Peter Laborge, 2006-02-28
Colapse all |
Post comment
Report: Fedex ExpressPay can be exploited for cash
2006-02-28
Anonymous (2 replies)
Anonymous (2 replies)
Report: ExpressPay can be exploited for cash
2006-03-01
Anonymous (1 replies)
Anonymous (1 replies)
While this finding is significant, I have other concerns. The posting only gave the companies two weeks to respond. Big problems usually require big solutions, and those do not happen overnight. It might take the company two weeks just to verify the findings. Was this posting more about helping soci...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Report: ExpressPay can be exploited for cash
2006-03-01
Anymouse (1 replies)
Anymouse (1 replies)
This posting is what it is. Look for something wrong and you will always find it. What should they have done? Given the company a month? Six months? A Year? No matter what the timeframe someone will find something wrong with it.
Big problems require big solutions, true. Those big problems are u...
[ more ] [ reply ]
Big problems require big solutions, true. Those big problems are u...
[ more ] [ reply ]
Re: Re: Report: ExpressPay can be exploited for cash
2006-03-02
Christian Schmidt (1 replies)
Christian Schmidt (1 replies)
If nobody else is going to respond to this rant then I will.
> What should they have done? Given the company
> a month? Six months? A Year? No matter what
> the timeframe someone will find something
> wrong with it.
30 days is the norm. 2 weeks? Come on. If you don't think that even waiting...
[ more ] [ reply ]
> What should they have done? Given the company
> a month? Six months? A Year? No matter what
> the timeframe someone will find something
> wrong with it.
30 days is the norm. 2 weeks? Come on. If you don't think that even waiting...
[ more ] [ reply ]
Re: Re: Re: Report: ExpressPay can be exploited for cash
2006-03-02
Anonymous
Anonymous
"By the way: I did say minor exploit. Most people don't have smartcard readers."
Smartcard readers and writers have been openly available for little to money for some time now. Remember the Amex Blue readers they were giving out by the truckload a few years ago? And I know I've seen reader-writ...
[ more ] [ reply ]
Smartcard readers and writers have been openly available for little to money for some time now. Remember the Amex Blue readers they were giving out by the truckload a few years ago? And I know I've seen reader-writ...
[ more ] [ reply ]
Fedex Response:
2006-03-01
Anonymous (1 replies)
Anonymous (1 replies)
According to Fedex Kinko's:
"Our analysis shows that the information in the article is inaccurate and not based on the way the actual technology and security function. Security is a priority to FedEx Kinko's, and we are confident in the security of our network in preventing such illegal activity."
...
[ more ] [ reply ]
"Our analysis shows that the information in the article is inaccurate and not based on the way the actual technology and security function. Security is a priority to FedEx Kinko's, and we are confident in the security of our network in preventing such illegal activity."
...
[ more ] [ reply ]
Report: ExpressPay can be exploited for cash
2006-03-01
Anonymous
Anonymous
That image doesn't prove anything. It was obviously modified (31337) so you have to wonder if the image is real at all. Also, the image just shows the prompt to cash out, it does not prove anything, a valid card could have been used to produce the image.
I also wonder who at FedEx Kinko's was c...
[ more ] [ reply ]
I also wonder who at FedEx Kinko's was c...
[ more ] [ reply ]
Report: ExpressPay can be exploited for cash
2006-03-02
Anonymous (1 replies)
Anonymous (1 replies)
How does encrypting the security code or the money on the card improve anything? The values are transmitted in a way that can be "sniffed". So whether or not they are encrypted doesn't matter, you still get the encrypted string value and present that to the card and it will let you write to it.
...
[ more ] [ reply ]
...
[ more ] [ reply ]
Report: ExpressPay can be exploited for cash
2006-03-03
Anonymous
Anonymous
What I meant is that I don't believe the cards would support Key Exchange (yes, I know it is encryption). I believe that the smart card would have to provide more storage and a processor to support this. If this is the case then the card does not support the level of encryption features required t...
[ more ] [ reply ]
[ more ] [ reply ]
doing that,' there?s some kid in Finland who will go to the trouble."
? Alex Mayfield...
[ more ] [ reply ]