[18460] in cryptography@c2.net mail archive
Amazon's
daemon@ATHENA.MIT.EDU (Amir Herzberg)
Wed Sep 14 12:57:42 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 14 Sep 2005 19:04:07 +0200
From: Amir Herzberg <herzbea@macs.biu.ac.il>
Reply-To: herzbea@macs.biu.ac.il
To: "'Cryptography'" <cryptography@metzdowd.com>
Amazon have this lovely service: if you tell if you forgot your pw, they
send you to:
https://www.amazon.com/exec/obidos/self-service-forgot-password-get-email-done/104-2901457-0883904
where they ask you to confirm your identity... using 5 last digits of a
credit card you used with them.
Nice oracle to find last 5 digits... making it quite easy to find the
full number.
Not that anybody would bother. Still, I find it funny.
--
Best regards,
Amir Herzberg
Associate Professor
Department of Computer Science
Bar Ilan University
http://AmirHerzberg.com
Try TrustBar - improved browser security UI:
http://AmirHerzberg.com/TrustBar
Visit my Hall Of Shame of Unprotected Login pages:
http://AmirHerzberg.com/shame
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
