lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <du6rpf$6il$1@sea.gmane.org>
Date: Thu Mar  2 13:26:37 2006
From: davek_throwaway at hotmail.com (Dave Korn)
Subject: Re: Re: Fedex Kinkos Smart Card
	AuthenticationBypass

Lance James wrote:
> Dude VanWinkle wrote:
>> On 2/28/06, Lance James <bugtraq@...urescience.net> wrote:
>>>
>>> Our response:
>>>
>>> http://ip.securescience.net/exploits/P1010029.JPG
>>>
>>
>> lol, now thats a funny picture!
>>
>> So am I to assume that normally you can go beyond 31337 on a Kinko's
>> card and this is a modding of the original to produce the displayed
>> picture?
>>
>>
>
> The max is $100.00

  Given this bit...

> card as an ExpressPay stored-value card.  Bytes 0x20 through 0x27
> contain the value stored on the card, represented in IEEE 754
> double-precision floating point format.  Bytes 0x60 through 0x6A

.... was there anything to have stopped you loading the card with ... say 
....  $1.7976E+308 ?

  :P LOL, using an fp double to store an amount of currency.  Hmm, maybe 
it's not the range, but the precision they want.  Maybe it's not that 
they're expecting Bill Gates to use their cards after all.  Maybe they're 
expecting people to load them up with units of femtocents?

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