• (cs) in reply to John Evans
    John Evans:
    It's been years, but I'm pretty sure the card merely stored a student ID number.
    That works relatively well if you've got network connectivity at the points of use and a way to verify that the actual user of the card is the person who is supposed to be using it. A biometric approach (e.g., central server sends picture of authorized user to terminal on use of the card, which the terminal attendant verifies manually) can work quite reasonably. OTOH, that's actually expensive to implement properly (even now, all that network connectivity is a deployment problem) and you'd be critically dependent on staff being trained and staying motivated. I can quite understand people preferring a PIN-based approach instead, especially as it can be designed to allow some limited unconnected use (the aim being to reduce the risk to the point where a store+forward mechanism can be used).
  • Ptorq (unregistered)

    Victor's experiment as stated only proved that he could copy a value from one card to another card. It doesn't prove that the value copied was a balance.

    Certainly it COULD have been an encrypted balance, but it could also have been an encrypted student ID number or account number. If so, the machine would have read Patrick's card as Victor's and happily debited Victor's account for the sodas.

    This doesn't make it any more secure, of course, it just changes who the victim is. If it's a balance, the victim is the school; if it's an ID, the victim is the student whose card gets duped.

  • sh (unregistered)

    I think my Uni briefly had a similar system for a while, except rather than being like a credit card, it was more like a 'PhoneCard' (which were popular back then - you get cards that you could stick in public phones to make calls - although originally these were one-use (with holes to represent how much credit was used, I think) eventually these became refillable). The Uni got on board, and everyone's Student Card became a refillable phoneCard, which was accepted in most places on campus, as well as many vending machines and a few stores around the city... I always wondered whether the reason it was dumped so quickly (1-2 years) was that although they had always realised the value of the cards was like cash so people would steal them, they never realised that students would be so tight as to try to work out ways to get bang for their buck - and a card that stored its value seemed a perfect target...

  • sh (unregistered) in reply to boog
    boog:
    ...they were ripping strings off the card that looked like this: U2V0ZWMgQXN0cm9ub215. Obviously, it was encrypted in some fashion.
    U28gYmFzZTY0IGNvdW50cyBhcyBlbmNyeXB0aW9uIG5vdz8gIFdoeSBkaWQgbm9ib2R5IHRlbGwg bWU/Cg==

    I think Remy did it because he knew the arguments it will cause about encrypting vs encoding vs hashing... Getting the impression that increasingly little tidbits are added to [s]spark argument[/s] spark debate

  • Booger (unregistered) in reply to Rumen
    Rumen:
    XXXXX:
    Why weren't there any criminal charges?

    Just because something can be stolen or a monetary system can be counterfeited or abused, that doesn't make it legal to do so.

    How hard would it have been to track which cards seemed to have the most suspicious money on them? Then flip those weenies on the guy with the dongle?

    How is it illegal to "counterfeit" a non-official currency? It is like when you have a big festival where you need to buy tickets for beer, and you decide to print those tickets yourself. I always wondered which law you are supposed to be breaking there.

    Fraud. You are obtaining goods (beer) by deception

  • Rollin you (unregistered) in reply to boog
    boog:
    ...they were ripping strings off the card that looked like this: U2V0ZWMgQXN0cm9ub215. Obviously, it was encrypted in some fashion.
    U28gYmFzZTY0IGNvdW50cyBhcyBlbmNyeXB0aW9uIG5vdz8gIFdoeSBkaWQgbm9ib2R5IHRlbGwg bWU/Cg==

    aHR0cDovL3hrY2QuY29tLzE1My8K

  • Moz (unregistered)

    Our university had a similar stored-value system for photocopying. It very quickly became known that if you cut 2mm out of the mag stripe in the right place your card always read as having $12.50 on it. Unfortunately they only worked in photocopiers and there was a limit to how much photocopying I wanted to do.

    Those cards only lasted a year before being replaced.

  • ghe (unregistered) in reply to ares
    ares:
    Highly incriminating ? Then i think having penis counts as 'highly incriminating' in context of a rape case, oh ? Or having _a_ knife when somebody has been knifed a few blocks away ?

    IMO unless the vending machines recorded purchases AND the cashiers kept records of deposits, it's all circumstantial evidence and the school is SHIT OUT OF LUCK (without some rats/witnesses).

