 |
Thursday, May 23, 2002 |
|
This reminds me of an incident that happened not too long ago on the
University campus (in the UK) that I attended. The vending machines on
campus were the style where you can't see the item (Chocolate) before it is
dispensed - you dial a two digit number and it gives you the product or
tells you it's out of stock or how much it costs as appropriate. The
machines usually had about 10 varieties of chocolate/chewing gum in them, so
the valid entries were typically in the range 10-19 although some had more
or less choices.
It seems some of the machines had been misprogrammed and some debt-ridden
students had discovered that some of the higher numbers (80+) dispensed
chocolate with the incorrect prices. Some of these prices were very high but
others were ridiculously low - a few pence (less than 10 cents) per
item. Some even had a zero value!
As you can imagine, it does not take long for news like this to spread and
very quickly everyone knew if you wanted free or cheap chocolate and didn't
care what you got then you could just walk up to the nearest machine and
start punching buttons at random until you got something.
What is even more surprising is that the engineers that came to fill the
machines with food and empty the cash did so several times before someone
actually came along (A different engineer) and reprogrammed all the machines
to fix this problem. I'm surprised this problem hadn't been discovered
before at other sites, so I suspect either we had a badly setup batch of
machines or the problem was known about but they didn't have the resources
to reprogram every machine just in case.
The Risks here are obvious - as with almost every other Risks item, buggy
software doesn't just cause bad PR, it can cost money! ["Ryan O'Connell" via risks-digest Volume 22, Issue 10]
19:03
#
G!
| |
|
A scam e-mail message now circulating the Internet purports to be from a
"Special Forces Commando" in Afghanistan who's found $36 million in drug
money while on patrol, and who wants your help in moving the cash. Sure he
does. "We will thus send you the shipment waybill, so that you can help
claim this luggage on behalf of me and my colleagues. Needless to say the
trust in you at this juncture is enormous. We are willing to offer you an
agreeable percentage of funds." Stop laughing, and grab onto your wallet.
[AP/San Jose Mercury News 23 May 2002; NewsScan Daily, 23 May 2002]
http://www.siliconvalley.com/mld/siliconvalley/3319360.htm
[The Nigerian scams have been spawning numerous copycats, but
this one is a new variant. PGN] ["NewsScan" via risks-digest Volume 22, Issue 09]
16:03
#
G!
| |
|
He tried eleven commercially available fingerprint systems and spoofed *all*
of them (100%). The average single attempt had an 80% chance of success.
The reputable German magazine c't ran a cover story just now with similar
claims. They tested 11 iris, face, and fingerprint recognition system and
spoofed *all* of them. Some of their techniques were hilariously simple...
it'll be a long time until this reader can take biometrics seriously.
[Quite a few readers noted my mistake in RISKS-22.08. It has been
corrected in the archives. Thanks to all of you. PGN] [Arnt Gulbrandsen via risks-digest Volume 22, Issue 09]
8:25
#
G!
| |
Maximillian Dornseif, 2002.
|
|
|
