×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The Rising Barcode Security Threat

ScuttleMonkey posted more than 6 years ago | from the what's-in-a-number dept.

Security 125

eldavojohn writes "As more and more businesses become dependent on barcodes, people are pointing out common problems involving the security of one- or two-dimensional barcode software. You might scoff at this as a highly unlikely hacking platform but from the article, 'FX tested the access system of an automatically operated DVD hire shop near his home. This actually demanded a biometric check as well, but he simply refused it. There remained a membership card with barcode, membership number and PIN. After studying the significance of the bar sequences and the linear digit combinations underneath, FX managed to obtain DVDs that other clients had already paid for, but had not yet taken away. Automated attacks on systems were also possible, he claimed. But you had to remember not to use your own membership number.' The article also points out that boarding passes work on this basis — with something like GNU Barcode software and a template of printed out tickets, one might be able to take some nice vacations."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

125 comments

Nice vacations? (5, Funny)

MiniMike (234881) | more than 6 years ago | (#21870786)

> The article also points out that boarding passes work on this basis -- with something
> like GNU Barcode software and a template of printed out tickets, one might be able
> to take some nice vacations."

Yeah, in Guantanamo...

Re:Nice vacations? (4, Interesting)

Penguinisto (415985) | more than 6 years ago | (#21870822)

There's also the missing component of having the corresponding data in the airline's computer network/system that matches the barcode for that flight, at that time, on that date, at that gate, for that seat, etc etc... it only get more complex if you're dumb enough to try and check baggage as well.

You'd have to study more than just algorithms to get on a plane - all of the data the barcode represents would have to be in the airline's computer as well, else you won't ever get past the gate.

Unless there's some sort of secret code that gives free flights (could be, like for stewardesses returning home and such), it just ain't gonna happen that way.

Of course you could get real lucky, but it would have to be something on the scale of winning enough money via the Lottery to pay for the flight.

/P

Re:Nice vacations? (0)

Anonymous Coward | more than 6 years ago | (#21870850)

Flight attendants you insensitive clod...

Re:Nice vacations? (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21871346)


Flight attendants you insensitive clod...

Try flying Air Canada. They're not Flight Attendants, they're stuck up Fags and Aging French Cunts.

Re:Nice vacations? (4, Insightful)

JacksBrokenCode (921041) | more than 6 years ago | (#21871240)

You'd have to study more than just algorithms to get on a plane - all of the data the barcode represents would have to be in the airline's computer as well, else you won't ever get past the gate.

Ticket numbers are tied to specific passengers, not just flight & seat info. If you got to the point where you could accurately predict future ticket numbers for other passengers, you'd be able to get past security and likely on the plane... until a legitimate passenger shows up with the same ticket number. Even if you didn't sit in the seat you forged, they'd force everyone to disembark and reauthenticate themselves with photo-ids. Then there's the uncomfortable situation of trying to explain why you forged a boarding pass to circumvent security measures.

Re:Nice vacations? (0)

Anonymous Coward | more than 6 years ago | (#21873158)

Correct: I'm sure something would start beeping at the boarding gate, if for no reason other than to prevent people from accidentally boarding the wrong flight.

But that would probably be the only place you would be stopped.

They (the TSA at the security gates) already don't check anything past your paper print-at-home pass to see that it has your name and some general information on it. You could easily forge one of those to say any flight number/time/day.

Of course you would still have to go through security and the like and you would probably be committing a slew of federal, state, and local crimes.

Re:Nice vacations? (1)

zippthorne (748122) | more than 6 years ago | (#21871432)

I don't think that's the mechanism for this attack at all. You'd take the fake barcodes to the e-ticket terminals and pretend to be someone flying that day. Then you just take their tickets. Of course, when they do arrive and make a fuss, you'll get flagged and caught when you try to use the tickets at the gate.

Re:Nice vacations? (1)

Smallpond (221300) | more than 6 years ago | (#21874380)

The example in the article was not that you fly as the other person, but that you check baggage in their name. Perhaps containing drugs to be smuggled or a bomb.

Not entirely accurate... (5, Interesting)

Anonymous Coward | more than 6 years ago | (#21871560)

I've done this for kicks just to see if I could do it, but once I brought one of my fake ID's and fake boarding passes to the airport and got through the "security" (security? BAHAHAHA!) and made it into the terminal. Bought some drinks, ate some food and went home.

No one was the wiser.

You see, it's just a billion dollar FARCE and a WASTE OF TAXPAYERS MONEY for the *feeling* of safety when there really isn't any.

Of course I couldn't get on the plane. I couldn't get on a plane in 2001 without a correct ticket anyways. They had the barcode scanners to "check" you into the plane anyhow. At least, I remember them being available back in 1999 -AND- I wasn't too keene on getting onto a plane where there weren't enough seats where I'd get caught :P

Anyways, just as I said, this is easy to blow a hole through. There's nothing in the world that makes me more mad than being patted down, scanned or searched before boarding PUBLIC TRANSIT. I'm not a criminal, wtf are government agencies doing there?

(posted anon and through a couple anon proxies)

Re:Nice vacations? (1)

ejecta (1167015) | more than 6 years ago | (#21871604)

The secret code is: Hug the landing gear. Remember to wear a parka, it gets a bit fresh up there.

Passes worthless! I got on a flight without paying (4, Interesting)

KWTm (808824) | more than 6 years ago | (#21871680)

There's also the missing component of having the corresponding data in the airline's computer network/system that matches the barcode for that flight, at that time, on that date, at that gate ...
You won't be so sure after you hear what happened to me.

Once, I got on a flight to Hawaii. The plane was about to push off and, like most of the other passengers, I had settled into my seat. Then some other passenger came and said I was sitting in her seat! We compared boarding passes, and lo and behold, both of our passes were for the same seat! We couldn't figure it out, so we asked the flight attendant for assistance. She couldn't figure it out either, so she had to go back to the boarding gate with our passes to ask the ground crew to figure it out.

After a while, someone finally realized what happened. I was on the wrong flight! I was on board a direct flight to Hawaii, but I had actually bought a ticket to fly to San Francisco and from there transfer to a flight to Hawaii. I had always thought of it as "my flight to Hawaii" and had completely forgotten that I would have to transfer. The boarding gate was off by one, but the airport always changes boarding gates at the last minute and I figured this was one of the times. And the flight was scheduled 5 minutes before my actual flight, so I figured that the flight was early. I lined up like everyone else with my Internet-printed boarding pass, the computer scanned it, and I got on board just like everyone else. There was no alarm that I was on the wrong flight or anything like that.

