Comments on: We Need To Learn More About the RBS Worldpay ATM Attack http://www.veracode.com/blog/2009/11/we-need-to-learn-more-about-the-rbs-worldpay-atm-attack/ Application security testing, analysis, and metrics Tue, 15 May 2012 22:16:53 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Interesting Information Security Bits for 11/12/2009 | Infosec Ramblings http://www.veracode.com/blog/2009/11/we-need-to-learn-more-about-the-rbs-worldpay-atm-attack/comment-page-1/#comment-3130 Interesting Information Security Bits for 11/12/2009 | Infosec Ramblings Thu, 12 Nov 2009 20:21:24 +0000 http://www.veracode.com/blog/?p=968#comment-3130 [...] We need to learn more about the RBS Worldpay ATM attack Tags: ( atm ) [...] [...] We need to learn more about the RBS Worldpay ATM attack Tags: ( atm ) [...]

]]> By: Marsh Ray http://www.veracode.com/blog/2009/11/we-need-to-learn-more-about-the-rbs-worldpay-atm-attack/comment-page-1/#comment-3124 Marsh Ray Wed, 11 Nov 2009 17:54:04 +0000 http://www.veracode.com/blog/?p=968#comment-3124 "but figured out how to turn the stored encrypted PIN code back into the plain text PIN [...] There are many different PIN storage algorithms out there and the older ones have weaknesses. [...] backwards compatibility with older encryption format" Sounds like the possible encryption algorithms were probably reasonably well documented. A four-decimal-digit PIN only has 10,000 possibilities. That's a trivial space to brute force. “but figured out how to turn the stored encrypted PIN code back into the plain text PIN [...] There are many different PIN storage algorithms out there and the older ones have weaknesses. [...] backwards compatibility with older encryption format”

Sounds like the possible encryption algorithms were probably reasonably well documented.

A four-decimal-digit PIN only has 10,000 possibilities. That’s a trivial space to brute force.

]]>