[Gllug] [ot] borked net transaction

[John Winters]

> On Saturday 07 May 2005 10:02, John Winters wrote:
>
>> Err, no.  If it were trivial to discover then there would be absolutely
>> no
>> point in chip and pin cards at all.
>
> With a card reader and some simple inspection of the data held on the
> card, it
> really IS trivial to discover the PIN.  It took me a little while to work
> out
> how it's done, but I'm nothing special when it comes to data analysis so
> it
> MUST be trivial!

I think you need to provide some more details of what exactly it is that
you think you've done.

Reading data of the mag stripe is indeed trivial - but the PIN isn't
there.  The data relating to validating the PIN are held in the chip -
now, what exactly did you read, how did you read it and how did you derive
the PIN?  Informed minds want to know.

John

-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug