Full Disclosure mailing list archives
What Your Empty Wallet Says About You
From: "Marek Isalski" <Marek.Isalski () smuht nwest nhs uk>
Date: Tue, 22 Jun 2004 11:31:22 +0100
In an attempt to be slightly on-topic; more so than the "0day disclosures" that I just read with the Delete key. A couple of months ago my partner bought a new wallet in which to keep my credit cards, debit cards and useful "plastic" -- presumably she was shamed at the scruffy nature of the previous wallet. So after being jammed in my pockets, packed with my flexible friends, I noticed something which I'll need to bear in mind when this wallet is deemed shoddy and due for replacement -- the poly-something sleeves that hold the cards are plastic (impressionable) and, when your wallet isn't chocked full of cards, the softness of empty plastic sleeves is deformed by the raised print of the cards. This deformity remains for a long time with the cards removed. Attached is a cropped photograph (taken with a cheap phone camera). I've pulled the card slightly out of its sleeve -- in the right lighting, you can easily read the card number. And you can just about make out the card holder's name, sort and account numbers by eye (the camera is of too low a quality). All the more reason to have the three digit security code on the back of the card not embossed -- but with only 1000 combinations, does this have enough entropy to deter a determined credit card thief from hunting through rubbish for wallets? I imagine that people cycle cards faster than wallets -- my figures are about six cards in as many years for one wallet -- but there's a much larger amount of information for the wallet to disclose. Hopefully we all know to chop up our expired credit cards when "retiring" them. I certainly didn't think I would need to apply data destruction to a worn-out container (an interesting thought exercise in itself -- I don't want to burn it and choke on fumes, and I don't think the office shredder will cope...). (And no, this vulnerability doesn't have a CVE, the vendor hasn't been notified, and the only "shoutz" go out to aforementioned partner, Melanie.) Regards, Marek
Current thread:
- What Your Empty Wallet Says About You Marek Isalski (Jun 22)
- <Possible follow-ups>
- RE: What Your Empty Wallet Says About You Jos Osborne (Jun 22)