[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] Small vulnerability in Canadian Pay Pal SecretQuestion
- To: "Rob Adams" <rob@ebeep.org>, "j tole" <jtole2003@yahoo.com>
- Subject: RE: [Full-Disclosure] Small vulnerability in Canadian Pay Pal SecretQuestion
- From: "Dan Clements" <dan@cardcops.com>
- Date: Fri, 9 Jan 2004 13:04:27 -0800
FYI...
>This mini-white paper outlines how hackers and carders migrate or hopscotch
>between online accounts.
>These sites are discussed; Amazon, Paypal, Earthlink, and Bank of America,
>among others.
>
>http://www.cardcops.com/account_takeover.htm
-----Original Message-----
From: full-disclosure-admin@lists.netsys.com
[mailto:full-disclosure-admin@lists.netsys.com]On Behalf Of Rob Adams
Sent: Friday, January 09, 2004 12:07 PM
To: j tole
Cc: hostmaster@paypal.com; full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] Small vulnerability in Canadian Pay Pal
SecretQuestion
j tole wrote, in part:
>One of the [Paypal] secret questions you can select when
>setting up your pay pal account is to enter the last 4
>digits of your drivers license. The problem here, is
>that the last 4 digits of most any canadian drivers
>license are the month and day that you were born. For
>example of the last 7 digits of my drivers license
>were 8-40726 then I would be born on july 26th, 1984.
>
>J. Tole a.k.a. ph1zzle
>jtole2003@yahoo.com
>
>
For what it is worth, here in Illinois the last five digits encode your
year and date of birth, and gender (the first seven encode your name).
For example, a male, born 5/5/1963 would have a license that ends:
63129
See http://www.highprogrammer.com/alan/numbers/dl_us_shared.html for
details.
Rob Adams
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html