For the kinkos hack skeptics
aaron posted in hacking, owned on March 2nd, 2006
And for the seriously skeptical, Secure Science actually released a video of an in store hack of the Kinko’s ExpressPay system. The enTrac/FedEx/Kinkos people must really be in denial here. You’d think they’d want to get this fixed up as soon as possible. One of the alarming things is that it seems that you can actually get cash back from the register with a printed receipt by showing the unused portion of your bill ($100 cap per card per charge). The system seems to wholly trust what it reads from the cards, and doesn’t even try to validate the data. Any serial number and dollar value can be written into it. Wow.