Here's a *BRILLIANT* password idea! (Sarcasm on)

[Phil Hughes]

In article <1526 at holos0.UUCP>, lbr at holos0.UUCP (Len Reed) writes:
> From article <438 at amanue.UUCP>, by jr at amanue.UUCP (Jim Rosenberg):
> = Well surprise:  This exact password system is ***IN USE***!!!  In (are you
> = ready:) ***BANKS***!!!  I am not kidding.  Do you have an Automatic Teller
> = Machine card?  What does your password look like?  Every time I've been given
> = one of those things the password was just 4 digits!!!!!!!

> You have to have physical possession of the card, too, not just knowledge
> of the account number.  

Not really true.  If you are serious about ATM fraud you can buy a mag
stripe writer for about $300.  I used to work for a company that makes
automatic gas station equipment -- stick in your card, punch in your PIN
and pump gas.  We bought a card writer.  I made myself an extra EXCHANGE
card.  Sort of fun.

By the way, track 2 on the cards is the account number.  Most bank
machines either ignore or display track 1.  Rainier Bank locally puts your
name on track one and displays it on the terminal.  Rewrite track 1 and
when you enter your card you can get a nice message like:
	GOOD AFTERNOON YOU ROTTEN CROOK
on the display.  It amuses the people waiting in line behind you.

Now, for a worse story -- as of two years ago every ATM machine in a whole
state would accept a particular 4 digit number as a valid pin for every
card.  Yes, really.  I was doing testing on a controller to hook into
their network and it wasn't getting invalid PIN errors.  As it turned out
there was a bug in our software and it wasn't sending the PIN that was
being entered.  It just happened to be sending the magic PIN for the
network.  Now that was really stupid.
-- 
Phil Hughes, SSC, Inc. P.O. Box 55549, Seattle, WA 98155  (206)FOR-UNIX
    uw-beaver!tikal!ssc!fyl or uunet!pilchuck!ssc!fyl or attmail!ssc!fyl