Penetration Testing mailing list archives
Re: Pentesting EDC Apps
From: Abuse007 <abuse007 () gmail com>
Date: Thu, 2 Dec 2010 14:38:03 +1100
Is there encryption and mac between the edc and the server? On 05/11/2010, at 12:52 AM, sec.melis () gmail com wrote:
Hi folks, I just have new assignment which is pentesting Electronic Data Capture (EDC) application based, running on Hypercom Optimum series. This application is used by prepaid card (a smart card chips) to update data inside the card. My client suspected that an attacker may able to modify data inside the card by circumventing dialup communication between EDC device and the server, but I am not sure about that. I saw from Optimum developer toolkit, they are using C or C++ for the roam software. Include in the SDK are opensource compiler like GCC and GDB for debugging stuff. Does anybody have good sources about this? Thanks. 00f/r0aD ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Pentesting EDC Apps Abuse007 (Dec 02)