[6277] in cryptography@c2.net mail archive
Re: Debit card fraud in Canada
daemon@ATHENA.MIT.EDU (Jaap-Henk Hoepman)
Tue Dec 14 12:29:27 1999
To: cryptography@c2.net
In-Reply-To: "Steven M. Bellovin"'s message of "Mon, 13 Dec 1999 10:49:35 -0500"
From: Jaap-Henk Hoepman <hoepman@cs.utwente.nl>
Date: 14 Dec 1999 09:30:17 +0100
Message-ID: <kpyaaxudpi.fsf@utip151.cs.utwente.nl>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
On Mon, 13 Dec 1999 10:49:35 -0500 "Steven M. Bellovin" <smb@research.att.com> writes:
> In message <19991213013547.A517@grok.localnet>, Steve Reid writes:
> > A real-world example of the fact that cryptography is only part of the
> > equation, and "tamper-proof" devices are not necessarily so.
> >
> > Article: http://www.globeandmail.ca/gam/National/19991210/UDEBIN.html
> > Mirror: http://www.efc.ca/pages/media/globe.10dec99.html
>
> I personally would like a clearer explanation of just what happened, and what
> the "tamper-proof" devices were.
>
These attacks on magstripe based cards have been around for ages... For even
more clever attacks (without merchant cooperation) on outdoor ATMs see
ftp://ftp.sri.com/risks/risks-20.31
Fake ATM front panel copies cards and PINs (Ulf Lindqvist)
Jaap-Henk
--
Jaap-Henk Hoepman | Come sail your ships around me
Dept. of Computer Science | And burn these bridges down
University of Twente | Nick Cave - "Ship Song"
Email: hoepman@cs.utwente.nl === WWW: www.cs.utwente.nl/~hoepman
Phone: +31 53 4893795 === Secr: +31 53 4893770 === Fax: +31 53 4894590
PGP ID: 0xF52E26DD Fingerprint: 1AED DDEB C7F1 DBB3 0556 4732 4217 ABEF
