Category: security holes

Why using the Reverse Pin number won’t work!

Paul

Seems to circulating around!

I got this email about this and wanted to clarify something about this and I wasn’t sure if this was a hoax or not.    Wikipedia is not helping this myth if it is but I will talk about the reasons why it won’t work and explain to you in detail the reasons!

Privacy!

In the Privacy Act of 1974, No business or organization can release personal information about you without your direct consent or without a court order.   Although this isn’t strictly followed by all Online business or organization.   In order for ANY ATM To disclose your location of the ATM you are at or even your financial information would be against the Privacy Act!

Terms of Service would be need to updated!

All banks would have to change their TOS just to cover their butts in case something would go wrong.  You would see bank after bank making sure you knew about the changes in their services when it comes to ATMS!  This would be one of the requirements to be able to do this!   

The Algorithm!

Let’s face it if this software was available, it would be a screaming security nitemare!  Every bank uses their own Algorithm and HASH in association with each account.   In order for an ATM to give out money from any institution it would be required to provide the currect security code which would be the PIN code.   So the bank would have to create both front door passcode(PIN NUMBER) and a back door passcord(Reverse pin number) to access your personal information and also what money you have on your account.   This two PIN approach would make your account much easier to hack and or guess your pin, if implemented!  Since the ATM would not know which pin is correct until it connected with the bank server, it would not know if the pin entered is correct or reversed until the bank granted access and thus it would be impossible to implement this!!

Safety and Such!

It would just cause more problems than it is worth.   Just think if you had to put in your pin in reverse wouldn’t it be more trouble and possibly cause more violence than it would solve.   I know I have ADHD and I wouldn’t be able to do it very easily.   If the robber wants the money he will get impatient and maybe even hurt the victim even more.   This is why it will never be implemented because in the long run.   It doesn’t stop violence or death it just is more inconvenience than anything.   Think about how long it would be before the police actually got to that ATM.  On average it takes 20 mins just where I live and I know the robber won’t stay their very long if at all!  Once he gets what he wants, your either dead or very lucky!   Just some stuff to think about!

Paul Sylvester

Brace for Impact, Brace for Botnet! (Conflicker Worm)

Paul

The Worm that has infected 6% of Personal Computers is starting to build into something totally different.  According to some Researchers, they are saying this has to happen soon. And I’ll quote:

In any case, today seems better than the day before and we think that growth of Downadup has been curbed. Disinfection of the worm remains a challenge.

[Via F-secure]

[ad#ad2-right]Although this sounds like it has stopped, I don’t think so I am sure the worm will get even bigger.   I don’t think it has been curbed we might have a rest period before the Worms tries again.

“Why is it taking so long?” asked Huger. “That’s what we’re all asking.” He couldn’t recall an attack of this size with such a long lag time between the initial attacks and follow-on downloads of more malware to the hijacked systems.

[Via PcWorld]

Now We know this exploit is being patched as quickly as possible in some areas of the industry but that leaves the question?  What isn’t being patched, I am guess the next stage of this worm is mutant into a new worm much like the way it tries to communicate to download new software or instruction.   I believe it will be using a newer exploit so that it can infect even more computers.   I also think it will be a botnet and so does others.

But he also pointed out that the clock is ticking. “If they don’t hurry up and do it, someone else will,” he said, explaining that hackers must fend off not only security researchers, but also other criminals, who would like nothing better than to pinch a ready-to-use botnet.

[Via PcWorld]

So they are going to use this Downadup Worm soon, I am counting on it.   Somethings for IT professionals to prevent more infections are to make sure you have patched the latest security holes before they exploit that.   Like my favorite program, the Clone of Autopatcher, which you can create a month by month patch DVD to install on all important systems.   IT professionals must not start getting relax, because of people saying it is on the downfall. In nature there are always going to be periods of rest before growth. So I am sure something will happen rather quickly, and probably in the next week or two.