November 23rd, 2014

For the kinkos hack skeptics

And for the seriously skeptical, Secure Science actually released a video of an in store hack of the Kinko’s ExpressPay system. The enTrac/FedEx/Kinkos people must really be in denial here. You’d think they’d want to get this fixed up as soon as possible. One of the alarming things is that it seems that you can actually get cash back from the register with a printed receipt by showing the unused portion of your bill ($100 cap per card per charge). The system seems to wholly trust what it reads from the cards, and doesn’t even try to validate the data. Any serial number and dollar value can be written into it. Wow.

Here are some screen captures:

Comments are closed.

Imhotep theme designed by Chris Lin. Proudly powered by Wordpress.
XHTML | CSS | RSS | Comments RSS