Thursday, July 20, 2006
Details matter: how to let the whole world into your building
You know those ATMs that are behind glass enclosures for security? You have to swipe your ATM card through a reader at the door in order to get to the ATM.
So far so good. What if you are using an ATM that belongs to a different bank than yours? The keycard system makers have an answer for that. If you buy one of their systems, you can set it up so that any magnetic stripe card will work. Then customers of other banks can get in, use the ATM, and the bank collects a service fee.
If you set up that feature without meaning to then you've got a problem. One hospital did just that and a team of security testers got into the hospital with a shopper's club card. Once inside they plugged into the network, read passwords off the Post-It(tm) notes on people's monitors, and they could have done a lot more.
|
So far so good. What if you are using an ATM that belongs to a different bank than yours? The keycard system makers have an answer for that. If you buy one of their systems, you can set it up so that any magnetic stripe card will work. Then customers of other banks can get in, use the ATM, and the bank collects a service fee.
If you set up that feature without meaning to then you've got a problem. One hospital did just that and a team of security testers got into the hospital with a shopper's club card. Once inside they plugged into the network, read passwords off the Post-It(tm) notes on people's monitors, and they could have done a lot more.
# posted by Frederick @ 11:58 AM Email to a friend:
Haloscan: they provide trackback