Report: ExpressPay can be exploited for cash

Report: ExpressPay can be exploited for cash
Peter Laborge, 2006-02-28

Expand all | Post comment

Report: Fedex ExpressPay can be exploited for cash 2006-02-28
Anonymous (2 replies)

Re: Report: Fedex ExpressPay can be exploited for cash 2006-03-01
Gerhard Rickert

Re: Report: Fedex ExpressPay can be exploited for cash 2006-03-02
Anonymous

Report: ExpressPay can be exploited for cash 2006-03-01
Anonymous (1 replies)

Re: Report: ExpressPay can be exploited for cash 2006-03-01
Anymouse (1 replies)

Re: Re: Report: ExpressPay can be exploited for cash 2006-03-02
Christian Schmidt (1 replies)

Re: Re: Re: Report: ExpressPay can be exploited for cash 2006-03-02
Anonymous

To be presented at LAYER ONE 2006-03-01
Anonymous

Fedex Response: 2006-03-01
Anonymous (1 replies)

Re: Fedex Response: 2006-03-01
Anonymous

Report: ExpressPay can be exploited for cash 2006-03-01
Anonymous

Report: ExpressPay can be exploited for cash 2006-03-02
Secure Science

Report: ExpressPay can be exploited for cash 2006-03-02
Anonymous (1 replies)

How does encrypting the security code or the money on the card improve anything? The values are transmitted in a way that can be "sniffed". So whether or not they are encrypted doesn't matter, you still get the encrypted string value and present that to the card and it will let you write to it.

The only way to prevent this is to have some sort of key exchange (like Diffie Helman) where the security code would then be sent across after establishing a secure tunnel. I am not sure whether these cards have that capability.

BTW: http://www.digg.com/security/Fedex_Kinko_s_Smart_Cards_Hacked

A former employee states on here that they are only allowed to refund $10.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/newsbriefs/150/692#692

Re: Report: ExpressPay can be exploited for cash 2006-03-03
Anonymous

Report: ExpressPay can be exploited for cash 2006-03-03
Anonymous