That was with me accidentally getting on the wrong flight. What do you suppose could happen if someone was intentionally trying to pull off a deception? The only redeeming feature is that this happened in 2002, and I hope that airline security has improved somewhat since then. (I can dream, can't I?)

Re:Passes worthless! I got on a flight without pay (3, Interesting)

skiddie (773482) | more than 6 years ago | (#21871802)

Hmm. I boarded a flight on Dec. 24, sitting in seat 27C. As I got on the plane and handed the ticked to the member of cabin crew (having already had this boarding pass scanned at least twice) for her to direct me to my seat, she pointed it to me, and then did a double take.

"Sorry," she said, "I thought your ticked was for December 27, not row 27."

Now, either she was tired, or that's something that happens sometimes. Anybody know?

Re:Passes worthless! I got on a flight without pay (4, Interesting)

jbengt (874751) | more than 6 years ago | (#21871994)

"and I hope that airline security has improved somewhat since then. (I can dream, can't I?)"

Keep dreaming.
My experience with a current construction project for a major airline at a major airport speaks to a discomfortingly confused security situation.

The first time I went to the site with the Architect, who had a badge to escort us into the terminal, we were refused entry at 3 different points, always told to go somewhere else that wouldn't let us in. Then we went to an airline official, who said that the badge the architect had would get us in at a security gate that we tried before, so she escorted us there, and we weren't let in. So she did about a half hour of research, and found that we needed to go to the desk where they check in pets in their crates! There they checked the architect's badge and our IDs and issued us each a ticket-like piece of paper that we took to the security gate. There they took that "ticket" from us (and my co-worker's zippo lighter) and let us through. We then had the run of the place, without any ticket or pass.
We spent over an hour and a half getting in to do 2 hours of work. Then, after suffering through all that security red tape, we at one point got separated from the contractor with the keys, while we were in the non-secure loading dock (accessible from a public roadway). But not to worry, a friendly worker let us back to the secured passenger terminal side.

The second time I went with my boss, who picked up his own badge that he applied for three weeks earlier. He had been told it was ready to pick up. It took a little over an hour wating in lines and watching safety videos to pick up the badge. But when we tried it (it was a swipe and pin number type), it didn't work. So we went back down to the security badging office, only to find a sign on the door saying that they were closed for lunch and would be back at 1:00pm (even though it wasn't noon yet). I went back to the office, and he stayed the rest of the day to get it straightened out and do about an hour of work.

The third time I went, construction was well under way, the walls were knocked down, and the only thing bewteen the public parking and the secure air side was some pastic sheeting.

Did I mention that both the existing layout and the new design include a loading dock that connects the non-secured public roadways with the secure airside through a locked, but un-manned, door? Anyone on the inside (including employees, or sneaky passengers) could open the door, (or man the freight elevator if they had the key), and bring large, explosive things off the truck with a forklift and into the passenger terminal.

Re:Passes worthless! I got on a flight without pay (1)

mcrbids (148650) | more than 6 years ago | (#21872540)

I have no doubt that temporary security issues exist. The hard part is turning these temporary situations into real, exploitable, predictable vulnerabilities.

I'm a private pilot. I walk into the local FBO (like an airport terminal, but for private planes) and after a very brief check, I'm able to freely roam the "secure" side of the airport. Not just where the "small" planes are, the whole "other side" of the airport. I can drive a truck out to the plane I'm flying, without any check whatsoever of the truck's contents. I have to remember to stop after passing thru the gate so that only my car passes thru. That's about it. This is normal and typical, but my shoes never come off, and I can certainly have a 12 oz soda (or a 2-liter bottle) in my hand while this happens. A private plane (such as a Cessna 172) is not so different than car, except that it flies. Remember that the building blast in Oklahoma was done with a simple car bomb.

Next time you take off your shoes, remember this tidbit of wisdom: 9/11 might have been prevented if we had then today's general paranoia, but the specific measures out there today would not have stopped it. Today's meaures, if effective from 9/1/2001 forward would not specifically have prevented the horrible attacks on 9/11/2001. It's in large part, a sham, designed to inconvenience tax payers so that they are lulled into thinking that their tax dollars are at work. Except that it kinda works, because it's hard to predict which of the various security measures will be enforced on whatever day.

The truth is that truly effective security is often misunderstood and almost never implemented. What we get instead is a pile of rules, regulations, and "inconveniences" that, combined, make it difficult to organize any kind of grand scheme, even if the individual components are horribly insecure.

In short, it's the random nature of security enforcement that makes it effective, not the universal enforcement. Random enforcement is much cheaper, and is truthfully "good enough". And it will, occasionally, fail. And that the price of the occasional failure will generally be less than the cost of the improve security all along.

Re:Passes worthless! I got on a flight without pay (1)

jbengt (874751) | more than 6 years ago | (#21874436)

In short, it's the random nature of security enforcement that makes it effective, not the universal enforcement.
I agree
In my expereince they are very good at that randomness, the rules seem to change arbitrarily every week, if not by the day.
But it's very frustrating when you're just doing your job, and the doesn't-seem-so-secure security doubles the costs of doing it.

Re:Passes worthless! I got on a flight without pay (1)

tarpy (447542) | more than 6 years ago | (#21872972)

My experience with a current construction project for a major airline at a major airport speaks to a discomfortingly confused security situation.
Oooh, ooh, let me guess...my guess would be that this is about the Terminal 3 rehab American is currently doing at O'Hare.

Not only does this story sound like stupid aviation red-tape, but it's also got some classic Chicago moments (the badging office being closed until 1 pm is a pretty good give-away).

Re:Passes worthless! I got on a flight without pay (1)

jbengt (874751) | more than 6 years ago | (#21874390)

Oh, a good guess, but no.
I don't think I should say specifically.

Re:Passes worthless! I got on a flight without pay (1)

Obsidian Butterfly (1133957) | more than 6 years ago | (#21874528)

Reminds me of a warehouse I had a temporary job in. We temps had no badge to get in, but we couldn't leave the door open, even temporarily, for the sake of perceived "security".

Never mind that the bay doors (where the trucks dock) were wide open.

