored on the same network as the PINs themselves, making a single successful hack a potential goldmine for criminals: they get the PIN data and the key to read it.'"slashdot?g=4193

http://rss.slashdot.org/Slashdot/slashdot?m=4193

Share this post


Link to post
Share on other sites

as an engineer I cannot understand how technology like this can have such major flaws that aren't realized until its too late

who remembers the massive credit card number thefts from last yr?

Share this post


Link to post
Share on other sites

Who that heard it could forget? Unfortunately, the wonder that is technology has a tendancy to cascade forward at a rate that challenges anyone to keep up: programmers, digital artists, debuggers, etc. In millions of lines of code, that one weak link tends to be much easier exploited than found and fixed (until it's too late). I know the Citibank affair is more in-depth than this, but it still basically comes down to hackers advancing on decryption and data theft technology before the involved parties can (or realize they should) make a change in their software, databases, or policies.

Share this post


Link to post
Share on other sites

large companies tend to find it easier/cheaper/faster to market imperfect items just to get to market first (xbox 360 anyone?) or to meet deadlines, etc, figuring it can be corrected/fixed/ touched up in a later release/version/model etc. Unfortunately, what you said it correct- finding and repairing a bug in millions of lines of code can be a pain in the butt- the best way is to develop it to better standards in the first place... sometimes greed hurts in the long run.

even still, the problem isnt a 'bug' necessarily, but more a flaw in the logical design. Pins being stored with the decryption blocks are like locking your front door and taping the key to the lock.... This is something that should have been watched for- 'how is the key to the lock being handled?'

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this