Re: Pentesting EDC Apps

[Abuse007 <abuse007 () gmail com>]

Is there encryption and mac between the edc and the server?

On 05/11/2010, at 12:52 AM, sec.melis () gmail com wrote:

> Hi folks,
>
>
> I just have new assignment which is pentesting Electronic Data Capture (EDC)
> application based, running on Hypercom Optimum series. This application is
> used by prepaid card (a smart card chips) to update data inside the card. My
> client suspected that an attacker may able to modify data inside the card by
> circumventing dialup communication between EDC device and the server, but I
> am not sure about that.
> I saw from Optimum developer toolkit, they are using C or C++ for the roam
> software. Include in the SDK are opensource compiler like GCC and GDB for
> debugging stuff.
>
> Does anybody have good sources about this?
>
>
>
> Thanks.
> 00f/r0aD
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
> and CEPT certs require a full practical examination in order to become certified. 
>
> http://www.iacertification.org
> ------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------