Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Hackers View Visa/MasterCard Accounts

From: "Jason Coombs" <jasonc () science org>
Date: Tue, 18 Feb 2003 11:08:05 -1000
lucky for cc fraudsters, issuers opt to create cards in batches where all of
the neighboring card numbers share the same expiration date (month/year).

-----Original Message-----
From: Kevin Spett [mailto:kspett () spidynamics com]
Sent: Tuesday, February 18, 2003 11:02 AM
To: jasonc () science org; Richard M. Smith;
full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Hackers View Visa/MasterCard Accounts


Even with the checksum digits, the keyspace for all possible credit card
numbers is huge and largely unused.  Also, if you get declined, you don't
know whether it's a problem with the card number or the expiration date.
There's no way to brute force issued card numbers independent of expiration
dates, which would speed up the process greatly.  So let's say that you're
assuming that the expiration date is within three years.  If you've got an
unissued card number, you have to make all 36 attempts with it.

Also, CNN has revised their story.  The new number is 5.6 million credit
card numbers.


Kevin.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: