[Gllug] [ot] borked net transaction
Christopher Hunter
chrisehunter at blueyonder.co.uk
Sun May 8 08:47:18 UTC 2005
On Saturday 07 May 2005 12:48, John Winters wrote:
> > On Saturday 07 May 2005 10:02, John Winters wrote:
> >> Err, no. If it were trivial to discover then there would be absolutely
> >> no
> >> point in chip and pin cards at all.
> >
> > With a card reader and some simple inspection of the data held on the
> > card, it
> > really IS trivial to discover the PIN. It took me a little while to work
> > out
> > how it's done, but I'm nothing special when it comes to data analysis so
> > it
> > MUST be trivial!
>
> I think you need to provide some more details of what exactly it is that
> you think you've done.
>
> Reading data of the mag stripe is indeed trivial - but the PIN isn't
> there. The data relating to validating the PIN are held in the chip -
> now, what exactly did you read, how did you read it and how did you derive
> the PIN? Informed minds want to know.
>
> John
Reading the chip is easy to do (indeed there are card chip readers and writers
cheaply available). A company I do design work for were using a card chip
reader/writer as a "security" system for a machine condition monitor (I'm not
allowed to disclose further info). I tried a number of credit and debit
cards, and was able to glean more information that I expected!
Chris
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list