Monthly Archives: October 2005

History, Security

ATM Fraud and Bank Security

Leave a comment

The Register has a fascinating report on how British Banks failed to deal with the fact that phantom withdrawls from ATMs were a real problem, until a man of integrity discovered it and (arguably) saved the system:

“This is the story of how the UK banking system could have collapsed in the early 1990s, but for the forbearance of a junior barrister who also happened to be an expert in computer law – and who discovered that at that time the computing department of one of the banks issuing ATM cards had “gone rogue”, cracking PINs and taking money from customers’ accounts with abandon.”

I posted it on Bruce’s blog today as well:

U.S. Regulators Require Two-Factor Authentication for Banks

Security

WinXP Security Guide Update

Leave a comment

Microsoft released a new Windows XP Security Guide today. Here’s their breakdown of the contents:

“The guide provides specific recommendations about how to harden computers that run Windows XP with SP2 in three distinct environments:

  • Enterprise Client (EC). Client computers in this environment are located in an Active Directory® directory service domain and only need to communicate with systems that run Windows 2000 or later versions of the Windows operating system.
  • Stand-Alone (SA). Client computers in this environment are not members of an Active Directory domain and may need to communicate with systems that run Windows NT 4.0.
  • Specialized Security – Limited Functionality (SSLF). Concern for security in this environment is so great that a significant loss of functionality and manageability is acceptable. For example, military and intelligence agency computers operate in this type of environment.”