Spellcheck and bank heists

Why you should pay attention in the language classes:

Attempting to transfer $20 million to a Sri Lankan non-governmental organization called the Shalika Foundation, the hackers instead attempted a transfer to the Shalika “Fandation.” Staff at Deutsche Bank spotted this error and got in contact with the Bangladeshis to ask for clarification. The ruse was discovered and the remaining transfers were canceled.

Source: A typo costs bank hackers nearly $1B | Ars Technica

Security in the times of 3D printing

Another lesson in why you should never show pictures of sensitive keys on the Internet:

The TSA is learning a basic lesson of physical security in the age of 3-D printing: If you have sensitive keys—say, a set of master keys that can open locks you’ve asked millions of Americans to use—don’t post pictures of them on the Internet.

A group of lock-picking and security enthusiasts drove that lesson home Wednesday by publishing a set of CAD files to Github that anyone can use to 3-D print a precisely measured set of the TSA’s master keys for its “approved” locks—the ones the agency can open with its own keys during airport inspections. Within hours, at least one 3-D printer owner had already downloaded the files, printed one of the master keys, and published a video proving that it opened his TSA-approved luggage lock.

Source: Lockpickers 3-D Print TSA Master Luggage Keys From Leaked Photos | WIRED

Quora: Why do ATMs return cards so slowly?

So, it’s not to annoy you, but to annoy the fraudsters

Answer by Rahul Keerthi:

It’s intentional: not slow, but jittery. The jitter is to reduce the probability of simple ATM skimming.

Firstly, it’s useful to understand how simple ATM skimming works.

  1. Skimmers are after two things: the data on your card’s magnetic stripe (magstripe – it’s like cassette tape fastened to the back of your card) and your personal identification number (PIN)
  2. They use gadgets that can be attached to or placed over the ATM card reader slot that will read and copy the magstripe data as the card is ejected from the machine
  3. They may also use hidden cameras or other ploys (shoulder surfing, for example) to see your PIN as you enter it
  4. They can then replicate your card and using your PIN, withdraw money from your account

[Image credit: Baltimore Sun]

Mind you, this is simple ATM skimming. More advanced techniques exist, some that aren’t yet figured out even.

What jitter does is foil the process of reading the magstripe data. ATM skimming devices typically prefer ejection to insertion as the card is machine-rolled out (as opposed to hand-fed in) and so, smoothly, evenly passed through the slot.

Jitter provides a simple physical solution to this potential problem: it introduces jitter into the ejection of the card from the reader.

This stop-start motion distorts any data read from the magnetic stripe on the card, making the copied information unusable.

Unfortunately this technology isn’t fool-proof, but it is a first deterrent that almost every major ATM vendor (i.e. NCR Corp., Diebold, Fujitsu and Wincor Nixdorf AG) employs – hence the ubiquitous “slow” returning of ATM cards that we all experience.

Tech Companies Pressed by N.Y. Over Handheld Device Thefts

This attitude could so easily be extended to the common man, taxes and administrative corruption – What steps are you taking to save your money from government corruption?

New York Attorney General Eric Schneiderman wrote to Apple, Google, Microsoft Corp. (MSFT) and Samsung Electronics Co. seeking information about what the companies are doing to combat thefts of their devices in the state, according to copies of the May 10 letters.

via Apple, Google Pressed by N.Y. Over Handheld Device Thefts – Bloomberg.