[funsec] PIN Scandal "Worst Hack Ever;" Citibank Only The Start

Rob, grandpa of Ryan, Trevor, Devon & Hannah rMslade at shaw.ca
Sat Mar 11 14:01:18 CST 2006


From:           	"Thomas C. Greene" <thomas.greene at theregister.co.uk>
Date sent:      	Sat, 11 Mar 2006 11:41:48 -0500

> The scandalous part is the fact that the identity of the outfit that caused this
> problem (OfficeMax suspected) is being withheld from the public. 

But this is far from being news.  In security, we are constantly faced with the 
holdover from "security by obscurity" in combination with the "don't admit 
problems" mentality from the corporates.

Trying to getting a read on this situation is frustrating, yes.  There seem to be a 
huge number of stories around debit cards, PINs, and ATMs right at the moment.  
Given the coincidental timing, one might suspect that they are all aspects of a) a 
major breach, or b) some new technology, but we won't know for sure for some 
time while everyone is trying to keep quiet about it.

> Whoever it was
> is being protected from the loss of customer confidence that they so richly
> deserve. 

It is rather ironic that Citibank is involved in the major story: Citibank was the 
outift that a) got hit, b) did pretty much everything right and kept the damage 
under control, c) decided to announce it, and use the fact that they had dealt with 
it properly as a selling point, and d) got hammered in the market.  I suppose you 
can't blame them for being less than forthcoming this time around.


======================  (quote inserted randomly by Pegasus Mailer)
rslade at vcn.bc.ca      slade at victoria.tc.ca      rslade at sun.soci.niu.edu
         The truth shall make ye fret              - Terry Pratchett
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade


More information about the funsec mailing list