this post was submitted on 20 May 2024
379 points (98.0% liked)

Technology

58013 readers
3140 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
L4s@lemmy.world
379
Two students find security bug that could let millions do laundry for free (www.theverge.com)
submitted 3 months ago by return2ozma@lemmy.world to c/technology@lemmy.world
87 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[โ€“] uis@lemm.ee 1 points 3 months ago (1 children)

Meaning I could either back up and rewrite a $20 card forever, or rewrite the balance to having FF credits or whatever.

As you can guess, checksum is stored somewhere. And that somewhere happens to be card that was just dumped.

[โ€“] Excrubulent@slrpnk.net 4 points 3 months ago* (last edited 3 months ago)

Yeah, but you'd need the algorithm. It could be a hash of some kind, and if you don't know what kind of algorithm they're using you can't replicate it.

EDIT: Oh, I see what you're saying. You mean you could simply rewrite the original card value back over it forever. That's actually quite clever, and it would work even in case the card was completely encrypted.

Actually that means this is trivial to beat I think.