Re:Passes worthless! I got on a flight without pay (0)

Anonymous Coward | more than 6 years ago | (#21872148)

The only redeeming feature is that this happened in 2002, and I hope that airline security has improved somewhat since then.

I saw a man who got through security, got onto the plane with a legitimate boarding pass, and then he only had a problem after someone else showed up with the exact same boarding pass. It turns out the guy tried to buy his ticket online, but being not very computer savvy, he never clicked the final "Buy" button. Then he just showed up at the airport, and they couldn't find the ticket under his name, so they printed out the boarding pass for the next closest last name and gave it to him.

This was last week. But maybe airline security has improved somewhat since then.

Re:Passes worthless! I got on a flight without pay (1)

BigJim.fr (40893) | more than 6 years ago | (#21873664)

> That was with me accidentally getting on the wrong flight.

A similar story happened on a flight from France to Germany in the nineties. Because of overbooking I had been upgraded to business class and no one else claimed the seat, so I was completely unaware of being on the wrong flight. Only during the traditional hostess announcement after take-off did I mention to my neighbor that the wrong destination was announced... Lufthansa nicely took it as their own error and re-routed me on a flight from Stuttgart to my original destination, Hamburg.

What happened is that the planes were on the two branches of an "Y" shaped boarding bridge. When the overhead sign changed from "Stuttgart" to "Hamburg" I leaped from my seat, handed my boarding pass and boarded. But the ground crew had not had time to change the ribbon barrier configuration, so I boarded the wrong plane. I should have been surprised to be first at the gate and then board a full plane.

Anyway, if you forge a boarding pass, do it for a first or business class seat - a collision with another passenger is less likely.

Re:Nice vacations? (1, Interesting)

Anonymous Coward | more than 6 years ago | (#21872250)

Keep in mind that there are non-evil reasons someone would want to get past security and out on to the concourses. The major airport near me has several exclusive shops and one-of-a-kind restaurants out on the different concourses. You can't shop or eat there unless you have an air ticket. I think this sucks and it's not fair to the local residents.

But you don't need an actual ticket, a boarding pass will get anyone to those shops and eateries. The TSA people don't usually bother scanning the boarding pass. They glance at it and off you go.

A fake pass with legitimate-looking info (all of which is public information, such as flight number, departure time, gate number, etc) can get you past TSA. I know what I got for a boarding pass last time I flew. I still have the rather crude PDF. Change a couple parts of that, print, done. The real thing looks fake to me so a fake one should work too. On my last flights, the TSA was only interested in the date and whether my name matched. Period.

As for actually getting on the plane, that's a whole other issue. For one thing, they usually will check at the gate. Sometimes. But even if they don't, planes are so full these days, you're not likely to get a seat that somebody else doesn't also want to sit in, and that sort of thing will get attention from the flight crew and that's a problem.

But if all you want to do is eat at the only restaurant that a particular chain has in your state, off you go. Enjoy your meal. I don't see a big problem with it.

Crew returning (0)

Anonymous Coward | more than 6 years ago | (#21872952)

Crew returning home are also in the system ("dead-head crew" or "dead-end crew" I never checked). They have special ticket & reservation which are called "ID" ("Industry Discount"). About the only persons to fly without a ticket on a plane are the real crew. good luck impersonating one of them.

I would add that most system the airline uses are old crummy main frame (This is changing as many airline system provider are developing new system) with fancy GUI. Those I know of, are next to impossible to do buffer overflow or any injection tech and even if you did you would have to learn all the specs of the RES and ticketing system (It ain't a simple SQL database , most are proprietary database on flat file. Think old record system from the 60's). An insider would have better chance. And forget hacking yourself at CKI, you need the corresponding CRS/RES+INV record or you won't make it far. true there are incident where people are not on the flight they should, but last I heard was long ago for big airlines.

Re:Nice vacations? (1)

peter303 (12292) | more than 6 years ago | (#21870960)

or like two people in the same airline seat. I flew 18 segments in 2007 and only two of them had empty seats.

Re:Nice vacations? (1)

uvajed_ekil (914487) | more than 6 years ago | (#21872290)

Yeah, I'm sure the NTSB will have a great laugh when they find out that two people have boarded a plane with the intention of sitting in the same seat. I hear they always find it hilarious when an unauthorized "passenger" slips aboard a plane. They even have a special word for those people: terrorists. Just imagine if you get airborne: the NTSB will radio the plane, the pilot will make a u-turn, the crew will get flustered and stare at you, and the other passengers will "subdue" the shit out of your face, over and over, until the plane lands, upon which time you'll be arrested, or buried. Brilliant vacation, if you are into super-extreme, airborne, 100 vs. one ultimate fighting, and like dying or trips to federal pound me in the you-know-what prison.

How about this? (0)

Anonymous Coward | more than 6 years ago | (#21873576)

How about this hack? I thought about it some 18 years ago when I wrote some custom 3 of 9 barcode software for a bespoke application.

Take the 5 cent can deposit on soda cans and duplicate it and then place that sticker on any item that will seem like a soda container and then, in turn, place this in a soda deposit return machine for "free" money.

I remember calculating the work effort that it would all entail and the hourly rate on 5 cent returns was not worth it. Maybe for some for 10 cent deposit states it might be different.

Kinda sorry now that I just never tried it. Just too busy now to do so.

I am sure that there is nothing special on the containers that would prevent one from doing this.

just wait we'll get you (1)

v1 (525388) | more than 6 years ago | (#21870806)

with something like GNU Barcode software and a template of printed out tickets, one might be able to take some nice vacations.

you terrorist scum!

This is a fairly obvious vector (1)

Joe Jay Bee (1151309) | more than 6 years ago | (#21870810)

Maybe I'm missing something salient, but all this says is if you change the membership number provided to the system, the system will use that instead of any other. The only difference is that instead of the number being provided via a keyboard, it's provided via a barcode.

Nothing to see here, move along.

Re:This is a fairly obvious vector (5, Insightful)

schon (31600) | more than 6 years ago | (#21870916)

Maybe I'm missing something salient, but all this says is if you change the membership number provided to the system, the system will use that instead of any other.
Yes, you are missing something. And it's significant becaose of this:

instead of the number being provided via a keyboard, it's provided via a barcode.
Yes, and the people operating the machines that read these codes trust them.

