Date: Tue, 30 Jul 2002 22:38:43 -0400 (EDT) From: Acidus To: Subject: Not returning my calls or email? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Status: RO X-Status: X-Keywords: X-UID: 5335 Jim, So you don't return my calls or emails. I'm hurt, but hey thats life. I know several folks on the BB user group, and have been getting rather regualr updates, and I must say, I am _very_ dissappointed in the results. I wrote this article to make you guys _FIX_ things, and that just isn't happening. The general feel of the group is I'm full of it, as is my article. I hoped that I could correct the 2 mistakes in my article (about the GUI and cloning cards), and in that letter stress that the system is still open. Regardless of how much you and the AUX services Guy yelled at me doesn't change the fact that the system is open. The fact is your user group is blind. Last time I checked they think their is some pending legal action against me, and that the system is flawless. and "If you operate the BB System, then you understand that it is very secure and impossible to infiltrate and perform any of the items described within the article." Bullshit. And if you are half as smart as I think you are you know thats bullshit. Physcial security needs to be greatly increased to protect extrenal devices like vending/coke/whatnot. And short of a major rewrite of ROM code, the readers could be spoofed. Hell you _admited_ to me that a Value transfer station could be fooled to telling the database that more money was on a card than had been deposited. So this letter other than letting you know I'm pretty pissed you've been blowing me off has a purposes. My article just like a CERT advisory _will_ cause people to be hacked. However just like a CERT advisory, only the admins who don't protect themselves will get hacked. I'm sorry that the user group feels like there are no worries, but their are. I'm sorry you have canceled appointments hours before they take place and don't return my calls. You are depriving me the chance to tell them the flaws I made, but at the same time stress the problems that _do_ exist. Thats wrong Jim, becuase you sat their in that office and told me their were things I was right about, and things I was wrong about. Someone is going to hack the system, someday. Maybe not yours, but someone is going to buy some textbooks on a card with $ thats doesn't exist and turn them into cash. So before that happens, do the world a favor and set the user group right. Thanks for giving me a fun story to tell at parties,