How about taking a picture of someone else's check and depositing it into my account. These checks are not necessarily human reviewed, they are machine read and encoded. I could deposit your paycheck before you get it to the bank.
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Rob, grandpa of Ryan, Trevor, Devon & Hannah Sent: Friday, October 08, 2010 3:47 PM To: [email protected] Subject: [funsec] How do I exploit thee ... PayPal iPhone app makes cheque deposits http://www.cbc.ca/technology/story/2010/10/08/con-cheque-app.html Let me count the ways: Are the images encrypted in transit? Are they encrypted in storage on the iPhone? (How are they protected at Paypal?) Can the images be modified, in order to change cheque numbers, for instance, and multiply transactions? Is this only available with a non-jailbroken iPhone? If they can be modified, they can be created for fake accounts ... I'm sure that there are controls in place, particularly for these obvious ideas. Are the controls sufficient? The idea of trusting an image captured by a user-owned interface device just seems to be asking for trouble ... ====================== (quote inserted randomly by Pegasus Mailer) [email protected] [email protected] [email protected] If you do buy a computer, don't turn it on. - Richards' 2nd Law victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html http://blogs.securiteam.com/index.php/archives/author/p1/ http://www.infosecbc.org/links http://twitter.com/rslade _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
