Security Basics mailing list archives
Re: Weird IP
From: anastasiosm () gmail com
Date: 1 Feb 2009 21:28:55 -0000
As Ansgar Wiechers said,
If the system was compromised, an attacker could also have altered the logs to clear his trails.
I would agree with that. But it is also important to answer the questions made by Robin Wood before point any fingers to anyone. Considering the only logs you have are coming from the webserver, and assuming that it is not compromised (so that logs have been modified, passwords been stolen etc), I think it worths checking how the card numbers can be accessed normally, eg through a web-interface, how do users authenticate etc, possible attack scenario you should also include in your list could be that of a CSRF attack. Tasos
Current thread:
- Re: Weird IP anastasiosm (Feb 02)
- <Possible follow-ups>
- Re: Re: Weird IP si-n-ka-o-res-t (Feb 02)
- RE: Re: Weird IP Murda Mcloud (Feb 03)
- Re: Weird IP Andre Pawlowski (Feb 02)
- Re: Weird IP Gary Douglas (Feb 02)
- Re: Weird IP batman (Feb 02)
- Re: Weird IP Ricardo Carrillo (Feb 02)
- Re: Weird IP Debarko De (Feb 03)
- RE: Weird IP Prodigi Child (Feb 04)
- Re: Weird IP Myles (Feb 03)
- Re: Weird IP Debarko De (Feb 03)
- Re: Re: Weird IP tim (Feb 04)
(Thread continues...)