International hacker buried $1m in backyard The international hacker who confessed to stealing tens of millions of payment card numbers amassed a fortune worth more than $2.7m, including more than $1m in cash buried in his backyard in Miami. Albert "Segvec" Gonzalez agreed to forfeit the ill-gotten booty in a guilty plea that was formally entered in federal court in …
If credit card companies used proven cryptography methods then stolen credit card numbers wouldn't be a problem.
The idea that credit card "security" lies in a 16 digit number and a hard to guess date is stupid, but the fact that these IDs can then be used in an infinite number of replay attacks is insane.
RSA security keychains have been around forever, and although they aren't the cure all, at least they would stop reply attacks. Honest to god I hope Nokia kicks the shit out of the PCI with their new payment system.
Really good solutions have existed for so long it's embarrassing.
If the banks are really that afraid of loosing customers to change, then they should at least let those of us who care use a secure payment system, and let all the other fools continue to use use their 16 + 3 digits.
"What's the point of burying money if you're going to crack under pressure and reveal where it is?"
Who's to say that's all his liquid cash? Or even most? Or even a significant portion? If you are planning for a contingency where you know you're going to end up talking until they're satisfied, why not have a sacrificial anode handy?
I get the part about Visa numbers in unencrypted files, on hackable servers, on unsecured wireless links. What I don't get is how these guys use that information to get cash from ATMs. Of course if you know how to do it, we don't want you to post it here. But I'm really curious. Is the ATM system really that weak?
Finnish banking:
I have a seven-digit number - my customer number, which is only known to me and the bank - never written down, plus a card of 4-digit numbers always kept in a secret, hidden place <strikeout>under my mattress</strikeout> which I use for each transaction in sequence, then cross out*. THEN, I need another 4-digit number, on the same card to confirm the transaction.
If I enter, say, one number out of sequence, I'm prompted twice more for the correct number - but only if it's no more than two adrift on the card. If I fail again, take passport/driving licence to bank, wait 3 days for new codes to arrive. By registered mail, for which I have to present valid photo-ID again at post office to collect.
*Actually, I don't cross them off. I memorise the index number of the last 4-digit number I used. Safer that way.
Cheks/Cheques? Bank teller looks at them, and when finished laughing sends to the local antique store to be valued.
If I were this twa*t, and buried a million Finmarks, I'd get nowt, 'cos the period for exchanging them for €'s has expired. Bit like burying 2 million 10 shilling notes, I guess, doing a Ronnie Biggs, then trying to cash-the-stash. Apart from getting queer looks from the tellers - who haven't seen a ten-bob note, the Rozzers would be down faster than if someone had shouted 'Litter-dropper!!!'
Wow, this guy's a serious brand whore. BMW, Tiffany, Rolex, Glock... he just has to have the name brand versions! Maybe if he was a little more thrifty, he could have stolen less money, maintained a lower profile, maybe stayed out of jail for a longer. Or indefinitely. Makes me want to start a life of crime just to show people how it's done.
[*] Well, actually a Glock 27 is a pretty good value, and it doesn't really pay to cheap out on firearms...but to point that out would totally ruin the flow.
(Paris, because I said "brand whoring". Heh heh.)
It's no secret, it's a man in the middle attack. If you can get in a position where you can read the (unencrypted?) transmission of the card number and the PIN to the merchant for verification, you've got what you need...it's the people who introduced a wireless network into this equation that need shooting.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
