Path: utzoo!utgpu!watmath!clyde!att!rutgers!mailrus!uwmcsd1!marque!uunet!pilchuck!ssc!fyl From: fyl@ssc.UUCP (Phil Hughes) Newsgroups: comp.unix.wizards Subject: Re: Here's a *BRILLIANT* password idea! (Sarcasm on) Message-ID: <1558@ssc.UUCP> Date: 1 Dec 88 23:35:12 GMT References: <438@amanue.UUCP> <1526@holos0.UUCP> Organization: SSC, Inc., Seattle, WA Lines: 33 In article <1526@holos0.UUCP>, lbr@holos0.UUCP (Len Reed) writes: > From article <438@amanue.UUCP>, by jr@amanue.UUCP (Jim Rosenberg): > = Well surprise: This exact password system is ***IN USE***!!! In (are you > = ready:) ***BANKS***!!! I am not kidding. Do you have an Automatic Teller > = Machine card? What does your password look like? Every time I've been given > = one of those things the password was just 4 digits!!!!!!! > You have to have physical possession of the card, too, not just knowledge > of the account number. Not really true. If you are serious about ATM fraud you can buy a mag stripe writer for about $300. I used to work for a company that makes automatic gas station equipment -- stick in your card, punch in your PIN and pump gas. We bought a card writer. I made myself an extra EXCHANGE card. Sort of fun. By the way, track 2 on the cards is the account number. Most bank machines either ignore or display track 1. Rainier Bank locally puts your name on track one and displays it on the terminal. Rewrite track 1 and when you enter your card you can get a nice message like: GOOD AFTERNOON YOU ROTTEN CROOK on the display. It amuses the people waiting in line behind you. Now, for a worse story -- as of two years ago every ATM machine in a whole state would accept a particular 4 digit number as a valid pin for every card. Yes, really. I was doing testing on a controller to hook into their network and it wasn't getting invalid PIN errors. As it turned out there was a bug in our software and it wasn't sending the PIN that was being entered. It just happened to be sending the magic PIN for the network. Now that was really stupid. -- Phil Hughes, SSC, Inc. P.O. Box 55549, Seattle, WA 98155 (206)FOR-UNIX uw-beaver!tikal!ssc!fyl or uunet!pilchuck!ssc!fyl or attmail!ssc!fyl