Hey Saidi, you took the words from my mouth (actually my fingertips). I don't think the idea has been understood. That's why I haven't responded to most of the responses coz it will take me a whole day to break this down. However I appreciate the input, it got me thinking of one or two things that can go wrong, but can still be solved if there is will. 8~) --- On Thu, 10/8/09, saidimu apale <saidimu@gmail.com> wrote: From: saidimu apale <saidimu@gmail.com> Subject: Re: [Skunkworks] Guardin against ATM thefts To: "Skunkworks Forum" <skunkworks@lists.my.co.ke> Date: Thursday, October 8, 2009, 8:02 AM The thugs have no way of telling you are lying since the system doesn't depend on the thugs being unaware of the system. They know you have 2 PINs but they can't tell which one is the real one, that is unless you have found an error in the logic presented. I don't think people have sufficiently understood wesley's idea. It is simple but is quite clever. The other ideas about having 2 accounts are impractical and prone to error (what if you mix up the balances of the 2 accounts and carry the wrong ATM card, the one with the greater balance?) saidi On Thu, Oct 8, 2009 at 12:54 AM, Rad! <conradakunga@gmail.com> wrote: the biggest flaw of all these suggestions is that thugs will be aware of these measures and might kill you even if you put the real pin first. this increases the risk for those who are cooperating. I don't think its worth the risk. let the thugs be in no doubt the balance is real. atm robbery is not a technical problem. it's social. On 10/7/09, Steve Obbayi <steve@sobbayi.com> wrote:
How about this... you put in PIN2 and it shows 10% of actual balance. Thereafter if you try and put in PIN1 it will show the same balance that PIN2 showed minus any transactions. so from the point PIN2 is used until it is reset at the bank, PIN1 will base its fake balance on PIN2. therefore its going to be hard for the thief to determine. If at that point the thug asks for a mini statement, the System can throw an exception and blame it on network problems... better still all ATMs at the same location can also be triggered to go offline... this additional security behaviors can be kept secret from general public. and also protect other users that stumble on the robbery and fall victims themselves. So the longer the thugs are busy trying to use other ATMs in the same enclosure the cops will hopefully be there.
Tech List Kenya wrote:
Just remembered, wat if thugs demand you generate a mini statement? (gun to the head, remember). Wil the anti-theft system fake this also?
On 10/7/09, Tech List Kenya <techlistkenya@gmail.com> wrote:
Gnod point @Tony. Maybe it can be done in such a way that: 1. If Pin2 is entered first, from then on the pin1 bal is *always* less until it is reset from the banking hall.
2. If pin1 is entered first, tough luck to the customer.
In other words, if put in succession, the 2nd bal wil be less hence thugs wont knw which is pin1 or 2.
Weakness: If the thug threatens that ukiweka pin2 kwanza tutajua, I wouldn't risk proving him/them wrong
On 10/7/09, Tony Likhanga <tlikhanga@gmail.com> wrote:
I don't get how someone would know the second PIN is the real one. As far as they're concerned they will see 1K for the second time, which is what was shown when the distress PIN was used first. They don't know that 10K is in the account.
Wes, I concur with Saidi. Picture this: what should be displayed if I feed in the PINs in this order; REAL->DISTRESS? As the thug, I'd simply be on the lookout for matching results.
Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
--
SKYPE: sobbayi US: +1 202 470 0525 KE: +254 722 627 691
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general -----Inline Attachment Follows----- _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general