Creativity and security
leichter_jerrold at emc.com
leichter_jerrold at emc.com
Mon Mar 20 15:51:11 EST 2006
I was tearing up some old credit card receipts recently - after all
these years, enough vendors continue to print full CC numbers on
receipts that I'm hesitant to just toss them as is, though I doubt there
are many dumpster divers looking for this stuff any more - when I found
a great example of why you don't want people applying their "creativity"
to security problems, at least not without a great deal of review.
You see, most vendors these days replace all but the last 4 digits of
the CC number on a receipt with X's. But it must be boring to do the
same as everyone else, so some bright person at one vendor(*) decided
they were going to do it differently: They X'd out *just the last four
digits*. After all, who could guess the number from the 10,000
possibilities?
Ahem.
-- Jerry
(*) It was Build-A-Bear. The receipt was at least a year old, so for
all I know they've long since fixed this.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list