Clive Robinson • July 11, 2008 1:55 PM
If Ross Anderson and his team are correct then he could do it in less than thirteen guesses (if I remember correctly) if he was talking to the bank security hardware (due to a mistake in protocols)…
Larry • July 11, 2008 3:51 PM
Hey, at least there’s nobody sitting at the stool.
Jonadab the Unsightly One • July 11, 2008 9:24 PM
The problem with that attack (from the attacker’s perspective) is that if you want to get away with it you need to figure out how to rent a booth inside an amusement park in a way that will not be traceable back to you later. I’m sure that’s possible with a combination of social engineering and forgery, but the profit-to-risk ratio is not particularly appealing compared to other kinds of attacks.
clvrmnky • July 13, 2008 2:03 PM
“if you want to get away with it you need to figure out how to rent a booth inside an amusement park in a way that will not be traceable back to you later.”
You are going to find a carnie the day after the carnival leaves town?
Morgan Storey • July 13, 2008 9:00 PM
Heh and it isn’t that far from the truth. A journo in the UK did something similar a while back http://www.itnews.com.au/News/74161,free-chocolate-provides-password-bounty.aspx
This made me laugh for a few minutes
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Leave a comment