July 29th, 2014

For the kinkos hack skeptics

And for the seriously skeptical, Secure Science actually released a video of an in store hack of the Kinko’s ExpressPay system. The enTrac/FedEx/Kinkos people must really be in denial here. You’d think they’d want to get this fixed up as soon as possible. One of the alarming things is that it seems that you can actually get cash back from the register with a printed receipt by showing the unused portion of your bill ($100 cap per card per charge). The system seems to wholly trust what it reads from the cards, and doesn’t even try to validate the data. Any serial number and dollar value can be written into it. Wow.

Here are some screen captures:


Fedex/Kinkos express pay hack

Apparently the FedEx/Kinkos Express Pay system has been cracked by Secure Science. While this in and of itself is entertaining, the aftermath is even more fun. According to Lance James on the bugtraq list, this was Kinko’s response:

"Our analysis shows that the information in the article is inaccurate
and not based on the way the actual technology and security function.
Security is a priority to FedEx Kinko's, and we are confident in the
security of our network in preventing such illegal activity."

This was his response:


As originally taken from here: http://ip.securescience.net/exploits/P1010029.JPG

Imhotep theme designed by Chris Lin. Proudly powered by Wordpress.
XHTML | CSS | RSS | Comments RSS