Full Disclosure mailing list archives
Re: Hackers View Visa/MasterCard Accounts
From: Georgi Guninski <guninski () guninski com>
Date: Wed, 19 Feb 2003 23:17:09 +0200
I don't understand why compromising a few milion CC is such a news. Are the rest of the CCs safe?After all, the ms sql worm DoSed the bofa internal network and stopped ATMs by accident (not intentionally). Just consider what could have done an intentional worm or a human guided creature.
From the news it is not clear whether the attack was over the Internet. If it was, I am interested in the following question: They got cracked because: A. Their adminz are lame. B. Their software vendorz are lame. C. The cracker is an uber cracker. D. All of the above. E. None of the above. Just my 2 stotinki, Georgi Jason Coombs wrote:
Calling it a DoS might be a misnomer. It would look a lot more like a replay attack. The damage one could do with the millions of card numbers and expiration dates one could deduce from the seed list of 8 to 10 million would be the greatest when e-commerce shopping is replayed -- at any and every POS that accepts "card not present" transactions and ignores AVS. Use people.yahoo.com to assemble a list of shoppers and wham-o, thousands of merchants are busy shipping product, tens of thousands start to have difficulty picking legitimate orders out of the noise. DoS would only occur in the case of merchants who are incompetent at risk management to begin with and just stop filling orders or choose to ignore orders where AVS doesn't report a full match. Jason Coombs jasonc () science org
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Hackers View Visa/MasterCard Accounts futureshoks (Feb 18)
- <Possible follow-ups>
- Re: Hackers View Visa/MasterCard Accounts remember-handsworth (Feb 18)
- RE: Hackers View Visa/MasterCard Accounts John . Airey (Feb 19)
- RE: Hackers View Visa/MasterCard Accounts David Barnett (Feb 19)
- RE: Hackers View Visa/MasterCard Accounts Jason Coombs (Feb 19)
- Re: Hackers View Visa/MasterCard Accounts Georgi Guninski (Feb 19)
- Diskless Bastions & NFS; How secure is NFS (on Linux) rated? Steve Wray (Feb 20)
- RE: Hackers View Visa/MasterCard Accounts Bernie, CTA (Feb 19)
- RE: Hackers View Visa/MasterCard Accounts Jason Coombs (Feb 19)