Archive for the ‘Uncategorized’ category

Fun with Mag Stripes – What’s on your card?

October 11th, 2011

I was speaking with a friend when he told me something interesting.  Apparently some hotels embed your personal information into your hotel room key-card.  Things like your name, and phone are written to the magnetic strip that you use to unlock your hotel door.  This is the same key-card that most people simply toss in the trash when they’re done with their stay.  Talk about a HUGE privacy hole!

In other news: you can buy a USB mag stripe reader – for cheap! I went ahead and picked on up, and it just arrived today:

Magnetic Strip Reader

a

Time to get Swiping!

Cards

a

Notes:
-For obvious reasons, I’ve substituted actual values with their meanings (CA => STATE)
-I’ve added brackets[] that were not present in the scan to group the information visually.
-I used a lowercase ‘d’ to stand for “digit” (a number)
-I used a lowercase “a” to mean “alphanumeric” (mixed letters and numbers)

First up, my CA Driver’s License.  Here’s what was embedded:

%[STATE][CITY]^[LASTNAME]$[FIRSTNAME]$[MIDDLE]^[ADDRESS]^?;
[WEIGHT][ddddd][DLNUMBER]=[dddddddddddd]?+!![ZIPCODE] [CLASS]
[SEX][HEIGHT][EYE][HAIR] [addddddddddd][aaaaaaaaa];<?

I suppose I was a bit suprised at just how much information was embedded.  I expected just the DL number.  Something interesting to note, that means that anyone who swipes your ID (say to buy alcohol or get into a nightclub) can store all of your personal information including your address, height and eye color!

I decided to round up every card I could find with a Mag Strip.  Here’s a few results:

UCD ID Card:

:[IDNUMBER]=0?

UCD Gym Card:

%[ddd]^[STUDENTID]^[FIRST]^[LAST]?;[EXPDATE]?

IKEA Gift Card:

;[ddddddddddddddddddd]?

Safeway Club Card:

;[dddd][ACCOUNTNUM]=[dddd]?

AAA Member Card:

%B[ACCOUNTNUMBER]^[LAST]/[FIRST]^[ddddddddddddddddddddd][EXPDATE][dddd]?;
[d][ACCOUNTNUMBER]=[dddddddddddddddddddd]?

And some Finance Cards:

Wells Debit Card:

%[a][ACCOUNTNUMBER]^[LAST]/[FIRST] [MI]^[EXPDATE][ddddddddddddddd] [ddddddddddd]?;
[ACCOUNTNUMBER]=[EXPDATE][ddddddddddddd]?

REI Visa:

%[d][ACCOUNTNUMBER]^[LAST]/[FIRST] [MI] ^[EXPDATE][ddddddddddddddddddddddddddd]?;
[ACCOUNTNUMBER]=[EXPDATE][dddddddddddddddd]?+==[REIMEMBER]=?

 Conclusions:
Although I didn’t have any hotel cards around to test the original claim, the mag stipes of the cards I did have were interesting nonetheless.  Club cards tend to be well-behaved and only showed your account number amongst other digits (what I suspect are store codes and such).  Financial cards have plenty of sensitive data in the stripe, but that’s no suprise.  I’ll keep the reader around, and I’ll update this post if I come across any cards with overly-sensitive data embedded.

Online Flashcards

May 29th, 2010

I’ve stared a new side project – an online flashcard site.  This has stemmed from four reasons:

1. There are currently (that I could find) no smart flashcard sites.  When I use flashcards I don’t just look at the front and back from start to finish.  This is how all existing sites online work.  I want to remove cards I know as I go, swap the front & back (starting with definitions), shuffle them, and much more.  This site will do all that.

2. There are no multi-platform flashcard sites.  I want to create the cards on my desktop computer, and be able to browse them later on my smartphone.  This site will have an iPhone and Android compatible web version, making it truly convienient.

3. I (personally) like to use flashcards to learn things, and I need a better system to do it.

4. I need a good project to get some jQtouch mobile code under my belt.

There is currently a beta version of the site available, it’s basically more of a proof-of-concept at this stage.  Many features are not yet implemented, it’s just the basics. Feel free to check it out, and leave some feedback as a comment. I’ve started the mobile version as well, but it’s currently buggy and not worth visiting.

Online Flashcards

Cheers
-Peter