    Stupidity and luck are independent. The school is not out of luck. The school is STOOPID!

  • (cs) in reply to Rollin you
    Rollin you:
    boog:
    U28gYmFzZTY0IGNvdW50cyBhcyBlbmNyeXB0aW9uIG5vdz8gIFdoeSBkaWQgbm9ib2R5IHRlbGwg bWU/Cg==
    aHR0cDovL3hrY2QuY29tLzE1My8K
    SSBzZWUgd2hhdCB5b3UgZGlkIHRoZXJlCg==
  • Justice Powers (unregistered) in reply to Jay
    Jay:
    Severity One:
    Point is, how would they prove it? Somebody could prove his innocence by providing top-up chits, but you don't have to prove your innocence: the affected party needs to prove your guilt. Now, finding a card reader/writer would be highly incriminating, but for that you'd need to search the dorms.

    Not as easy as it sounds, unless they had a strong suspicion who was behind it (and most likely, they didn't).

    Hmm, how dumb do you think our police and courts are? <snip>

    By Jove, you're right!! I've never heard of anyone guilty as sin getting off because he had a good lawyer.

    Have you ever had a look at how many prosecutions are actually successful? Me neither, but I'm sure there are thousands of cases where the police do good investigation, and catch the right man, but the courts never manage to get a prosecution because there was a breakdown in process, or something was done ever so slightly wrong by the coppers, or there is insufficient evidence to conclusively prove what is bleedingly obvious etc....

    Just because we are all certain that the dude in the ski mask with the gun and the bag of money is the perp, doesn't meant that the courts won't rule that there is some shadow (and that's all that's needed) of a doubt....

    Lawyers suck unless you're a crim.

  • ping floyd (unregistered) in reply to Rumen
    Rumen:
    How is it illegal to "counterfeit" a non-official currency? It is like when you have a big festival where you need to buy tickets for beer, and you decide to print those tickets yourself. I always wondered which law you are supposed to be breaking there.

    obtaining property by false pretenses

  • Justice Powers (unregistered) in reply to Justice Powers
    Justice Powers:
    Jay:
    Severity One:
    Point is, how would they prove it? Somebody could prove his innocence by providing top-up chits, but you don't have to prove your innocence: the affected party needs to prove your guilt. Now, finding a card reader/writer would be highly incriminating, but for that you'd need to search the dorms.

    Not as easy as it sounds, unless they had a strong suspicion who was behind it (and most likely, they didn't).

    Hmm, how dumb do you think our police and courts are? <snip>

    By Jove, you're right!! I've never heard of anyone guilty as sin getting off because he had a good lawyer.

    Have you ever had a look at how many prosecutions are actually successful? Me neither, but I'm sure there are thousands of cases where the police do good investigation, and catch the right man, but the courts never manage to get a prosecution because there was a breakdown in process, or something was done ever so slightly wrong by the coppers, or there is insufficient evidence to conclusively prove what is bleedingly obvious etc....

    Just because we are all certain that the dude in the ski mask with the gun and the bag of money is the perp, doesn't meant that the courts won't rule that there is some shadow (and that's all that's needed) of a doubt....

    Lawyers suck unless you're a crim.

    Oh and the Clark Kent/Superman thing....

    Innocent until proven guilty. We don't believe CK is SM until you prove without a shadow of a doubt that he is.

  • (cs) in reply to Lance
    Lance:
    Nagesh:
    Here in Hyderbad, theeving is very common even in University where rich kids are being.
    Yes, and here in Oklahoma, counterfeiting is a Federal offense.
    I've heard of nullification, but I've never heard of a federal law that only applies to one state.
  • Mike (unregistered) in reply to Hasteur
    Hasteur:
    We used a similar system at my campus. Printouts, Copiers, and a few vending machines used the system. I never kept more than $5 on my card as one of the primary crimes was mugging students for their card chip value.

    And what good did it do to only keep $5 on your card? Unless the value of your card was emblazoned on your forehead in neon, a mugger didn't know the value of your card until he took it. So, whether you've got $1,000,000 or $1, you still get mugged.

  • (cs)

    Yes, but you only lose $5, as opposed to $1,000,000.

