Return-Path: <sentto-279987-3845-1005489439-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Sun, 11 Nov 2001 06:40:07 -0800 (PST) Received: (qmail 32300 invoked by uid 510); 11 Nov 2001 14:36:14 -0000 Received: from n14.groups.yahoo.com (216.115.96.64) by all.net with SMTP; 11 Nov 2001 14:36:14 -0000 X-eGroups-Return: sentto-279987-3845-1005489439-fc=all.net@returns.groups.yahoo.com Received: from [10.1.1.221] by n14.groups.yahoo.com with NNFMP; 11 Nov 2001 14:38:26 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 11 Nov 2001 14:37:18 -0000 Received: (qmail 86302 invoked from network); 11 Nov 2001 14:37:18 -0000 Received: from unknown (216.115.97.167) by m3.grp.snv.yahoo.com with QMQP; 11 Nov 2001 14:37:18 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta1.grp.snv.yahoo.com with SMTP; 11 Nov 2001 14:37:18 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id fABEbjX13212 for iwar@onelist.com; Sun, 11 Nov 2001 06:37:45 -0800 Message-Id: <200111111437.fABEbjX13212@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Sun, 11 Nov 2001 06:37:45 -0800 (PST) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Banks.reject.student.hacker.claims] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 8bit Banks reject student hacker claims By Emma Nash, CW 360, 11/9/2001 <a href="http://www.cw360.com/bin/bladerunner?REQSESS=HQ0B18G9&690REQEVENT=&CARTI=107696&CARTT=1&CCAT=1&CCHAN=13&CFLAV=1&CPAGEN=ArticlePage&CPAGET=-99999&CSEARCH=&CSESS=-99999&CTOPIC">http://www.cw360.com/bin/bladerunner?R EQSESS=HQ0B18G9&690REQEVENT=&CARTI=107696&CARTT=1&CCAT=1&CCHAN=13&CFLAV=1&CPAGEN=ArticlePage&CPAGET=-99999&CSEARCH=&CSESS=-99999&CTOPIC</a>= Banks and hardware manufacturers have dismissed as hype claims by two Cambridge University PhD students that they have developed a system to hack bank security codes, which could reveal thousands of PIN numbers. Michael Bond and Richard Clayton claimed that software, together with a £700 device, could crack the high-security IBM 4758 crypto-processor, which is used by banks, financial institutions and governments. The pair stated on BBC's Newsnight programme that it was possible to download sensitive financial information, including PIN numbers, which could leave banks' systems open to substantial theft. IBM dismissed the claims, telling CW360.com that the students' method of attack could only work in laboratory conditions. "Normal bank practice and procedure would prevent any possibility of launching such an attack," said IBM. "This academic study is based on specific laboratory conditions. In the real world there are too many physical safeguards and authenticity protections for such an attack to be successful." Financial institutions contacted by CW360.com said they were investigating the claim. Nationwide Building Society told CW360.com, "We are looking into what has been said. It's unclear at the moment whether this would affect us." NatWest refused to comment, saying that security is an internal issue. Barclays and HSBC said they did not use the IBM 4758 crypto-processor. APACS, the Association for Payment and Clearing Services, would not comment, but sources at the association said while they were considering the implications of the claim, they were reassured by IBM's statement. ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:59 PST