Anne Lynn Wheeler wrote:
recent posts mentioning some skimming threats
http://www.garlic.com/~lynn/aadsm22.htm#27 Meccano Trojans coming to
desktop near you
re:
http://www.garlic.com/~lynn#aadsm22.htm#30 Creativity and security
Trial starts on swipe-and-go card; A new smartcard could result
Anne Lynn Wheeler wrote:
the trivial case from nearly 10 years ago was the waiter in nyc
restaurant (something sticks in my mind it was the Brazilian restaurant
just off times sq) that had pda and small magstripe reader pined to the
inside of their jacket. At some opportunity, they would
On Sun, 26 Mar 2006 19:07:07 -0800, Joseph Ashwood [EMAIL PROTECTED]
wrote:
- Original Message -
From: J. Bruce Fields [EMAIL PROTECTED]
Subject: Re: Creativity and security
On Fri, Mar 24, 2006 at 06:47:07PM -, Dave Korn wrote:
IOW, unless we're talking about a corrupt
On Mar 26, 2006, at 22:07, Joseph Ashwood wrote:
- Original Message - From: J. Bruce Fields
[EMAIL PROTECTED]
Subject: Re: Creativity and security
On Fri, Mar 24, 2006 at 06:47:07PM -, Dave Korn wrote:
IOW, unless we're talking about a corrupt employee with a
photographic
- Original Message -
From: J. Bruce Fields [EMAIL PROTECTED]
Subject: Re: Creativity and security
On Fri, Mar 24, 2006 at 06:47:07PM -, Dave Korn wrote:
IOW, unless we're talking about a corrupt employee with a photographic
memory and telescopic eyes,
Tiny cameras are pretty
Joseph Ashwood wrote:
The one I find scarier is the US restaurant method of handling cards.
For those of you unfamiliar with it, I hand my card to the
waiter/waitress, the card disappears behind a wall for a couple of
minutes, and my receipt comes back for to sign along with my card. Just
to
ref:
http://www.garlic.com/~lynn/aadsm22.htm#30 Creativity and security
and a more recent skimming news item from this month:
Cloned-card scams socking it to bank accounts
http://www.mysanantonio.com/news/metro/stories/MYSA030506.09B.atm_theft.27d5322.html
the above card mentions pins
regardingg the XXXing on receipts it turns out that things aren't
as grim as i thought. i anlayzed the checksum algorithm and if
you are missing n digits there are 10^(n-1) clashes.
i verified this with a brute force program.
but in the photograph the card scenario ... if one digit is
blurry
On Thu, Mar 23, 2006 at 08:15:50PM -, Dave Korn wrote:
As we all know, when you pay with a credit or debit card at a store, it's
important to take the receipt with you
[..]
So what they've been doing at my local branch of Marks Spencer for the
past few weeks is, at the end of the
J. Bruce Fields wrote:
On Thu, Mar 23, 2006 at 08:15:50PM -, Dave Korn wrote:
So what they've been doing at my local branch of Marks Spencer
for the past few weeks is, at the end of the transaction after the
(now always chip'n'pin-based) card reader finishes authorizing your
| If all that information's printed on the outside of the card, then
| isn't this battle kind of lost the moment you hand the card to them?
|
| 1- I don't hand it to them. I put it in the chip-and-pin card reader
| myself. In any case, even if I hand it to a cashier, it is within my
sight
On Fri, Mar 24, 2006 at 06:47:07PM -, Dave Korn wrote:
J. Bruce Fields wrote:
If all that information's printed on the outside of the card, then
isn't this battle kind of lost the moment you hand the card to them?
1- I don't hand it to them. I put it in the chip-and-pin card reader
dumpster divers looking for this stuff any more - when I
found
a great example of why you don't want people applying their
creativity
to security problems, at least not without a great deal of review.
You see, most vendors these days replace all but the last 4 digits of
the CC number on a receipt
On Thu, Mar 23, 2006 at 08:15:50PM -, Dave Korn wrote:
So what they've been doing at my local branch of Marks Spencer for the
past few weeks is, at the end of the transaction after the (now always
chip'n'pin-based) card reader finishes authorizing your transaction, the
cashier at the
Blanking out all but the last 4 digits is foolish. The last is a checksum
and the first four are determined by the merchant. This greatly reduces
the possibilities for the other 8 digits. I'd rather just Bank Name or even
the first 4 digits. (I know that amex use only 15, even worse.)
brucee
that I'm hesitant to just toss them as is, though I doubt
there
are many dumpster divers looking for this stuff any more - when I
found
a great example of why you don't want people applying their
creativity
to security problems, at least not without a great deal of review.
You see, most vendors
of why you don't want people applying their creativity
to security problems, at least not without a great deal of review.
You see, most vendors these days replace all but the last 4 digits of
the CC number on a receipt with X's. But it must be boring to do the
same as everyone else, so some bright
17 matches
Mail list logo