lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: dan at (Dan Clements)
Subject: Small vulnerability in Canadian Pay Pal SecretQuestion


>This mini-white paper outlines how hackers and carders migrate or hopscotch
>between online accounts.
>These sites are discussed; Amazon, Paypal, Earthlink, and Bank of America,
>among others.

-----Original Message-----
[]On Behalf Of Rob Adams
Sent: Friday, January 09, 2004 12:07 PM
To: j tole
Subject: Re: [Full-Disclosure] Small vulnerability in Canadian Pay Pal

j tole wrote, in part:

>One of the [Paypal] secret questions you can select when
>setting up your pay pal account is to enter the last 4
>digits of your drivers license. The problem here, is
>that the last 4 digits of most any canadian drivers
>license are the month and day that you were born. For
>example of the last 7 digits of my drivers license
>were 8-40726 then I would be born on july 26th, 1984.
>J. Tole a.k.a. ph1zzle

For what it is worth, here in Illinois the last five digits encode your
year and date of birth, and gender (the first seven encode your name).
For example, a male, born 5/5/1963 would have a license that ends:

See for

Rob Adams

Full-Disclosure - We believe in it.

Powered by blists - more mailing lists