more on Hacked Speedpass, Hotel mag cards

[David Farber <dave () farber net>]

Begin forwarded message:

From: Tom Gray <tom_gray_grc () yahoo com>
Date: September 22, 2005 9:22:37 AM EDT
To: dave () farber net
Subject: Re: [IP] more on Hacked Speedpass, Hotel mag cards



For IP, if you wish

One thing that a;ways puzzles me when similar issues
are brought up is that it is easy to perform a creidt
card fraud without any technological assistance.

I found transactions on my credit card bill for a web
porn site. I complained to the credit card company.
They obtained the 'authorization' slip from the porn
company. They claimed that they obtained the card
number from a call and that the name provided was 'A
Guy'. When I mentioned to the credit card company
agent that this was an obvious fraud, she was shocked.

There is a common fraud in which unethical companies
will generate possible credit card numbers that pass
the simple validity checks performed by the banks.
They then attempt to bill these numbers until they
find hits. They then charge small amounts ($25 or so)
to the cards in hope that the charges will not be
noticed. In my case, Charges cen then be made at
intervals. I noted the charges immediately and
complaimed but there had already been another charge
for a porn service.

So I find all this concern about the hacking of RFIDs
and credit card stripes rather puzzling. Why go to the
bother whrn the credit card system is so open for
abuse.

Tom Gray

--- David Farber <dave () farber net> wrote:


> Begin forwarded message:
>
> From: Jim Thompson <jim () netgate com>
> Date: September 21, 2005 7:35:52 PM EDT
> To: Dave Farber <dave () farber net>,
> jadams01 () sprynet com
> Cc: Ip Ip <ip () v2 listbox com>
> Subject: Re: [IP] more on Hacked Speedpass, Hotel
> mag cards
>
>
>
> > So? In this case, we've got an actual, live
> individual making
>
> > fairly specific claims. Still could be a hoax, but
> as the snopes
>
> > page points out, one chain did formerly do just
> what was claimed.
>
> > Are you willing to bet that non-chains motels and
> hotels, and
>
> > cheaper chains, aren't doing this? Snopes is good
> at documenting
>
> > urban legends, but I don't regard that as superior
> to actually
>
> > testing the cards and finding out the truth of the
> matter.
>
> > The follow-up from Robert Mitchell points
> something interesting out:
>
> > "What's interesting to me is that while everyone
> has an opinion as
>
> > to whether its possible that hotels would  -
> either knowingly or
>
> > unknowingly - store such information on a card
> key, only one person
>
> > who posted here claims to have tried this at
> several hotels
>
> > (without success). Given past discussions and all
> of the news
>
> > stories going back to at least 2003, I am
> surprised that no one
>
> > else among this tech savvy group has tried this
> and reported in."
>
> > Hmm...now where could I find a tech-savvy group to
> supply data? Any
>
> > thoughts?
>
>
> Dave (and John),
>
> There is a body of GPL code that would allow anyone
> to decode the mag-
> stripe on these types of cards named "Stripe Snoop"
>
> http://stripesnoop.sourceforge.net/
>
> The site includes instructions on how to build (or
> modify) a mag-
> stripe card reader:
> http://stripesnoop.sourceforge.net/hardware/
> hardware.html
>
> A related toolkit allows the casual user to decode
> the 1-D and 2-D
> barcodes used on most state drivers licenses:
> http://turbulence.org/Works/swipe/barcode.html
>
> All that said, the Speedpass cards use a mag stripe,
> but rather
> RFID.  Its been hacked:  http://rfidanalysis.org/
>
> In my experience, the hotel room keys work as
> described.
> (Literally the only information is a room number and
> a limit on when the
> room key is valid.)
>
> However, your security can be compromised in other
> ways whilst
> staying in a hotel.  On more than one occasion I've
> been handed a key
> which opens more than one room, and I've been handed
> a key for an
> already occupied room.  (You can imagine the
> surprise of both parties
> in that one.)
>
> Also, the TV in your room has been cracked, with
> quite possible
> negative privacy aspects.
> http://www.wired.com/news/privacy/
> 0,1848,68370,00.html
>
> Jim
>
>
>
> -------------------------------------
> You are subscribed as tom_gray_grc () yahoo com
> To manage your subscription, go to
>   http://v2.listbox.com/member/?listname=ip
>
> Archives at:
http://www.interesting-people.org/archives/interesting-people/

>




__________________________________
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yahoo.com


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/