    A-DUUUUURRRRRRRRR

    Edit:

    Person A: I only kept $5 in my wallet, because muggings were frequent. Person B: But how would the mugger know you only had $5, genius?!

  • JB (unregistered) in reply to RichP
    RichP:
    I was impressed when it didn't turn out to be ROT-13 encrypted!

    FTFY

  • Earp (unregistered) in reply to BentFranklin

    We used to use blueboxes, DTMF dialers (I had a watch that dialed DTMF) and payphone bugs to get free calls back in the day (before internet etc).

    One of the good ones was you could actually start to dial before the screen picked up the keystrokes. So, for a long time, you could quickly dial '0800' (which is toll free here) before the numbers would start to appear on the pay phone screen. This meant you could dial '0800' and the screen would then display 'toll free number' and give you an open line, but it never actually DIALED the 0800 due to you entering it before the phone line was ready. This meant that you could dial 0800 very quickly, then dial ANY number you wanted and be connected.

    Was great for getting the phone numbers of payphones.

    Also, there was a flaw with the payphones in that they hold onto your coin until the call is connected, then drop it down to a money box. If the call isn't connected, the coin is dropped to the return slot. We discovered if you put in a 50c piece, then punched the phone right on the logo, you could make the coin 'jump' and about 80% of the time, it would fall down the return slot... letting you put it back in and build up your credit. Usually was good for getting $3-$5 worth of credit from a 50c.

  • Lisa (unregistered) in reply to newfweiler
    newfweiler:
    ... Another trick we learned was that if you dropped in a real coin and pressed two buttons all at the same time, sometimes two or three cans of soda would come out.

    Hey - Thanks for the tip!!! I never knew that one!

  • Helkio (unregistered) in reply to Lisa
    Lisa:
    newfweiler:
    ... Another trick we learned was that if you dropped in a real coin and pressed two buttons all at the same time, sometimes two or three cans of soda would come out.

    Hey - Thanks for the tip!!! I never knew that one!

    I think that's on failry old machines....

    At our school, they started bolting vending machines to the ground after students worked out that knocking them over could help you knock them over.... Good hip'n'Shoulder usually managed to loosen a coupl' bags of chips, but.

  • oheso (unregistered) in reply to Jay
    Jay:
    Also, I don't see how Clark Kent could possibly be Superman, because Clark Kent wears glasses and Superman doesn't.

    Don't tell anyone this, but Racer X is secretly Speed's older brother, Rex (crosses slides on screen).

  • (cs) in reply to C-Octothorpe
    C-Octothorpe:
    Rumen:
    XXXXX:
    Why weren't there any criminal charges?

    Just because something can be stolen or a monetary system can be counterfeited or abused, that doesn't make it legal to do so.

    How hard would it have been to track which cards seemed to have the most suspicious money on them? Then flip those weenies on the guy with the dongle?

    How is it illegal to "counterfeit" a non-official currency? It is like when you have a big festival where you need to buy tickets for beer, and you decide to print those tickets yourself. I always wondered which law you are supposed to be breaking there.

    Theft or fraud I would think... They'll likely just kick you out and ban you rather than pursue criminal charges. I think charges would come in once you start selling them at a "discounted" price.

    But then again, unless they can prove that it's counterfiet (stamp on the back or special paper, etc.), then it's just another case of a weird guy who buys up a bunch of tickets and sells them at a loss...

    Except in the UK if they're football tickets, because it's illegal to resell them (afaicr).

  • (cs) in reply to Justice Powers
    Justice Powers:
    Lawyers suck unless you're a crim.

    Or an innocent person being wrongly accused.

  • oheso (unregistered) in reply to hikari
    hikari:
    Or an innocent person being wrongly accused.

    In which case they suck harder.

  • iMalc (unregistered)

    I work at a security company in R&D and have everyday access to Mifare and 125KHz card reading and encoding technology. This article comes as no surprise to me. The transport card I carry and use every day stores the encrypted value on the card with the default read and write keys, meaning anyone can read and write it. Nothing appears to be stopping a "save and reload" attack except for the fact that I am an honest person.

  • Lol (unregistered)
    we unveil our new, multi-million dollar investment

    Multi-million euro investment, according to the picture.

    Maybe that will call for another hundred comments or so :-)

  • Grey (unregistered)

    Are such cards really worth the effort?

