[ Pobierz całość w formacie PDF ]
.TheATM is usually off-line to the bank's main computer and only goeson-line in two circumstances--first, during business hours, torespond to a customer's 'balance request'; and second, outsideregular hours, to take into local memory lists of invalid cards whichshould not be returned to the customer, and to dump out cheque bookand printed statement requests.Hackers have found ways of getting more than their cash limit eachweek.The ATMs belonging to one clearing bank could be 'cheated' inthis way: you asked for your maximum amount and then, when thetransaction was almost completed, the ATM asked you 'Do you wantanother transaction, Yes/No?' If you responded 'yes' you could thenask for--and get--your credit limit again, and again, and again.Theweakness in the system was that the magnetic stripe was notoverwritten to show you had had a transaction till it was physicallyejected from the machine.This bug has now been fixed.A related but more bizarre bug resided for a while on the ATMsused by that first bank's most obvious High Street rivals.In thatcase, you had to first exhaust your week's limit.You then asked fora further sum, say £75.The machine refused but asked if you wanted afurther transaction.Then, you slowly decremented the amounts youwere asking for by £5.70, 65, 60.and so on, down to £10.You thentold the ATM to cancel the last £5 transaction.and the machine gaveyou the full £75.Some hackers firmly believe the bug was placedthere by the original software writer.This bug too has now beenfixed.Neither of these quirks resulted in hackers 'winning' money fromthe banks involved; the accounts were in every case, properlydebited.The only victory was to beat the system.For the future, Inote that the cost of magnetic stripe reader/writers which interfaceto PCs is dropping to very low levels.I await the first inevitablenews reports.Electronic MailElectronic mail services work by storing messages created by someusers until they are retrieved by their intended recipients.** Page 39The ingredients of a typical system are: registration/logging onfacilities, storage, search and retrieval, networking, timing andbilling.Electronic mail is an easy add-on to most mainframeinstallations, but in recent years various organisations have soughtto market services to individuals, companies and industries whereelectronic mail was the main purpose of the system, not an add-on.file:///E|/Books/Hackers Handbook.htm (38 of 133) [11/28/2000 5:58:49 AM]Hacker's HandbookThe system software in widest use is that of ITI-Dialcom; it's theone that runs Telecom Gold.Another successful package is that usedin the UK and USA by Easylink, which is supported by Cable & Wirelessand Western Union.In the Dialcom/Telecom Gold service, the assumption is made thatmost users will want to concentrate on a relatively narrow range ofcorrespondents.Accordingly, the way it is sold is as a series ofsystems, each run by a 'manager': someone within a company.The'manager' is the only person who has direct contact with theelectronic mail owner and he in turn is responsible for bringingindividual users on to his 'system' -- he can issue 'mailboxes'direct, determine tariff levels, put up general messages.In mostother services, every user has a direct relationship with theelectronic mail company.The services vary according to their tariff structures and levels;and also in the additional facilities: some offer bi-directionalinterfaces to telex; and some contain electronic magazines, a littlelike videotex.The basic systems tend to be quite robust and hacking is mainlyconcentrated on second-guessing users IDs.Many of the systems havenow sought to increase security by insisting on passwords of acertain length--and by giving users only three or four attempts atlogging on before closing down the line.But increasingly theircustomers are using PCs and special software to automate logging-in.The software packages of course have the IDs nicely pre-stored [ Pobierz caÅ‚ość w formacie PDF ]