funsec mailing list archives
Triple DES Upgrades May Introduce New ATM Vulnerabilities
From: "Fergie" <fergdawg () netzero net>
Date: Mon, 17 Apr 2006 16:44:29 GMT
Interesting. Thanks to Bruce Schneier who points out this article. Also, as Bruce points out: [snip] Basically, at the same time they're upgrading their encryption to triple-DES, they're also moving the communications links from dedicated lines to the Internet. And while the protocol encrypts PINs, it doesn't encrypt any of the other information, such as card numbers and expiration dates. So it's the move from dedicated lines to the Internet that's adding the insecurities. [snip] http://www.schneier.com/blog/archives/2006/04/tripledes_upgra.html Via Payment News. [snip] In a press release today [13 April 2006], Redspin, an independent auditing firm based in Carpinteria, CA, suggests that the recent mandated upgrades of ATMs to support triple DES encryption of PINs has introduced new vulnerabilities into the ATM network environment - because of other changes that were typically made concurrently with the triple DES upgrades. [snip] More: http://www.paymentsnews.com/2006/04/redspin_triple_.html - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg () netzero net or fergdawg () sbcglobal net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Triple DES Upgrades May Introduce New ATM Vulnerabilities Fergie (Apr 17)
- <Possible follow-ups>
- RE: Triple DES Upgrades May Introduce New ATM Vulnerabilities Henderson, Dennis K. (Apr 17)