Think about this: you go somewhere that uses ID/membership cards with barcodes on it. Salesdrone asks for your card. If you just give them the number verbally and are security-minded, they'll probably ask for ID. However if you provide the card, they won't, because they the card *is* the ID.

Non-technical people don't understand how barcodes work, so they assume that nobody else does either. So if nobody else understands it, then it can't be forged.

Re:This is a fairly obvious vector (1)

Unoti (731964) | more than 6 years ago | (#21870998)

It's still lame. They shouldn't trust the input of the barcode, any more than a web developer trusts their input. Perhaps the membership numbers should be more sparse and difficult to guess.

Re:This is a fairly obvious vector (1)

leenks (906881) | more than 6 years ago | (#21871160)

Or lusers trust phishing emails. They do because they don't know any better, and they likely don't care either.

Re:This is a fairly obvious vector (1)

schon (31600) | more than 6 years ago | (#21871242)

They shouldn't trust the input of the barcode, any more than a web developer trusts their input.
Perhaps if you were comparing the people who *designed* the barcode system to web developers you'd have a point, but expecting the same from a minimum-wage clerk who's never had any real security training and doesn't even know how the system works is a bit much.

Re:This is a fairly obvious vector (1)

It'sYerMam (762418) | more than 6 years ago | (#21874104)

That's the point - just as a web developer should write his web app to treat all input as potentially dangerous, the reader designer should write the reader's software treat the stuff it reads as potentially dangerous and falsified.

Re:This is a fairly obvious vector (5, Interesting)

jimmyswimmy (749153) | more than 6 years ago | (#21871046)

I used to work at a semiconductor fab - basically a big chemical factory. Access control, security and timecards were all kept by a barcode system, printed on the back of your badge. I had a lot of fun making bar codes to see which would get me into places I shouldn't have been, like the spaces between the cleanroom walls, or the tunnel under the building, or the chemical storage area (that was a place I didn't ever like being in). Probably seems worse now than it did then.

Back in elementary school we had a stored-value system for buying lunch, with security based on bar codes on little plastic cards. This was nearly 20 years ago and there was free software available then (on my Commodore 64? Atari? Can't remember) to generate bar codes. I made a couple, based on the ID numbers of friends, and gave them to the lunch lady, telling her that those cards were a bad idea. They never changed anything, though. These days I'd have been kicked out of school for that, though, if not arrested.

Re:This is a fairly obvious vector (0)

Anonymous Coward | more than 6 years ago | (#21871516)

Well, quite. A barcode is just a number. You could, of course, make it quite difficult to generate a valid number, but that doesn't help you much of someone can test a large number of numbers to see whether they're valid or not without being detected. If someone scanning bogus numbers through your security badge scanner doesn't make the big guys with guns show an interest, you have a problem.

Re:This is a fairly obvious vector (1)

0100010001010011 (652467) | more than 6 years ago | (#21874796)

Sophomore year I accidentally cracked my student ID. It had a barcode on it with my student ID that we used to get access to meals. After getting fed up with having to hold the cracked one just right I ended up just printing off my own using a barcode font.

I did use my own ID, but if I wanted to I'm sure I could have gotten free meals. The lunch lady didn't care. When a card got too bent up to be used I printed off 5 more (and then folded the paper to keep a stiff stock).

Vacations (-1, Offtopic)

timmarhy (659436) | more than 6 years ago | (#21870820)

I'd strongly advise against the vacation idea. airlines have other ways to quickly check your ticket other then the barcode, and you'll find attempting to board a plane via fruadulent means carries pound me in the ass federal prison time

Magnetic, but... (1)

Bartab (233395) | more than 6 years ago | (#21870844)

BART tickets in SF are magnetic, not barcodes, but I've been expecting fakes Any Day Now.

Re:Magnetic, but... (1, Insightful)

Anonymous Coward | more than 6 years ago | (#21871002)

Pre-y2k the BART ticketing system was extremely hackable and a lot of duped tickets were being made with magstripe writers. BART used y2k as an excuse to upgrade their systems, and the tickets are uniquely identified now so forging them is pretty difficult.

Re:Magnetic, but... (0)

Anonymous Coward | more than 6 years ago | (#21871960)

Back when I was growing up, we did just this, and quite easily. It started with watching adults pay with those dark pink tickets meant for children 12 and under. I watched as many just went on through during a normal rush hour. So, with a bit of knowledge and tape, I use to get them (free for me due to the program I was in) take them out with a bit of salt solution and rubbing alcohol , and put them on the normal white ones with a bit of rubber glue. Not high tech, but it worked to get back and forth to San Fransisco. (Granted, we could of gotten away with using the pink ones normally... but it was more fun this way ;)

The new ones are pretty tough as a previous poster pointed out, but not impossible. If it can be made, it can be taken apart =)

Great. (3, Funny)

Rgb465 (325668) | more than 6 years ago | (#21870882)

The article also points out that boarding passes work on this basis -- with something like GNU Barcode software and a template of printed out tickets, one might be able to take some nice vacations."

Great, now GNU Barcode will be classified as a terrorist weapon...

haha (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21870908)

penis in your butt

the rising threat of insecurity (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#21870918)

national bankruptcy, homeless homeowners, being involved in illegal invasions of other peoples' countries (which gives the radical nut cases 'job' security), banks (currently selling out to the 'axis of evile' countries), oil prices (sure to rise even further in response to yet another 'glorious victory' announcement). talk about being bushwhacked?

http://news.yahoo.com/s/ap/20071229/ap_on_sc/ye_climate_records;_ylt=A0WTcVgednZHP2gB9wms0NUE [yahoo.com]

is it time to get real yet? A LOT of energy is being squandered in attempts to keep US in the dark. in the end (give or take a few 1000 years), the creators will prevail (world without end, etc...), as it has always been. the process of gaining yOUR release from the current hostage situation may not be what you might think it is. butt of course, most of US don't know, or care what a precarious/fatal situation we're in.

for example; the insidious attempts by the felonious corepirate nazi execrable to block the suns' light, interfering with a requirement (sunlight) for us to stay healthy/alive. it's likely not good for yOUR health/memories 'else they'd be bragging about it?

we're intending for the whoreabully deceptive (they'll do ANYTHING for a bit more monIE/power) felons to give up/fail even further, in attempting to control the 'weather', as well as a # of other things/events.

http://video.google.com/videosearch?hl=en&q=video+cloud+spraying [google.com]

dictator style micro management has never worked (for very long). it's an illness. tie that with life0cidal aggression & softwar gangster style bullying, & what do we have? a greed/fear/ego based recipe for disaster.

meanwhile, you can help to stop the bleeding (loss of life & limb);
http://www.cnn.com/2007/POLITICS/12/28/vermont.banning.bush.ap/index.html [cnn.com]

the bleeding must be stopped before any healing can begin. jailing a couple of corepirate nazi hired goons would send a clear message to the rest of the world from US. any truthful look at the 'scorecard' would reveal that we are a society in decline/deep doo-doo, despite all of the scriptdead pr ?firm? generated drum beating & flag waving propaganda that we are constantly bombarded with. is it time to get real yet? please consider carefully ALL of yOUR other 'options'.

the creators will prevail. as it has always been.

corepirate nazi execrable costs outweigh benefits
(Score:-)mynuts won, the king is a fink)
by ourselves on everyday 24/7

as there are no benefits, just more&more death/debt & disruption. fortunately there's an 'army' of light bringers, coming yOUR way.

the little ones/innocents must/will be protected. after the big flash, ALL of yOUR imaginary 'borders' may blur a bit? for each of the creators' innocents harmed in any way, there is a debt that must/will be repaid by you/us, as the perpetrators/minions of unprecedented evile, will not be available. 'vote' with (what's left in) yOUR wallet, & by your behaviors. help bring an end to unprecedented evile's manifestation through yOUR owned felonious corepirate nazi glowbull warmongering execrable. some of US should consider ourselves somewhat fortunate to be among those scheduled to survive after the big flash/implementation of the creators' wwwildly popular planet/population rescue initiative/mandate. it's right in the manual, 'world without end', etc....

as we all ?know?, change is inevitable, & denying/ignoring gravity, logic, morality, etc..., is only possible, on a temporary basis. concern about the course of events that will occur should the life0cidal execrable fail to be intervened upon is in order. 'do not be dismayed' (also from the manual). however, it's ok/recommended, to not attempt to live under/accept, fauxking nazi felon greed/fear/ego based pr ?firm? scriptdead mindphuking hypenosys.

consult with/trust in yOUR creators. providing more than enough of everything for everyone (without any distracting/spiritdead personal gain motives), whilst badtolling unprecedented evile, using an unlimited supply of newclear power, since/until forever. see you there?

"If my people, which are called by my name, shall humble themselves, and pray, and seek my face, and turn from their wicked ways; then will I hear from heaven, and will forgive their sin, and will heal their land."

meanwhile, the life0cidal philistines continue on their path of death, debt, & disruption for most of US;

gov. bush denies health care for the little ones

http://www.cnn.com/2007/POLITICS/10/03/bush.veto/index.html [cnn.com]

whilst demanding/extorting billions to paint more targets on the bigger kids

http://www.cnn.com/2007/POLITICS/12/12/bush.war.funding/index.html [cnn.com]

& pretending that it isn't happening here

http://www.timesonline.co.uk/tol/news/world/us_and_americas/article3086937.ece [timesonline.co.uk]

all is not lost/forgotten/forgiven

(yOUR elected) president al gore (deciding not to wait for the much anticipated 'lonesome al answers yOUR questions' interview here on /.) continues to attempt to shed some light on yOUR foibles;

http://www.timesonline.co.uk/tol/news/environment/article3046116.ece [timesonline.co.uk]

itRoll (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#21870936)

FuckIng market

Must admit I've taken advantage... (3, Funny)

russotto (537200) | more than 6 years ago | (#21870940)

Darn it, now Acme* is going to read this and put a stop to my fake-discount-card ways. (they'll accept any code with the right length and first three digits... amusingly including other supermarket's cards).

*That's the grocery store, not Roadrunner's coyote-torturing company.

Re:Must admit I've taken advantage... (2, Insightful)

bmsleight (710084) | more than 6 years ago | (#21871132)

amusingly including other supermarket's cards
It good marketing to take other supermarkets discounts. Kind of like making sure Oo.o can read other file formats, it keeps you coming back.

Re:Must admit I've taken advantage... (0)

Anonymous Coward | more than 6 years ago | (#21871558)

The grocery store doesn't particularly care what identification card you use, just that you use the same code every time. This allows them to collect data such as how often you shop there, what items you tend to purchase together, and the frequency that you purchase certain items. Sure, if they know all your personal details they can target you for advertising, but if they can get you to just swipe some kind of card every time, they still get a ton of very good data.

Personally, I started shopping elsewhere. I won't swipe a card to get your "special" that is just a normal price at any other location. It's getting harder and harder to do this.

Re:Must admit I've taken advantage... (1)

pinchhazard (728983) | more than 6 years ago | (#21871566)

All stores that I've seen will allow you to get a "Club Card" or equivalent without giving any personal information. Also, the if you can find where they keep the unused club cards, from what I've seen they can all be used without being initialized. Oftentimes you can find some at a check lane, attached to applications, or at the self-checkout counter.

Personally, I just use the phone number to my parents' house because they've signed up for all the club cards already.

Re:Must admit I've taken advantage... (1)

russotto (537200) | more than 6 years ago | (#21872014)

All stores that I've seen will allow you to get a "Club Card" or equivalent without giving any personal information.


But they probably link it up first time you slip up and use a debit/credit card to pay. Using different "cards" prevents that.

So does using the phone number the last guy used. Or in a pinch, just make one up in a local exchange; the chance of it working likely isn't too bad. Hmm, I just had a thought... what if you give the store's own main number? They probably have a card keyed to that.

Re:Must admit I've taken advantage... (1)

volatile3.6 (1032218) | more than 6 years ago | (#21871730)

That's because Acme, Kroger, and a number of other stores use Catalina Marketing Corporation's services. Same cards work in different stores.

Nothing special (3, Insightful)

markdavis (642305) | more than 6 years ago | (#21870970)

There is nothing special or inherently secure about barcodes. They are just a machine readable number. Security has nothing to do with it- those are measures taken outside the barcodes. Anyone can print any type of barcode on just about anything.

Re:Nothing special (0)

Anonymous Coward | more than 6 years ago | (#21874486)

Barcode readers are normally connected to the keyboard input of a PC. I wonder what would happen if the barcode said: "exit; chdir c:\Windows\System; del *.dll", for example.

