 Angled light can reveal Pin numbers |
The Pin numbers of millions of consumers are being put at risk by shoddy printing, warn security experts.
Bright lights and easy to use software helped University of Cambridge researchers defeat tamper-proofing on letters telling people their new Pin.
The researchers fear the security lapses could put consumers at risk as the UK adopts Chip and Pin technology.
The banking industry played down the risk and said little fraud was perpetrated by this method.
Letter box
Banks and many other organisations use secure stationery to give customers new pins or passwords that is designed to make it obvious if the envelope has been opened and the number or word has been read by someone else.
This secure stationery often uses a transparent label that must be peeled off to reveal a Pin or password. Background printing makes replacing a label accurately very difficult.
But Mike Bond, Steven Murdoch, and Jolyon Clulow from the security group at the Cambridge University computer lab has found that poor printing can mean that this secure system can be easily overcome.
Mr Bond was alerted to the problems when he was sent a new Pin and found that poor printing meant it was readable with the naked eye.
The researchers collected lots of so-called Pin mailers and then tested how secure they were.
 Banking industry say pins have been protected for a long time |
Many were defeated using bright lights shone at an angle on to the paper. Other Pins could be read by scanning the letter and then adjusting some of the image qualities in popular programs such as GIMP, Adobe Photoshop and Paintshop Pro.
"We were surprised that it could be done so easily," said Mr Bond.
"We're concerned as academics and outside parties that other people are going to be spotting this too and start working towards fraud," he told the BBC News website.
The security failings emerge as banks have turned to new laser-printing technology to produce pin mailer letters, said Mr Bond.
Laser-printed Pin mailer letters look like any other communication from a bank and help to defeat thieves looking out for the old-fashioned mailers that were much more distinctive.
Millions of Pin mailers are being sent out in the UK as chip and pin technology is more widely adopted.
Mr Bond said that the work the team has done on laser printed Pin mailers has shown that it is a "subtle art" that is tricky to do correctly.
"You are printing black toner on to a background pattern that is supposed to disguise it," he said. "If you add too little you cannot read it but too much will make it stand out."
Industry response
The Cambridge trio revealed their findings to the banking industry at the end of 2004 which has resulted in a standardisation procedure and new testing regimes for banks producing Pin mailers.
Despite these changes, said Mr Bond, the same insecure mailers are still being used months after the researchers warned about the failings. This was worrying, he added, because Chip and Pin puts so much emphasis on that personal number.
A spokeswoman for Apacs, the industry body for the payments systems used by UK banks, played down the risks exposed by the researchers.
 The UK is adopting Chip and Pin technology |
"A Pin has no value without the card" she said, adding that little fraud has been perpetrated by the method of reading pins from secure stationery.
"We always have to bear in mind that laboratory conditions are not duplicated in the real world," she said.
"Security around Pins is paramount and always has been because of cash machines."
She added that Pin numbers were inherently more secure than written signatures.
Security is constantly kept under review," said the spokeswoman, "every bank takes security seriously."
The new standards developed by the industry should be in place by the end of 2006.
"It's a work in progress at the moment," she said.
Consumers should also remember that, unless they are negligent, UK banking regulations do not make them liable for losses from fraud, she added.
News about the Pin printing research first appeared in the journal Infosecurity Today.
source:http://news.bbc.co.uk/1/hi/technology/4183330.stm
# posted by dark master : 8/26/2005 09:20:00 AM
0 comments 
As the earth turns, the center of the earth turns even faster.
Confirming assertions first made in 1996, a team of geophysicists are presenting data in the journal Science today showing that the earth's inner core, a ball of solid iron larger than the moon, spins faster than the rest of the planet. Over a period of 700 to 1,200 years, the inner core appears to make one full extra spin.
That extra spin could give scientists information about how the earth generates its magnetic field.
The inner core, 1,500 miles wide, sits at the center of the planet, ensconced in a sea of hot liquid metal known as the outer core. With nothing to hold it in place, the inner core can rotate independently. Nearly a decade ago, two scientists at the Lamont-Doherty Earth Observatory of Columbia University said it did just that.
Other scientists, however, questioned the analysis, which was based on the speed of earthquake waves passing through the earth. Subsequent attempts to pin down the inner core's rate of spinning produced a wide range of answers. Some said it spun, but at a much slower rate than the Columbia scientists claimed. Others said they could find no sign that the core was out of step with the other parts of the planet. Some said it seemed to be spinning at a slower rate, not faster.
The same researchers who made the original claim, Paul G. Richards and Xiaodong Song, now a professor of geology at the University of Illinois, led the new research, which they said should remove any remaining doubts.
While it does not precisely pin down how much more quickly the core is spinning, Dr. Song said, "what this particular paper shows is it cannot be zero."
Gary A. Glatzmaier, a professor of earth sciences at University of California, Santa Cruz, who was not connected with the research said, "Now, most people looking at this data would say, 'Yes, it is probably rotating faster than the surface of the earth.' "
Over the course of a day, the earth spins around once, or 360 degrees. The new research indicates that over a year, the inner core spins an extra 0.3 to 0.5 degrees compared with the rest of the planet.
Uncertainty clouded the 1996 research, which found a rotation rate of 1.1 degrees per year, because Dr. Richards and Dr. Song had to compare seismic signals from different earthquakes in different locations.
The new research is more precise, because the researchers were able to find pairs of moderate-size earthquakes near the South Sandwich Islands in the South Atlantic that occurred years apart, yet shook the same ground in a nearly identical pattern. The seismic waves of each pair of earthquakes were the same when they started out, but changed as they traveled through the earth to Alaska, indicating that something down deep had changed in the interim.
"You just look at these seismograms and something is different," Dr. Richards said.
While the inner core is almost spherical in shape, its composition appears to have a wood-grain-like layering, which could speed or slow seismic waves.
Scientists believe they understand why the inner core might rotate at a different rate. The flow of rising and falling iron in the liquid outer core generates electric and magnetic fields, which push on the metallic inner core. "The thing is acting like a huge rotor in an electric motor," Dr. Richards said. "Except this one is running a billion amps."
Dr. Glatzmaier, of U.C. Santa Cruz, said that computer simulations that he and others had done predicted that the inner core would spin faster, but the models lacked enough details to say how much faster. Now the new data will improve the computer models and give a better idea of how the interior of the Earth works.
"It's nice when new findings like this come out that reduce the uncertainty in one area so you can learn something," Dr. Glatzmaier said.
source: http://www.nytimes.com/2005/08/25/science/25cnd-core.html?pagewanted=print
# posted by dark master : 8/26/2005 09:18:00 AM
0 comments
