Full Disclosure: Re: Re: Fedex Kinkos Smart Card Authentication Bypass

[Lance James <bugtraq () securescience net>]

Dude VanWinkle wrote:
> On 2/28/06, Lance James <bugtraq () securescience net> wrote:
>   
> > Eric B wrote:
> >     
> > > Wait, so if I read this right, consumers with existing cards could
> > > dupe their legit cards for fake ones and cash in the fake ones yet
> > > still have credit on the legit card?
> > >
> > > So I'm assuming Fedex has no database/authentication system storing
> > > these serials...brilliant.
> > >
> > >       
> > Yup.
> >
> > According to Fedex Kinko's:
> > "Our analysis shows that the information in the article is inaccurate
> > and not based on the way the actual technology and security function.
> > Security is a priority to FedEx Kinko's, and we are confident in the
> > security of our network in preventing such illegal activity."
> >
> > Our response:
> >
> > http://ip.securescience.net/exploits/P1010029.JPG
> >     
> lol, now thats a funny picture!
>
> So am I to assume that normally you can go beyond 31337 on a Kinko's
> card and this is a modding of the original to produce the displayed
> picture?
>
>   
The max is $100.00
> -JP
>
>
>   
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/