password security

Ron Natalie ron at ron.rutgers.edu
Thu Dec 8 06:19:12 AEST 1988


The cards themselves are easily forged.  Essentially, nothing is
encoded in the stripe that you can't see on the front of the card.
Obviously criminal elements have the ability to forge this information
because well publicised cases of credit cards (which use the same technology)
exist.  When dealing with a machine, it's even easier, the card doesn't
need to look real to the eye, just have the correct data on the stripe.

Even if the PIN records at the bank are relatively secure, there are
many ways that the 4 digit number may be discovered.  Abuse of telephone
credit card numbers (which are essentially just your account number (
phone number) and a 4 digit PIN) inidicate how vulnerable that system
is.  Banks mail PINs (albeit separately from the cards) through the
use of printthrough computer envelopes.  You don't even need to open
these to get the information.   Banks should never send the PINs out.
Here we get to go to the bank to set them.  People should safeguard their
PINs.  Be careful about the guy behind you in line.   Don't write them
down, and if you get to pick your own, don't be so bloody obvious.
I guessed my wifes with little difficulty.



More information about the Comp.unix.wizards mailing list