lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: dan at cardcops.com (Dan Clements)
Subject: Small vulnerability in Canadian Pay Pal SecretQuestion

FYI...

>This mini-white paper outlines how hackers and carders migrate or hopscotch
>between online accounts.
>These sites are discussed; Amazon, Paypal, Earthlink, and Bank of America,
>among others.
>
>http://www.cardcops.com/account_takeover.htm






-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Rob Adams
Sent: Friday, January 09, 2004 12:07 PM
To: j tole
Cc: hostmaster@...pal.com; full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] Small vulnerability in Canadian Pay Pal
SecretQuestion


j tole wrote, in part:

>One of the [Paypal] secret questions you can select when
>setting up your pay pal account is to enter the last 4
>digits of your drivers license. The problem here, is
>that the last 4 digits of most any canadian drivers
>license are the month and day that you were born. For
>example of the last 7 digits of my drivers license
>were 8-40726 then I would be born on july 26th, 1984.
>
>J. Tole a.k.a. ph1zzle
>jtole2003@...oo.com
>
>

For what it is worth, here in Illinois the last five digits encode your
year and date of birth, and gender (the first seven encode your name).
For example, a male, born 5/5/1963 would have a license that ends:
    63129

See http://www.highprogrammer.com/alan/numbers/dl_us_shared.html for
details.

Rob Adams


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists