funsec mailing list archives
How do I exploit thee ...
From: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rmslade () shaw ca>
Date: Fri, 8 Oct 2010 12:47:03 -0800
PayPal iPhone app makes cheque deposits http://www.cbc.ca/technology/story/2010/10/08/con-cheque-app.html Let me count the ways: Are the images encrypted in transit? Are they encrypted in storage on the iPhone? (How are they protected at Paypal?) Can the images be modified, in order to change cheque numbers, for instance, and multiply transactions? Is this only available with a non-jailbroken iPhone? If they can be modified, they can be created for fake accounts ... I'm sure that there are controls in place, particularly for these obvious ideas. Are the controls sufficient? The idea of trusting an image captured by a user-owned interface device just seems to be asking for trouble ... ====================== (quote inserted randomly by Pegasus Mailer) rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org If you do buy a computer, don't turn it on. - Richards' 2nd Law victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html http://blogs.securiteam.com/index.php/archives/author/p1/ http://www.infosecbc.org/links http://twitter.com/rslade _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- How do I exploit thee ... Rob, grandpa of Ryan, Trevor, Devon & Hannah (Oct 08)
- Re: How do I exploit thee ... Joel R. Helgeson (Oct 12)