funsec mailing list archives
Report: FedEx Kinko's ExpressPay Can Be Exploited For Cash
From: "Fergie" <fergdawg () netzero net>
Date: Tue, 28 Feb 2006 22:58:09 GMT
This might not be news to some of you, but I unsubscribed to FD several months ago due to the SN ratio. :-) Via SecurityFocus. [snip] A vulnerability in the FedEx Kinko's ExpressPay system allows an attacker to receive free services or even cash from the stores, according to a post on Full-Disclosure yesterday. The ExpressPay system uses a Siemens/Infineon SLE4442 smartcard to store the pre-purchased value, and a three-byte security code prevents rewriting of the card's data. The method described for obtaining the security code involves using a logic analyzer at a point where the card is written to, and it is reported that this code is the same across all cards in circulation. [snip] Duh -- that was stoopid. More: http://www.securityfocus.com/brief/150 - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg () netzero net or fergdawg () sbcglobal net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Report: FedEx Kinko's ExpressPay Can Be Exploited For Cash Fergie (Feb 28)
- Re: Report: FedEx Kinko's ExpressPay Can Be Exploited For Cash Drsolly (Feb 28)
- LIST SECURITY - what's going on here? Jon O. (Mar 01)
- Re: [mwp] LIST SECURITY - what's going on here? Gadi Evron (Mar 01)