  • Kempeth (unregistered) in reply to boog
    boog:
    ...they were ripping strings off the card that looked like this: U2V0ZWMgQXN0cm9ub215. Obviously, it was encrypted in some fashion.
    U28gYmFzZTY0IGNvdW50cyBhcyBlbmNyeXB0aW9uIG5vdz8gIFdoeSBkaWQgbm9ib2R5IHRlbGwg bWU/Cg==
    Well you could call it a 3 byte substitution cypher...
  • metapedant (unregistered) in reply to Severity One

    By that logic one is not allowed to begin a sentence with "In Texas, [...]". Holland still exists as place.

  • metapedant (unregistered) in reply to metapedant
    metapedant:
    By that logic one is not allowed to begin a sentence with "In Texas, [...]". Holland still exists as place.

    Oops, this was intended to be in reply to this:

    Severity One:
    Paco:
    In Holland, [...]
    No, the Netherlands. Holland as an independent state ceased to exist over two centuries ago.
  • Anonymous Cow-Herd (unregistered) in reply to hikari
    hikari:
    C-Octothorpe:
    Rumen:
    XXXXX:
    Why weren't there any criminal charges?

    Just because something can be stolen or a monetary system can be counterfeited or abused, that doesn't make it legal to do so.

    How hard would it have been to track which cards seemed to have the most suspicious money on them? Then flip those weenies on the guy with the dongle?

    How is it illegal to "counterfeit" a non-official currency? It is like when you have a big festival where you need to buy tickets for beer, and you decide to print those tickets yourself. I always wondered which law you are supposed to be breaking there.

    Theft or fraud I would think... They'll likely just kick you out and ban you rather than pursue criminal charges. I think charges would come in once you start selling them at a "discounted" price.

    But then again, unless they can prove that it's counterfiet (stamp on the back or special paper, etc.), then it's just another case of a weird guy who buys up a bunch of tickets and sells them at a loss...

    Except in the UK if they're football tickets, because it's illegal to resell them (afaicr).

    Correct. This is apparently a special provision in law, which has been extended to cover Olympic/Paralympic tickets. The conditions of most other tickets also prohibit resale above face value, not that most companies bother enforcing it.

    If you went and "created" some of this virtual currency, you would be obtaining goods by deception (i.e. telling the vendor that you have credit when you don't).

  • Anonymous Cow-Herd (unregistered) in reply to Anonymous Cow-Herd
    Anonymous Cow-Herd:
    Correct. This is apparently a special provision in law, which has been extended to cover Olympic/Paralympic tickets.

    Slight correction - football resales are banned by s.166 Criminal Justice and Public Order Act 1994 (same Act as the "repetitive beats" nonsense), *lympic resales are covered by s.31 London Olympic Games and Paralympic Games Act 2006.

    [Only because I know what you lot are like.]

  • (cs) in reply to Marvin the Martian
    Marvin the Martian:
    shadowman:
    Severity One:
    Paco:
    In Holland, [...]
    No, the Netherlands. Holland as an independent state ceased to exist over two centuries ago.
    But the region of Holland still exists in the Netherlands. Are you saying he doesn't live there?
    Indeed... That two-province (North & South) Holland contains Amsterdam, The Hague, and Rotterdam... and indeed that system was introduced there.
    Yeah, but it's a national system, and can also be used on trains throughout the country, so he meant the country. It's a bit like calling the United Kingdom 'England', which they may not appreciate in, for example, Scotland.

    (And no, Great Britain is not the same as the United Kingdom, and then there's the Isle of Man, Jersey, and Guernsey and Alderney, which are part of neither, but still their citizens have a British passport. And that's just the European part of what we shall call 'Britain', for want of a more inclusive phrase. Well, except Gibraltar, which is also in Europe, and a crown colony. They do this on purpose, you know. Confuse the enemy.)

  • (cs) in reply to Jay
    Jay:
    Severity One:
    Point is, how would they prove it? Somebody could prove his innocence by providing top-up chits, but you don't have to prove your innocence: the affected party needs to prove your guilt. Now, finding a card reader/writer would be highly incriminating, but for that you'd need to search the dorms.

    Not as easy as it sounds, unless they had a strong suspicion who was behind it (and most likely, they didn't).

    Hmm, how dumb do you think our police and courts are?

    Do you want an honest answer to that? :)

  • Anonymous Cow-Herd (unregistered) in reply to Severity One
    Severity One:
    (And no, Great Britain is not the same as the United Kingdom, and then there's the Isle of Man, Jersey, and Guernsey and Alderney, which are part of neither, but still their citizens have a British passport. And that's just the European part of what we shall call 'Britain', for want of a more inclusive phrase. Well, except Gibraltar, which is also in Europe, and a crown colony. They do this on purpose, you know. Confuse the enemy.)
    And then there's Northern Ireland, where thanks to the clusterfuck way in which the secession and counter-secession were handled, not only has a border that is undefined in places[1], but everyone born there gets to have two passports.

    [1] The land border is defined by historic county boundaries. The sea border, ... not so much. (PROTIP: it's not straight down the middle.)

  • (cs) in reply to metapedant
    metapedant:
    By that logic one is not allowed to begin a sentence with "In Texas, [...]".
    Chance would be a fine thing.
  • aliud (unregistered) in reply to Remy Porter
    Remy Porter:
    View Source
    Looks like someone trying to establish an own antipattern.
  • Maurizio (unregistered)

    In the 80s, the national banks introduced an nation wide ATM system based more or less on the same principle; the ATMs where not all the time connected, and the data where updated nightly; the cards, called 'Bancomat' where purely magnetic at the time.

    So, if you duplicated a card, you could take money from each ATM up to your daily limit.

    Somebody actually did it, duplicated a few thousands cards and run all the day in the north of Italy. It was caught anyway, because it was the only customer of the card writing equipment that was not a bank.

    Maurizio

  • ted (unregistered) in reply to Rollin you
    Rollin you:
    boog:
    ...they were ripping strings off the card that looked like this: U2V0ZWMgQXN0cm9ub215. Obviously, it was encrypted in some fashion.
    U28gYmFzZTY0IGNvdW50cyBhcyBlbmNyeXB0aW9uIG5vdz8gIFdoeSBkaWQgbm9ib2R5IHRlbGwg bWU/Cg==

    aHR0cDovL3hrY2QuY29tLzE1My8K

    SSBkaWRuJ3QgZXZlbiBjbGljayBvbiB0aGUgbGluayBhbmQga25ldyBpdCB3YXMgc29tZSBmYWcgbGlua2luZyB4a2NkLiBJdCdzIG5vdCBjbGV2ZXIuIEl0J3Mgbm90IGZ1bm55LiBKdXN0IHRoZSB3b3JkICJidXR0ZXJmbGllcyIgd2l0aCBhIGxpbmsgdW5kZXIgaXQgYW5kIHRoZSBzaG9ydCwgdXNlbGVzcywgb25lIHNlbnRlbmNlIHBvc3Qgd2FzIGFsbCBJIG5lZWRlZCB0byBrbm93IHRoYXQgeW91IHdlcmUgbGlua2luZyB0aGUgY2FydG9vbiB3aGVyZSB0aGUgcHJvZ3JhbW1lcnMgaXRlcmF0aXZlbHkgb25lLXVwIGVhY2ggb3RoZXIgb24gaG93IHRoZXkgaW5wdXQgYSBwcm9ncmFtLg0KDQpGVUNLIFlPVSBGVUNLIFlPVSBGVUNLIFlPVSBGVUNLIFlPVSBGVUNLIFlPVSBGVUNLIFlPVSBGVUNLIFlPVSBGVUNLIFlPVSBGVUNLIFlPVSBGVUNLIFlPVSBGVUNLIFlPVSBGVUNLIFlPVQ0KDQpJdCB3YXMgZnVubnkgdG8gcmVhZCB3aGVuIGl0IGNhbWUgb3V0LiBJdCdzIGV2ZW4gZnVubnkgd2hlbiBjbGlja2luZyBvbiB0aGUgUmFuZG9tIGJ1dHRvbiBvbiB0aGUgc2l0ZSBhbmQgc2VlaW5nIGl0LiBJdCdzIE5PVCBmdW5ueSB3aGVuIHNvbWVvbmUgbGlua3MgdG8gaXQgZnJvbSBhIG9uZS1zZW50ZW5jZSBwb3N0IGFuZCB0aGlua3MgdGhleSdyZSBzbyBmdWNraW5nIGNsZXZlciB0byBoYXZlIGRpc2NvdmVyZWQgeGtjZC4NCg0KWW91IHByb2JhYmx5IHN0aWxsIHVzZSBsbWd0ZnkgYW5kIHRoaW5rIHlvdSdyZSBzbyBkYW1uIGNsZXZlci4NCg0KSXQgbWVhbnMgaW4gcmVhbCBsaWZlLCB5b3UncmUgYW4gdW5vcmlnaW5hbCBoaXBzdGVyIGRvb2Z1cy4NCg0KDQpHb3QgYW55dGhpbmcgdG8gZG8gd2l0aCBzYW5pdGl6aW5nIGlucHV0cyB0byBhIFNRTCBkYXRhYmFzZSwgZXRjLj8gTGluayB0byBCb2JieSBUYWJsZXMuIEdvdCBhIG5lcmQtcHJvamVjdCBzbG93LWFzcyB0dXJpbmcgbWFjaGluZT8gTGlrZSBhIG1pbmVjcmFmdCBsb2dpYyBjaXJjdWl0IGZyb20gcmVkc3RvbmU/IExpbmsgdG8gdGhlIG9uZSB3aGVyZSBpdCdzIHNvbWUgZ3V5IGFsb25lIGluIHRoZSB3b3JsZCBtYWtpbmcgYSBjb21wdXRlciBvdXQgb2Ygcm9ja3MuIEdvdCBhIHN0b3J5IGFib3V0IHBhc3N3b3JkIHNlY3VyaXR5IG9yIGVuY3J5cHRpb24/IExpbmsgdG8gdGhlIG9uZSB3aGVyZSB0aGV5IGJlYXQgdGhlIHBhc3N3b3JkIG91dCBvZiB0aGUgZ3V5IHdpdGggYSB3cmVuY2guDQoNCkZ1Y2sgb2ZmLiBZb3UncmUgbm90IGNsZXZlci4gDQoNCkZVQ0sgWU9VIEZVQ0sgWU9VIEZVQ0sgWU9VIEZVQ0sgWU9VIEZVQ0sgWU9VIEZVQ0sgWU9VIEZVQ0sgWU9VIEZVQ0sgWU9VIEZVQ0sgWU9VIEZVQ0sgWU9VIEZVQ0sgWU9VIEZVQ0sgWU9V

  • Your Name (unregistered)

    if only they used bitcoin

  • Bald Rick (unregistered) in reply to Rollin you
    Rollin you:
    Dear sir,

    We have recently conducted an audit of all cards and detected that you have recently spent $XXXXX on softdrink/books. According to our records, your card has been credited with $YYYYY. Would you please stop by the administration building to discuss this discrepency.

    Please be sure to bring your payment card and a change of clothes.

    Many regards, AnySanePerson

    Needs more reading.

    Credit amount is stored on the card etc. etc. etc.

  • dave (unregistered)

    The fact that a university would deploy such an obviously flawed system is even more disappointing (and even less shocking) than the fact that a university graduate misspelled "led" as "lead" when typing up this story.

  • MS (unregistered) in reply to John Evans
    John Evans:
    When I was in college, some anonymous person cracked the encoding on our ID cards...then they wrote up their findings on a flyer that they printed up and put in a big lecture hall before a large class. So, EVERYONE knew what the encoding was.

    When I was in college, nobody bothered writing up the encoding because any CS student could recognize the data just by looking at the position of the holes in the card.

  • Roger Garrett (unregistered) in reply to Lance
    Lance:
    Nagesh:
    Here in Hyderbad, theeving is very common even in University where rich kids are being.
    Yes, and here in Oklahoma, counterfeiting is a Federal offense.

    A federal offense that is state-specific? Now that's interesting.

  • (cs) in reply to Roger Garrett

    It would be even more interesting if it weren't a federal offence in Oklahoma.

  • Qvasi (unregistered) in reply to Jay
    Jay:
    ... come up with some way to steal someone else's property that the lawyers haven't thought of, and thus confound the courts with an act that everyone intuitively knows is stealing, but which is not actually prohibited by any law.
    Isn't that what mega corporations regularly do? ;)
  • Anon (unregistered)

    Ponies... PONIES EVERYWHERE.

