Caller ID "spoofing" 2982

couple recent stories on caller id spoofing

Technology Facilitates Caller ID Spoofing Caller ID spoofing becomes all too easy Caller ID Spoofing Becomes Easy FCC Probes Caller-ID Fakers

and for some drift on authentication subject; multi-factor authentication buttumes that the different authentication factors have different threat-exploits; from 3-factor authentication model

* something you have * something you know * something you are

pin-debit has the magstripe on the card as proof of "something you have" and the pin as "something you know" as independent authentication factors with independent failure-vulnerability modes. however, if you have written the pin on the card, and then card lost-stolen has a common failure-vulnerability.

Nailing fraud at the pump

from above:

Motorists who pay for gas at the pump with credit cards soon may be asked to type in their home ZIP codes - if they haven't had to already.

... snip ...

the issue here is "ZIP code" is used as "something you know" authentication for credit cards (analogous to PIN for pin-debit). however, there is an issue that skimming technology has been applied at point-of-sale (including fuel pumps) against pin-debit (where both the magstripes and pins are captured for later use with counterfeit card and fraudulent transactions). "ZIP code" is a countermeasure for lost-stolen credit card in manner similar to PIN being countermeasure for lost-stolen debit card. However, they are all vulnerable to common skimming exploits.

Typical credit card transaction format definition will have an optional "AVS" field for carrying zip-code information. This somewhat originated for MOTO (mail-order-telephone-order) transaction as additional authentication for card-not-present transactions.

The x9a10 financial standards working group was given reguirement for x9.59 that it preserve the integrity of the financial infrastructure for all retail payments (aka not just internet or point-of-sale, or debit, or credit, or stored-value ... but "ALL").

Fw: Tax chooses dead language Austalia
stu did the original script for cms at the science center... using runoff-like dot...

part of the issue predating the internet was skimming & harvesting exploits; where the transaction information was skimmed-harvested.

if there was magstripe value, that could be skimmed and used to produce a counterfeit magstripe; if there was pin, that could be skimmed also. as a result, various of the skimming and harvesting vulnerabilities resulted in compromise of all the static-data-based authentication mechanisms (whether they were magstripe, pin, pbuttword, whatever). common skimming exploit could record "something you have" (magstripe), "something you know" (pin-pbuttword), and even "something you are" (biometric values).

European Central Bank Urges Broader Card Payment Standards

from above:

Even with this, EMV only combats fraud from counterfeited or lost or stolen cards, not, for instance, card-not-present fraud. "Fraud could migrate to less protected transaction types", says the ECB. "Fraud prevention efforts should continue."

... snip ...

scan disk 2983
Actually on checking with my friend GOOGLE I see that if you are still using an OS that is sat on top of DOS (i.e. WIN9X or WINME) you can tell scan...

EMV has gone thru a couple generations as previous generations became vulnerable. one of the original EMV generations was vulnerable to the same skimming techniques used on magstripe cards ... and the resulting counterfeit cards got the label of "yes cards" in the UK press. misc. past posts mentioning "yes cards"

scan disk 2985
Sure. But it vastly more true about MS. Back in the good old days, when computer...

List | Previous | Next

scan disk 2983

Alt Folklore Computers from Newsgroups

The #1 Usenet Provider on the Internet

Caller ID "spoofing" 2981

PLEX86 x86- Virtual Machine (VM) Program


	CVS \| Mailing List \| Download \| Newsgroups

		Caller ID "spoofing" 2982 couple recent stories on caller id spoofing Technology Facilitates Caller ID Spoofing Caller ID spoofing becomes all too easy Caller ID Spoofing Becomes Easy FCC Probes Caller-ID Fakers and for some drift on authentication subject; multi-factor authentication buttumes that the different authentication factors have different threat-exploits; from 3-factor authentication model * something you have * something you know * something you are pin-debit has the magstripe on the card as proof of "something you have" and the pin as "something you know" as independent authentication factors with independent failure-vulnerability modes. however, if you have written the pin on the card, and then card lost-stolen has a common failure-vulnerability. Nailing fraud at the pump from above: Motorists who pay for gas at the pump with credit cards soon may be asked to type in their home ZIP codes - if they haven't had to already. ... snip ... the issue here is "ZIP code" is used as "something you know" authentication for credit cards (analogous to PIN for pin-debit). however, there is an issue that skimming technology has been applied at point-of-sale (including fuel pumps) against pin-debit (where both the magstripes and pins are captured for later use with counterfeit card and fraudulent transactions). "ZIP code" is a countermeasure for lost-stolen credit card in manner similar to PIN being countermeasure for lost-stolen debit card. However, they are all vulnerable to common skimming exploits. Typical credit card transaction format definition will have an optional "AVS" field for carrying zip-code information. This somewhat originated for MOTO (mail-order-telephone-order) transaction as additional authentication for card-not-present transactions. The x9a10 financial standards working group was given reguirement for x9.59 that it preserve the integrity of the financial infrastructure for all retail payments (aka not just internet or point-of-sale, or debit, or credit, or stored-value ... but "ALL"). Fw: Tax chooses dead language Austalia stu did the original script for cms at the science center... using runoff-like dot... part of the issue predating the internet was skimming & harvesting exploits; where the transaction information was skimmed-harvested. if there was magstripe value, that could be skimmed and used to produce a counterfeit magstripe; if there was pin, that could be skimmed also. as a result, various of the skimming and harvesting vulnerabilities resulted in compromise of all the static-data-based authentication mechanisms (whether they were magstripe, pin, pbuttword, whatever). common skimming exploit could record "something you have" (magstripe), "something you know" (pin-pbuttword), and even "something you are" (biometric values). European Central Bank Urges Broader Card Payment Standards from above: Even with this, EMV only combats fraud from counterfeited or lost or stolen cards, not, for instance, card-not-present fraud. "Fraud could migrate to less protected transaction types", says the ECB. "Fraud prevention efforts should continue." ... snip ... scan disk 2983 Actually on checking with my friend GOOGLE I see that if you are still using an OS that is sat on top of DOS (i.e. WIN9X or WINME) you can tell scan... EMV has gone thru a couple generations as previous generations became vulnerable. one of the original EMV generations was vulnerable to the same skimming techniques used on magstripe cards ... and the resulting counterfeit cards got the label of "yes cards" in the UK press. misc. past posts mentioning "yes cards" -- scan disk 2985 Sure. But it vastly more true about MS. Back in the good old days, when computer... List \| Previous \| Next



		scan disk 2983 Alt Folklore Computers from Newsgroups The #1 Usenet Provider on the Internet Caller ID "spoofing" 2981