(via JOHO)

From Risk Digest, via a mailing list:

ATM vulnerabilities and citibank's gag attempt

Ross Anderson
Thu, 20 Feb 2003 09:58:47 +0000

Citibank is trying to get an order in the High Court today gagging public disclosure of crypto vulnerabilities:

http://www.cl.cam.ac.uk/ftp/users/rja14/citibank_gag.pdf

I have written to the judge opposing the order:

http://www.cl.cam.ac.uk/ftp/users/rja14/citibank_response.pdf

The background is that my student Mike Bond has discovered some really horrendous vulnerabilities in the cryptographic equipment commonly used to protect the PINs used to identify customers to cash machines:

http://www.cl.cam.ac.uk/TechReports/UCAM-CL-TR-560.pdf

These vulnerabilities mean that bank insiders can almost trivially find out the PINs of any or all customers. The discoveries happened while Mike and I were working as expert witnesses on a `phantom withdrawal' case.

The vulnerabilities are also scientifically interesting: http://cryptome.org/pacc.htm

Source URL: http://catless.ncl.ac.uk/go/risks/22/58/6
- jim 2-25-2003 10:40 pm


return to: jimslog


"...im/weblog/archive/2003/?/ Content-Length: 0 Connection: close Content-Type: text/html; charset=ISO-8859-1 ..."

from page: http://www.digitalmediatree.com/jim/weblog/archive/2003

also from:
http://www.digitalmediatree.com/jim/weblog/archive/2003
http://www.digitalmediatree.com/jim/weblog/archive/2003
http://www.digitalmediatree.com/jim/weblog/archive/2003
http://www.digitalmediatree.com/jim/weblog/archive/2003
http://www.digitalmediatree.com/jim/weblog/archive/2003
http://www.digitalmediatree.com/jim/weblog/archive/2003
http://www.digitalmediatree.com/jim/weblog/archive/2003
http://www.digitalmediatree.com/jim/weblog/archive/2003
http://www.digitalmediatree.com/jim/weblog/archive/2003
http://www.digitalmediatree.com/jim/weblog/archive/2003
http://www.digitalmediatree.com/jim/weblog/archive/2003
http://www.digitalmediatree.com/jim/weblog/archive/2003
http://www.digitalmediatree.com/jim/weblog/archive/2003
http://www.digitalmediatree.com/jim/weblog/archive/2003
http://www.digitalmediatree.com/jim/weblog/archive/2003

first followed here: 5-09-2022 12:17 am
number of times: 1