The newspapers are full of stories about Ross Anderson’s experiments with ATMs, demonstrating something we already know quite well, which is that if you spend enough time in a laboratory with a bunch of PhD research students you will actually find a theoretical weakness in a commercial system. Well of course you will! No security systems are foolproof, especially if you take them outside of their operational context. Any streetwise student can demonstrate this. But just how much does this add to the security of our banking systems? Well, not a lot.
I just wish that a university of the calibre of Cambridge would actually work constructively with APACS and the banks to develop secure solutions, rather than resorting to publicity-seeking exposures that are more likely to inform organised crime about potential lines of attack. But then that would be far too logical.