Report: FedEx Kinko's ExpressPay Can Be Exploited For Cash

["Fergie" <fergdawg () netzero net>]

This might not be news to some of you, but I unsubscribed to
FD several months ago due to the SN ratio. :-)

Via SecurityFocus.

[snip]

A vulnerability in the FedEx Kinko's ExpressPay system allows an attacker to receive free services or even cash from 
the stores, according to a post on Full-Disclosure yesterday.

The ExpressPay system uses a Siemens/Infineon SLE4442 smartcard to store the pre-purchased value, and a three-byte 
security code prevents rewriting of the card's data. The method described for obtaining the security code involves 
using a logic analyzer at a point where the card is written to, and it is reported that this code is the same across 
all cards in circulation.

[snip]

Duh -- that was stoopid.

More:
http://www.securityfocus.com/brief/150

- ferg


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg () netzero net or fergdawg () sbcglobal net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.