[email protected] (Paul Gilmartin) writes: > This is similar to credit card skimmers in ATMs. It's *theoretically* > possible > but entirely implausible that some such person replace the entire z with a > counterfeit look-alike ...
early in the century there was a large pilot deployment of EMV chip credit cards in the US ... with an enormous fatal flaw ... even tho somebody had pointed out the fatal flaw before the deployment ... they apparently didn't understand and went ahead with the deployment anyway. When it finally did sink in, all evidence of the pilot evaporated ... and contributes to ongoing resistance to repeating another deployment in the states. this is somebody's old trip report to cartes2002 ... gone 404 but lives on at the wayback machine ... about presentation mentioning EMV design flaws (last paragraph) http://web.archive.org/web/20030417083810/http://www.smartcard.co.uk/resources/articles/cartes2002.html after detailed description at an "ATM Integrity Task Force" meeting, somebody made a reference to billions of dollars having been spent to proove chips are less secure than magstripe. There was myopic attention to countermeasures for lost/stolen card and not exposing PIN (authentication information). ATM machines & POS terminals would ask the card if the person had entered the correct PIN. The problem was that it was trivial to create counterfeit chip-cards that were programmed to always answer "YES" (they became known as "YES CARDS") ... it was no longer necessary to skim the PIN information ... since a counterfeit card would claim everything was correct PIN ... regardless of what was entered. misc. past posts mentioning "YES CARDS" http://www.garlic.com/~lynn/subintegrity.html#yescard part of the design flaw was the card was also asked whether the transaction should be done offline; Counterfeit "YES CARDS" always answered "YES" ... so even if the account was deactivated at the financial institution, it had no effect on stopping the transactions. during the Future System period in the early 70s ... the vm370 development group was side-tracked into working on FS ... one of the things was a super-security enhanced vm370 so that all super secret Future System documents would only be available in softcopy and only viewed on specially permitted 3270 screens (the development group had outgrown the 3rd flr of 545 tech sq and moved out to the old SBC bldg at burlington mall). misc. past posts mentioning science center at 545 tech sq http://www.garlic.com/~lynn/subtopic.html#545tech part of this was slightly earlier, paper copy of document describing 370 virtual memory (available for all 370s) showed up at an industry publication (before virtual memory for 370 was announced). investigation was sort of mini-"Pentagon Papers" ... afterwards ... all corporate copying machines were retrofitted with serial number that would appear on all copies made. one weekend I had some test time on another machine in the same room. I went by on friday afternoon to get things prepared. they had to show off their new super secure machine ... and just had to say that even I couldn't break the security ... even if I was left along in the machine room over the weekend. so one of the few times I rose to the bait, I said it would take only five minutes ... most of the time was spent disabling/turning-off all external access to the machine ... and then i used the front panel to alter a byte of storage in main memory ... which effectively disabled all the system security processes. I pointed out that they would would need access authentication for use of machine front panel functions ... and could also use encryption for all data (this was even before DES, coppersmith was still down at harvard) http://en.wikipedia.org/wiki/Don_Coppersmith for other topic drift ... some old public key email ... even discussion of PGP-like email operation a decade before PGP: http://www.garlic.com/~lynn/lhwemail.html#publickey MIT leaves behind a rich history in Tech Square http://web.mit.edu/newsoffice/2004/techsquare-0317.html Research topics also evolved, starting with the grand challenge of time-sharing and moving on to new problems as computer science began to mature. Tech Square served as the East Coast hub of the ARPANET (it was the original Network 18, known today as mit.edu); on the fifth floor, Dave Clark's group worked on the infrastructure for what would become the Internet, notably the TCP/Internet Protocols. Ron Rivest and the LCS Theory Group did pioneering work in encryption. In 1994, Tim Berners-Lee, inventor of the World Wide Web, set up the World Wide Web Consortium's global headquarters on the third floor of Tech Square. ... snip ... for other total trivia; note that GML had been invented in 1969 at science center on the 4th flr; a decade later it morphs into ISO standard SGML; and another decade later it morphs into HTML at CERN http://infomesh.net/html/history/early so it comes full circle with WWW returning to 3rd flr in 1994. lot more in this recent linkedin "Old Geek" discussion, "The cloud is killing traditional hardware and software" http://lnkd.in/mGd4j5 -- virtualization experience starting Jan1968, online at home since Mar1970 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
