Interesting People mailing list archives
more on Hacked Speedpass, Hotel mag cards
From: David Farber <dave () farber net>
Date: Thu, 22 Sep 2005 09:29:43 -0400
Begin forwarded message: From: Tom Gray <tom_gray_grc () yahoo com> Date: September 22, 2005 9:22:37 AM EDT To: dave () farber net Subject: Re: [IP] more on Hacked Speedpass, Hotel mag cards For IP, if you wish One thing that a;ways puzzles me when similar issues are brought up is that it is easy to perform a creidt card fraud without any technological assistance. I found transactions on my credit card bill for a web porn site. I complained to the credit card company. They obtained the 'authorization' slip from the porn company. They claimed that they obtained the card number from a call and that the name provided was 'A Guy'. When I mentioned to the credit card company agent that this was an obvious fraud, she was shocked. There is a common fraud in which unethical companies will generate possible credit card numbers that pass the simple validity checks performed by the banks. They then attempt to bill these numbers until they find hits. They then charge small amounts ($25 or so) to the cards in hope that the charges will not be noticed. In my case, Charges cen then be made at intervals. I noted the charges immediately and complaimed but there had already been another charge for a porn service. So I find all this concern about the hacking of RFIDs and credit card stripes rather puzzling. Why go to the bother whrn the credit card system is so open for abuse. Tom Gray --- David Farber <dave () farber net> wrote:
Begin forwarded message: From: Jim Thompson <jim () netgate com> Date: September 21, 2005 7:35:52 PM EDT To: Dave Farber <dave () farber net>, jadams01 () sprynet com Cc: Ip Ip <ip () v2 listbox com> Subject: Re: [IP] more on Hacked Speedpass, Hotel mag cardsSo? In this case, we've got an actual, liveindividual makingfairly specific claims. Still could be a hoax, butas the snopespage points out, one chain did formerly do justwhat was claimed.Are you willing to bet that non-chains motels andhotels, andcheaper chains, aren't doing this? Snopes is goodat documentingurban legends, but I don't regard that as superiorto actuallytesting the cards and finding out the truth of thematter.The follow-up from Robert Mitchell pointssomething interesting out:"What's interesting to me is that while everyonehas an opinion asto whether its possible that hotels would -either knowingly orunknowingly - store such information on a cardkey, only one personwho posted here claims to have tried this atseveral hotels(without success). Given past discussions and allof the newsstories going back to at least 2003, I amsurprised that no oneelse among this tech savvy group has tried thisand reported in."Hmm...now where could I find a tech-savvy group tosupply data? Anythoughts?Dave (and John), There is a body of GPL code that would allow anyone to decode the mag- stripe on these types of cards named "Stripe Snoop" http://stripesnoop.sourceforge.net/ The site includes instructions on how to build (or modify) a mag- stripe card reader: http://stripesnoop.sourceforge.net/hardware/ hardware.html A related toolkit allows the casual user to decode the 1-D and 2-D barcodes used on most state drivers licenses: http://turbulence.org/Works/swipe/barcode.html All that said, the Speedpass cards use a mag stripe, but rather RFID. Its been hacked: http://rfidanalysis.org/ In my experience, the hotel room keys work as described. (Literally the only information is a room number and a limit on when the room key is valid.) However, your security can be compromised in other ways whilst staying in a hotel. On more than one occasion I've been handed a key which opens more than one room, and I've been handed a key for an already occupied room. (You can imagine the surprise of both parties in that one.) Also, the TV in your room has been cracked, with quite possible negative privacy aspects. http://www.wired.com/news/privacy/ 0,1848,68370,00.html Jim ------------------------------------- You are subscribed as tom_gray_grc () yahoo com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at:
http://www.interesting-people.org/archives/interesting-people/
__________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com ------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on Hacked Speedpass, Hotel mag cards David Farber (Sep 22)
- <Possible follow-ups>
- more on Hacked Speedpass, Hotel mag cards David Farber (Sep 22)
- more on Hacked Speedpass, Hotel mag cards David Farber (Sep 22)