lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040109190059.44138.qmail@web60809.mail.yahoo.com>
From: jtole2003 at yahoo.com (j tole)
Subject: Small vulnerability in Canadian Pay Pal Secret Question

This vulnerability isn't a huge one and isn't even so
much technical but I thought it was at least worth
addressing.

This problem arises from the Secret Questions
seciotion of the pay pal account, and as far as I know
this only affects canadian members.

One of the secret questions you can select when
setting up your pay pal account is to enter the last 4
digits of your drivers license. The problem here, is
that the last 4 digits of most any canadian drivers
license are the month and day that you were born. For
example of the last 7 digits of my drivers license
were 8-40726 then I would be born on july 26th, 1984.
Canada uses this as a secondary measure to ensure
validity of age against people modify their license (I
used to work in a bar).

So anyone who wanted to know the answer to the last 4
digits of your drivers license secret question would
only need to know the day and month you were born to
know the answer.

Seeing as how the other 3 possible secret choice
questions are kinda weak anyways, it doesn't provide
much security against someone who has done their
homework from stealing your money. 

Also it is my guess that this question was just left
over from the secret question on the american paypal,
which american licenses don't use the same method, I
think.

Anyways, have fun.

J. Tole a.k.a. ph1zzle
jtole2003@...oo.com


__________________________________
Do you Yahoo!?
Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
http://hotjobs.sweepstakes.yahoo.com/signingbonus


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