Fake PIN pad units at Hancock Fabrics
Mar. 17th, 2010 08:15 am![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
thewayneThe Register reports that earlier this month, the Hancock Fabrics chain store published an open letter to its customers, informing them that in some of their stores the payment card terminals were replaced with "visually identical, but fraudulent PIN pad units", making it possible for criminals behind this scheme to steal payment card data such as the name on the card, its number and expiration date and PIN number when entered.
http://www.net-security.org/secworld.php?id=9033
I had not heard of this, and I know lots of people do crafty sort of things and probably go there on a regular basis.
Last week my debit card was compromised. I was compiling tax information and noticed a $94 charge with a vendor that I did not recognize. I queried the vendor info and it turned out to be a gas station in North Carolina. So now my debit card is gone, hopefully I'll have a new one before I go to Vegas next week for GTS.
The sad thing? My bank has branches in Vegas, I could have had my new card sent there. They'll only send the new card to my address on file, or to a branch. They only have one branch in Phoenix, way out in Tolleson.
http://www.net-security.org/secworld.php?id=9033
I had not heard of this, and I know lots of people do crafty sort of things and probably go there on a regular basis.
Last week my debit card was compromised. I was compiling tax information and noticed a $94 charge with a vendor that I did not recognize. I queried the vendor info and it turned out to be a gas station in North Carolina. So now my debit card is gone, hopefully I'll have a new one before I go to Vegas next week for GTS.
The sad thing? My bank has branches in Vegas, I could have had my new card sent there. They'll only send the new card to my address on file, or to a branch. They only have one branch in Phoenix, way out in Tolleson.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2010-03-18 05:42 pm (UTC)They had a system of using pager motors to send signals from a wearable computer. Quite clever.
Additionally, the CPU of that particular machine, was based on a 6502, the same chip in the Apple 2. Later machines used newer CPUs and more advanced RNGs, but still had problems. They also put in stronger physical security, such as epoxying the chips to the board. But they still had weaknesses that this particular team was able to exploit.
It's quite an interesting book.
The basic problem is that there's almost no such thing as a truly random number generator. It's a major field of computer science related to crypto. One of the cooler real implementations of randomization was at one of the UC campuses (IIRC) where they had two volcano lamps with digital video cameras pointed at them. through some sort of algorithm they integrated the two cameras to produce random numbers.
That I think is awfully cool.
Tom Clancy postulated a military crypto key where they bounced a radio signal off (IIRC) the Northern Lights and sing the scatter to produce, essentially, a one-time pad key, which is unbreakable for all practical purposes because the signal bounce is truly a one-time event.
I don't know if the radio bounce is a real thing, but it is also pretty cool.