RE: Small vulnerability in Canadian Pay Pal SecretQuestion

["Dan Clements" <dan () cardcops com>]

FYI...

> This mini-white paper outlines how hackers and carders migrate or hopscotch
> between online accounts.
> These sites are discussed; Amazon, Paypal, Earthlink, and Bank of America,
> among others.
>
> http://www.cardcops.com/account_takeover.htm






-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com]On Behalf Of Rob Adams
Sent: Friday, January 09, 2004 12:07 PM
To: j tole
Cc: hostmaster () paypal com; full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Small vulnerability in Canadian Pay Pal
SecretQuestion


j tole wrote, in part:

> One of the [Paypal] secret questions you can select when
> setting up your pay pal account is to enter the last 4
> digits of your drivers license. The problem here, is
> that the last 4 digits of most any canadian drivers
> license are the month and day that you were born. For
> example of the last 7 digits of my drivers license
> were 8-40726 then I would be born on july 26th, 1984.
>
> J. Tole a.k.a. ph1zzle
> jtole2003 () yahoo com

For what it is worth, here in Illinois the last five digits encode your
year and date of birth, and gender (the first seven encode your name).
For example, a male, born 5/5/1963 would have a license that ends:
    63129

See http://www.highprogrammer.com/alan/numbers/dl_us_shared.html for
details.

Rob Adams


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html