Barcodes still worthless without insider info... (3, Insightful)

shlingus (1046986) | more than 6 years ago | (#21871036)

Being able to print 2-dimensional, 3-dimensional, or even n-dimensional barcodes is useless no matter what software you have unless you already possess the inside info of knowing somebody's valid account number, data, etc. If somebody's gotten a hold of enough info to successfully print and use an illicit barcode, your security problem lies NOT with the barcode itself but with the system that allowed this information to get out in the first place.

The same situation exists with magnetic stripes. If you have valid account data you can write it to a magnetic stripe on a card and go to town with it. It's getting the data that's the hard part.

Here we go again (2, Insightful)

Flexagon (740643) | more than 6 years ago | (#21871040)

Sounds like the brilliant utility companies of the '60s that trusted the billing and payment amounts that they sent to their customers on punched cards, and expected to trust when the cards were returned with "payment".

Re:Here we go again (0)

Anonymous Coward | more than 6 years ago | (#21871198)

The Credit Card Song [dickfeller.com]. I heard it on LP as a kid; never thought I'd see the day when I'd have a reason to post it on Slashdot. So, thanks!

more FUD for an old story (1)

petes_PoV (912422) | more than 6 years ago | (#21871102)

These types of small-scale scams have been happening for years - there's no reason to get into a panic about it now (unless it happens to be a slow-news day ..... New years, hmmm)

Barcodes are pretty much obsolete so far as people's ID goes so the only organisations who might possibly take a hit are those that haven't updated their systems to "modern" mag-strip technlogy.

If you wanted to try and scare people over the holidays - and there hasn't been a good scare for a while, so I suppose someone wants to increase the fear factor - why not go with that?

Someone please put this story back in 1988 where it belongs

Fraud with copied bar codes (2, Interesting)

steveha (103154) | more than 6 years ago | (#21871120)

I remember reading about some guy who was stealing using bar codes. He would go to a store, and put a fake price sticker complete with a fake barcode on some expensive item; then he would take the item to the cash register, where the sales person would scan the bar code, the item would ring up as something less expensive, and he would pay the amount on the cash register. Sell the item at a large profit, then repeat.

He made up the fake stickers at home. I believe he would buy one of the less-expensive item, and at home he would duplicate its sticker. He didn't even need to generate the bar code, he was just copying the one that was on there.

Eventually he did the same trick too many times and they caught up with him.

If anyone remembers details of this story and can post a link to it, please do.

steveha

Re:Fraud with copied bar codes (3, Informative)

bjorniac (836863) | more than 6 years ago | (#21871210)

Been done a few times, but the one that comes to mind is this:http://www.denverpost.com/news/ci_3270764

There was also someone who stole a bunch (something like $300k) of legos like this (yeah, geeks crime) and I remember a case involving Mall-wart and iPods...

Re:Fraud with copied bar codes (1)

nacturation (646836) | more than 6 years ago | (#21872382)

This guy's problem was that he tried purchasing a $150 iPod with a $4.99 headphone barcode and naturally got caught. The better thing to have done(*) is to buy a top-end model of a product with a bottom-end model's sticker price. If you can achieve a > 2x price difference, then you can sell the original item at a hefty discount and make a profit. Was that the $149 iPod Nano or the $399 iPod touch? And if you're caught, you can easily feign ignorance as it's more likely that it was an employee labeling error.

(*) Note: don't try this at home. It's still theft and makes you a thief. But if you're going to be a filthy thief, might as well do it a bit more intelligently.
 

Easy way to do it with self checkouts (2, Interesting)

RCSInfo (847666) | more than 6 years ago | (#21871438)

When self-checkout machines first appeared in groceries I thought of this one.

1) Go to your nearest grocery store that has self checkout machines as well as a weigh station in the produce dept.
2) Pick up an expensive bottle of wine.
3) Go to the produce section and put the wine on the scale and enter the code for a cheap item such as potatoes.
4) Place the printed barcode sticker over the barcode on the wine bottle.
5) Pay for your items using the self checkout. The machine verifies all purchases by checking the weight in the bagging area - which of course will match perfectly.

As an added bonus for those under 21, you will not be carded for your alcohol purchase. Of course I would never do this, but I can't imagine that I am the first person to think of it.

Re:Easy way to do it with self checkouts (2, Informative)

AnarkiNet (976040) | more than 6 years ago | (#21871958)

That doesn't work.
The cashier's screen shows the SKU/UPC, abbreviated description, and price of each item on all self-checkout lanes attached to that cashier's station (usually 4). Unless the cashier is very green, or distracted by another customer, you will certainly get caught.
However, scuffing up the barcode on an expensive bottle of wine that looks very similar to a cheap bottle, and buying both by trying to scan the damaged barcode on the expensive bottle, which won't work with the machine, then typing in the UPC on the cheap bottle...that one might work, although again a veteran cashier will catch it instantly.

Re:Easy way to do it with self checkouts (0)

Anonymous Coward | more than 6 years ago | (#21872158)

5) Pay for your items using the self checkout.

Learn to read.

Wait... this is /.,
ok, disregard my comment...

Re:Easy way to do it with self checkouts (1)

Twanfox (185252) | more than 6 years ago | (#21872408)

You must not have ever used a self checkout. While there are a number of stations that customers can use for scanning their own goods, they are tied to one station with a cashier standing there for assistance and (most likely) loss prevention. They even have a little register they can use.

And, for once, someone should take their own advice first. To quote:

The cashier's screen shows the SKU/UPC, abbreviated description, and price of each item on all self-checkout lanes attached to that cashier's station (usually 4).

Re:Easy way to do it with self checkouts (0)

Anonymous Coward | more than 6 years ago | (#21872722)

Most self-checkouts are still manned by an employee with a screen that watches over the individual self-checkout machines. It boils down to whether or not the employee has a sharp eye 20 feet away while you are checking out.

Re:Easy way to do it with self checkouts (1)

RobFlynn (127703) | more than 6 years ago | (#21873936)

They typically have screens divided into four sections. There's a little camera at each register that shows video of everything you're trying to swipe and place in your bags/weigh station.

Re:Fraud with copied bar codes (0)

Anonymous Coward | more than 6 years ago | (#21871676)

This happened not long ago at the ASDA I work in. Basically, the reduced items in our store follow a very simple system. For deli items the barcode number is usually 2051xxxxxxx where xxxxxxx is how many pennies the item costs, pizzas are 2052xxxxxxx etc. I use it all the time to enter reduced prices for items when the reduced price is simply written on (instead of having a printed reduced barcode). Someone caught onto this and decided to try to buy some more expensive things at reduced prices such as extra special 16oz steaks for 20p. I've no idea how long he'd been doing it for, but he got caught eventually.

Just Happened to Me (1)

raftpeople (844215) | more than 6 years ago | (#21871788)

I was buying my kid an Xbox wireless controller from Target, the lady was having trouble scanning the UPC so she went looking for other barcodes, scanned the serial number which got a hit in their system as something for $6.99 (she figured out that wasn't right and eventually got the UPC to work).

I was pretty surprised that the S/N (or at least the left or right part of it) matched a UPC.

Re:Fraud with copied bar codes (1)

Darth_brooks (180756) | more than 6 years ago | (#21872128)

My old employer had a timecard & access control system that used badges with a barcode. I scanned the back of my card and after some tweaking of the scan settings (the basic scan wasn't sharp enough) I was able to print out a backup badge to keep in my wallet.

Worked out pretty well, since I was prone to forgetting my badge.

In other news... (5, Funny)

Anonymous Coward | more than 6 years ago | (#21871124)

L33t hackers discovered that with a certain amount of awareness and bravado it is possible to obtain quite tasty sandwiches for free, by hanging around the pickup counter at sub shops and pretending to hold the ticket number that was just called out.

Re:In other news... (0)

Anonymous Coward | more than 6 years ago | (#21872646)

The next day, the L33t hackers were disappointed when, after paying for their sandwiches, some dork stole their sandwich before they got to the counter. The L337 hackers were heard to say, "There ought to be a law against this."

Needs checksum security (1)

DoomfrogBW (1010579) | more than 6 years ago | (#21871186)

I have not seen the barcode, but this likely could be thwarted by using a simple checksum algorithm to add two digits to the end of the barcode number or somewhere within. This would prevent rudimentary attacks on the barcode by simply changing a few digits. The system could then check the number to see if the number 'checks out' prior to allowing access. This is valid of course, if an attacker does not figure out the checksum number. From reading the article, it sounds as if there is another system flaw.

bar codes can be copied (1)

Yaur (1069446) | more than 6 years ago | (#21871454)

A better way to defeat guessing would be to encrypt the SKU, ID number, etc and decrypted in the terminal... but at the end of the day any security you put on the barcode can be defeated with a photocopier. As others have pointed out the real problem lies with non-geeks not understanding the concept of trusted and untrusted data.

Re:bar codes can be copied (4, Informative)

DoomfrogBW (1010579) | more than 6 years ago | (#21871750)

That is incorrect. While the barcode can be photocopied, a backend database with terminal-level authentication to verify the barcode would stop most people. Before passing to the server, the terminal takes the barcode and has the algorithm below for generating the checksum. The two are compared and if they match, then it is passed onto the server which provides the ultimate authentication. If the checksum's do not match, then it is invalid. This prevents someone from simply changing a few digits and thinking it will work, which is what the article is talking about. The following method is a popular means by which to combat photocopying. For instance: A barcode number in Code 128C can be given as 000000070314100601 then apply checksum security and add these last two digits to the end of the current number:

// Generate CRC16 checksum using pos 1,3,5,7,9,11,13,15,17 of barcode

unsigned short cs;
cs = crc16((unsigned char*)barcode);
barcode[18] = (cs / 10) + '0';
barcode[19] = (cs % 10) + '0';
barcode[20] = '\0';
...

unsigned short __fastcall TFormMenu::crc16(char* p) {
char checksum = 0;
for (int i = 1; i <= 17; i += 2) {
checksum = checksum + p[i] - '0';
}

return checksum;
}

checksum != security (1)

Yaur (1069446) | more than 6 years ago | (#21872644)

From TFA:

The Phenoelites say that, by contrast, they have so far been unsuccessful in their attempts to crack the package collection slips used at the German Post Office's parcel stations, and the online tickets used by German railways. The two-dimensional codes of the latter have clearly been secured additionally with encryption methods, said FX, and this was something he strongly urged as a general practice for the proponents of automation.
if you need data security you should be using the industry standard tools. Encryption, digital signatures, or keyed hashes could be used to make the data more tamper resistant. Checksums, while useful for error detection, will not... what you have suggested is trivial to reverse engineer given a few valid bar codes.

Re:checksum != security (1)

DoomfrogBW (1010579) | more than 6 years ago | (#21874000)

Duh. I never said it was perfect and of course it can be trivial to reverse engineer. However, even if you do reverse engineer it, then you need a server backend to then provide the ultimate authentication. I think you are missing the point. Did you know what those numbers meant? Probably not. They are encrypted and obfuscated. A combination of those two factors and checksum makes the barcode more secure. Barcodes are inherently insecure unless you use encryption, obfuscation, and a checksum.

Re:bar codes can be copied (0)

Anonymous Coward | more than 6 years ago | (#21873634)

It takes you that many lines to state something that's a) obvious and b) already said by someone else?

Re:bar codes can be copied (0)

Anonymous Coward | more than 6 years ago | (#21873676)

The grandparent is correct. He's referring to a normal retail situation where the barcode will be the same if the item's the same - including the checksum. He mentioned a photocopier, do you know what that is?

dvd hire (1)

Myopic (18616) | more than 6 years ago | (#21871372)

I had to look this up: a DVD hire shop is a movie rental store. Apparently the old-worlders use "hire" to mean "rent".

hi-ya! (0)

Anonymous Coward | more than 6 years ago | (#21873698)

I had to look this up: a DVD hire shop is a movie rental store. Apparently the old-worlders use "hire" to mean "rent".

you mean as opposed to using it as a salutation ?

Souldn't work against properly designed systems. (5, Informative)

BitterOak (537666) | more than 6 years ago | (#21871474)

Anyone who has done any work with barcodes knows they are encoding schemes, not encrypting schemes. A barcode is simply a way of representing data (may be alphanumeric or binary), in a way that is easily read by scanning equipment. The commonly used algorithms are well publicized and it is easy to obtain software to read or write them. If security is important, encryption must be applied before the data is encoded in a barcode. I've scanned many barcodes on many things, and if money is involved, such as tickets or postage, I've generally found that they decode to seemingly random binary data, which means that most likely, encryption was applied first.

