| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ILEPILDHBOLAHHEIMALBAEBAEOAA.jasonc@science.org> From: jasonc at science.org (Jason Coombs) Subject: Hackers View Visa/MasterCard Accounts lucky for cc fraudsters, issuers opt to create cards in batches where all of the neighboring card numbers share the same expiration date (month/year). -----Original Message----- From: Kevin Spett [mailto:kspett@...dynamics.com] Sent: Tuesday, February 18, 2003 11:02 AM To: jasonc@...ence.org; Richard M. Smith; full-disclosure@...ts.netsys.com Subject: Re: [Full-Disclosure] Hackers View Visa/MasterCard Accounts Even with the checksum digits, the keyspace for all possible credit card numbers is huge and largely unused. Also, if you get declined, you don't know whether it's a problem with the card number or the expiration date. There's no way to brute force issued card numbers independent of expiration dates, which would speed up the process greatly. So let's say that you're assuming that the expiration date is within three years. If you've got an unissued card number, you have to make all 36 attempts with it. Also, CNN has revised their story. The new number is 5.6 million credit card numbers. Kevin.
Powered by blists - more mailing lists