[21464] in cryptography@c2.net mail archive
Creativity and security
daemon@ATHENA.MIT.EDU (leichter_jerrold@emc.com)
Mon Mar 20 22:17:44 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: leichter_jerrold@emc.com
To: cryptography@metzdowd.com
Date: Mon, 20 Mar 2006 15:51:11 -0500
I was tearing up some old credit card receipts recently - after all
these years, enough vendors continue to print full CC numbers on
receipts that I'm hesitant to just toss them as is, though I doubt there
are many dumpster divers looking for this stuff any more - when I found
a great example of why you don't want people applying their "creativity"
to security problems, at least not without a great deal of review.
You see, most vendors these days replace all but the last 4 digits of
the CC number on a receipt with X's. But it must be boring to do the
same as everyone else, so some bright person at one vendor(*) decided
they were going to do it differently: They X'd out *just the last four
digits*. After all, who could guess the number from the 10,000
possibilities?
Ahem.
-- Jerry
(*) It was Build-A-Bear. The receipt was at least a year old, so for
all I know they've long since fixed this.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