  • snave (unregistered) in reply to boog
    boog:
    ...they were ripping strings off the card that looked like this: U2V0ZWMgQXN0cm9ub215. Obviously, it was encrypted in some fashion.
    U28gYmFzZTY0IGNvdW50cyBhcyBlbmNyeXB0aW9uIG5vdz8gIFdoeSBkaWQgbm9ib2R5IHRlbGwg bWU/Cg==

    aHAH, but what if I tricked it up ;)

    eAENxzEOgCAMBdDdU3x3dTKu3MDFwTgi1EjElkCN4fb6trcIdltoGuHkYS2wBcQu16RBGCyvAdaz wgf/bxdfoRQjbjLDsFHpMAv36VHKOCRecJYVmaxH0Lb5AFqtIQM=

  • Alex (unregistered)

    My high school and junior high had a student ID with a barcode - the barcode led to a centrally stored database that kept track of how much you had in your lunch money. When you went through the lane, your barcode was scanned, and your lunch was rung up. The ammount was deducted and the nice lady told you your balance.

    Somehow my brother found the lunch software on the school server - connecting from another computer at the school while he was supposed to be using it for class. There was no user credentials or anything from blocking him from using the program - all he had to do was find it on the server.

    BUT INSTEAD OF just creating money out of thin air, whenever he credited money to a friends account, he took away money from someone elses. The school didn't loose money, but many people lost a day or two worth of three dollar lunches. No one knew about it because the lunch program wasn't bleeding money mysteriously.

  • Jay (unregistered) in reply to Justice Powers
    Justice Powers:
    Jay:
    Severity One:
    Point is, how would they prove it? Somebody could prove his innocence by providing top-up chits, but you don't have to prove your innocence: the affected party needs to prove your guilt. Now, finding a card reader/writer would be highly incriminating, but for that you'd need to search the dorms.

    Not as easy as it sounds, unless they had a strong suspicion who was behind it (and most likely, they didn't).

    Hmm, how dumb do you think our police and courts are? <snip>

    By Jove, you're right!! I've never heard of anyone guilty as sin getting off because he had a good lawyer.

    Have you ever had a look at how many prosecutions are actually successful? Me neither, but I'm sure there are thousands of cases where the police do good investigation, and catch the right man, but the courts never manage to get a prosecution because there was a breakdown in process, or something was done ever so slightly wrong by the coppers, or there is insufficient evidence to conclusively prove what is bleedingly obvious etc....

    Just because we are all certain that the dude in the ski mask with the gun and the bag of money is the perp, doesn't meant that the courts won't rule that there is some shadow (and that's all that's needed) of a doubt....

    Lawyers suck unless you're a crim.

    I don't disagree with the gist of your comment at all. I'm not claiming that 100% of guilty persons are caught, convicted, and penalized, and that no innocent person anywhere has ever been penalized for a crime he didn't commit. Of course not. Like any system designed and run by fallible human beings, the criminal justice system is full of holes.

    What I AM saying is that the post I originally replied to carried this to the extreme in saying that this was a crime that you would obviously and inevitably get away with. Even if the system did not keep an audit trail of any kind that would identify the guilty parties, that would make the problem for the police little different from identifying the person who committed a fraud in pre-electronic days. They would have to rely on things like witnesses and circumstantial evidence.

    If someone steals cash, last I checked green paper bills did not have an automated method to track the identify of the thief. Nevertheless, the police often manage to solve such crimes. Not always, of course. But it certainly can be done.

  • Jay (unregistered) in reply to Justice Powers
    Justice Powers:
    Lawyers suck unless you're a crim.

    Not to defend lawyers, but ...

    Lawyers are also useful if, say, you don't know all the ins and outs of the law. For example, I've gone to a lawyer to have a will drawn up. If I tried to write my own, it might well have some flaw in it: I might use a word or phrase that has a technical meaning to the courts but that I intended in a different way, or I might be trying to do something that does not meet legal requirements, etc. And by the time the problem will my self-written will was apparent, I would presumably be dead and thus not available to explain what I really meant or correct the problems.

    I don't think all lawyers are evil and corrupt. It's just that the 90% who are give all the rest a bad name.

Leave a comment on “Wild Card”

Log In or post as a guest

Replying to comment #:

« Return to Article