Re:Souldn't work against properly designed systems (1)

Jerf (17166) | more than 6 years ago | (#21871988)

Encryption? Why encrypt when you can just use a unique, unguessable ID and store everything of actual interest on a secured server?

Re:Souldn't work against properly designed systems (1)

nacturation (646836) | more than 6 years ago | (#21872522)

Encryption? Why encrypt when you can just use a unique, unguessable ID and store everything of actual interest on a secured server?
Encryption gives you the ability to verify that not only was the data read correctly, but that it is invalid rather than just being unscannable. So you can still have an unguessable ID (eg: a GUID) that's stored in a database and correlates with the info of actual interest, but also encrypt that. Where this could come in handy is in areas where there's a higher incident of employee fraud or the need for greater security/trackability. Assuming you've dealt with the problem of someone simply walking out of a store/warehouse with the product under their faraday-cage-equipped jacket, you still have a problem that someone could easily print up a barcode with the wrong information and affix it to the product essentially anonymously.

Implementing a public key infrastructure would allow for signing of printed barcodes. Let's say you used PDF417 [wikipedia.org] as your barcode. You can encode up to 2710 characters of data. This allows for your unguessable ID and also have it signed by the private key of the employee doing the printing. You still need to deal with the problem of preventing forged logins, etc. but incidents of barcode fraud by outsiders will drop to zero and the number of attack vectors for insider fraud is greatly reduced.
 

Accounts just need a key... (1)

failrate (583914) | more than 6 years ago | (#21871528)

Blockbuster Online's envelopes that you take back to the store had all kinds of account information on them, including what type of account. However, it occurs to me that all it needs to have is an account key. They should be able to scan that and your store membership card (two-key system to avoid spoofing) to return the DVD and give you credit to rent your free movie. I noticed a recent minor change in their store policy, so they may have actually fixed this?

Chaos Communication Congress (3, Informative)

matelmaster (1040950) | more than 6 years ago | (#21871532)

The talk this Heise article is about (which was held at 24c3 on friday [events.ccc.de]) is actually available as a full-length download in various formats on mirrors [events.ccc.de] (look for "2273-en-toying with barcodes") and on bittorent [thepiratebay.org] along with most of the other talks given at this (totally awesome) event. And it's in english, too.

24C3-Video about the barcode-hacking (2, Informative)

TransEurope (889206) | more than 6 years ago | (#21871664)

http://ftp.uni-kl.de/24C3/matroska/24c3-2273-en-toying_with_barcodes.mkv [uni-kl.de]

See this website for mirrors, other video formats and the rest of the videos of the 24C3-conference (some of them are really interesting, videos with a 'de' instead of 'en' in the filename are in german). http://events.ccc.de/congress/2007/Conference_Recordings [events.ccc.de]

Happy new year, gentleman/women :-D

Barcode attack vectors (0)

Anonymous Coward | more than 6 years ago | (#21871796)

For some reason I thought about this a little bit the other day and here it is on slashdot.

Some scanner systems use barcodes to program parameters of the readers themselves. It may be possible to use a special scan code to configure the scanning system to your advantage. Change the accepted symbol sets, internal port settings..etc. Along the same lines as old modem +++ sequence or more modern sql injection.

TFA mentions the remaining attacks against poorly designed systems. Use of predictable sequences / unauthenticated account numbers and lower level problems such as sql injection and buffer overflow.

Use of 2d bar codes to store unauthenticatable clear text information in any application that requires trust from possibly untrusted sources gets what it deserves. This includes trusting the 2D data printed on the backs of many of our drivers licenses :)

Duplicate Tickets (2, Insightful)

Tablizer (95088) | more than 6 years ago | (#21871876)

The article also points out that boarding passes work on this basis -- with something like GNU Barcode software and a template of printed out tickets, one might be able to take some nice vacations."

What if the rightful owner shows up with the same ticket number? Unless the tracking software is lame, it should note that a given number had already check in. At that point, an investigation would ensue. The perpetrator is probably caught on camera for non-trivial travel and the time stamp of check-in and the camera would identify the crook.
     

Considering how outdated barcodes are... (2, Interesting)

ZonkerWilliam (953437) | more than 6 years ago | (#21872048)

I don't see much to be concerned about. "Hacking" them isn't really new, switching UPC stickers has occurred for decades, and as mentioned by another reader, it's considerably small instances. The best place to put security worries is in the bar-codes offshoot, RFID tags.

Boarding passes are not a risk.... (1)

gweihir (88907) | more than 6 years ago | (#21872062)

Or at least not more than at the moment. I just had an international Flight with e-checkin. Would have been trivial to print several boarding passes (you print them yourself) with different names. I don't remember whether it had a barcode, but at boarding they just kept the second printout. Admittedly this was from Switzerland to Austria, but still.

I don't think barcodes are a security risk at all. Reliance on stuff that any modern printer can do is.

OCR + Free 3of9 = Free Stuff? (2, Interesting)

longbot (789962) | more than 6 years ago | (#21872686)

I find it a bit surprising that no one's yet mentioned the free 3of9 barcode font [barcodesinc.com] .

Back when I had a working scanner / OCR setup, I spent a lot of time trying to reverse-engineer the barcodes on coupons. You might be surprised how lenient cashiers are with those things these days... even after a former co-worker of mine printed up (and handed out) about 1,200 self-made "Free 20oz Coke Product" coupons.

With internet-printable coupons more popular than ever, I wonder how long it'll be before we start seeing larger-scale scams involving reverse-engineered "custom coupons"?

Re:OCR + Free 3of9 = Free Stuff? (0)

Anonymous Coward | more than 6 years ago | (#21872926)

I work in a grocery store and I see fake coupons at least once a day. They are all over and are luckily very easy to detect unless done by an experienced person.

Re:OCR + Free 3of9 = Free Stuff? (1)

jonbryce (703250) | more than 6 years ago | (#21873318)

There isn't really that much in the way of reverse engineering involved. You just need to know what coupons the till accepts at the moment, and print out the one you like the best.

If you look at for example Thresher Wine Shop in the UK from last year (holiday season 2006-7), they had a problem with people distributing discount coupons all over the internet.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...