So next topic "stealing purses, for fun And profit" is out On Aug 12, 2013 2:13 PM, "Ron" <r...@skullsecurity.net> wrote:
> I recommend against talking/speculating about something that essentially > amounts to fraud on a publicly archived/index mailing list. > > Ron > > On 2013-08-12 14:09, chris kluka wrote: > > my intuition says that they wouldn't do this. The bus system is based on > a > > somewhat good-faith accounting system. Even cash deposits are only > roughly > > examined. > > > > The other thing about having a server/client model is a required data > > connection to each bus. Assuming this is cellular, they would have to pay > > at least a few tens of dollars per month per bus to a cellular provider > and > > also a few hundred dollars per bus one time buying the cellular link > > equipment. Compared with the cost of accepting the possible attack vector > > of reversing the barcodes and generating your own, it seems to me that > it's > > unlikely to be a "net profit" for the bus company to invest in cellular > > links to "verify" transfers rather than just accepting lower security and > > accepting that people could hack the system and print their own > transfers. > > > > > > On Mon, Aug 12, 2013 at 1:54 PM, Aemilianus Kehler <zew...@gmail.com> > wrote: > > > > > I find this funny and will be sharing with my coworker as we were > > > discussing this ourselves.. > > > > > > Was it really possible, are you able to print your own transfer > tickets? I > > > figured it would be based on a server/client model with some sort of > random > > > number generator to make each ticket unique and have to be verified by > > > contacting a server, which would only be active for the duration of the > > > transfer time. > > > > > > Where can I get more info on this? Thanks > > > Cheers!! > > > > > > On Aug 12, 2013, at 8:59 AM, Sean Cody <s...@tinfoilhat.ca> wrote: > > > > > > > On 2013-08-12, at 8:56 AM, Mak Kolybabi <m...@kolybabi.com> wrote: > > > > > > > >> On 2013-08-12 08:48, sean wrote: > > > >>> Apparently a bunch of folks are independently looking at reversing > the > > > >>> QR codes on the new transit transfers. > > > >> > > > >> Yup. The research is currently complete. > > > >> > > > >>> After a couple weeks of collection we could get a nice data set > > > together. > > > >> > > > >> It turned out that about half-a-dozen were needed to get a full > > > reversal. > > > >> We don't need any more. More details will probably be made public > later. > > > >> > > > >> > > > > > > > > Procrastination yet again proven successful! > > > > > > > > -- > > > > Sean > > > > > > > > _______________________________________________ > > > > SkullSpace Discuss Mailing List > > > > Help: http://www.skullspace.ca/wiki/index.php/Mailing_List#Discuss > > > > Archive: https://groups.google.com/group/skullspace-discuss-archive/ > > > _______________________________________________ > > > SkullSpace Discuss Mailing List > > > Help: http://www.skullspace.ca/wiki/index.php/Mailing_List#Discuss > > > Archive: https://groups.google.com/group/skullspace-discuss-archive/ > > > > > > _______________________________________________ > > SkullSpace Discuss Mailing List > > Help: http://www.skullspace.ca/wiki/index.php/Mailing_List#Discuss > > Archive: https://groups.google.com/group/skullspace-discuss-archive/ > > _______________________________________________ > SkullSpace Discuss Mailing List > Help: http://www.skullspace.ca/wiki/index.php/Mailing_List#Discuss > Archive: https://groups.google.com/group/skullspace-discuss-archive/ >
_______________________________________________ SkullSpace Discuss Mailing List Help: http://www.skullspace.ca/wiki/index.php/Mailing_List#Discuss Archive: https://groups.google.com/group/skullspace-discuss-archive/
