Vulnerability Development mailing list archives
Re: ICQ >= 99* + CC Data
From: vanja () RELAYGROUP COM (Vanja Hrustic)
Date: Mon, 17 Jan 2000 13:14:47 +0700
Ken Williams wrote:
I agree that it sounds very unlikely, but one of the reports came from a respected security software developer (who is now MIA, unavailable). Here is the only additional info I have: - All reports involved ICQ for Windows 95/98/NT4 - Attempts to snag Credit Card data only noticed/picked up by firewall and/or proxy when ICQ was initially started for the first time after ICQ client installation
Could someone clarify what exactly means 'snag Credit Card data'? Looking for a known file on a hard drive? Stealing cookies? Intercepting traffic? Recording keystrokes? Or ... ? It'd be interesting to know if there is a way that someone (not talking about ICQ) is able to *locate* the credit card information on a hard disk (yes, we can make many theories, but does anybody actually know for sure that cc data is located somewhere on the hard disk, for whatever reason?) How could it send data to Mirabilis? Basically, if your firewall lets ICQ traffic through - it will most likely be at port 4000. If cc data is sent though port 4000, it shouldn't be too hard to distinguish between 'real' ICQ traffic, and "something else". If it's destined to some other port (or even some other type of 'traffic') - I am pretty sure that many people would notice that. Just take a look at what kinds of questions (related to 'strange traffic') are posted on Firewalls/FW-Wizards/Incidents lists. Someone would ask about traffic to mirabilis.com, for sure... :) Of course, there is always a possibility that some disgruntled employee inserted a piece of code in order to get his/her "revenge" (for whatever reason). Or they have been 'r00t3d' ;) -- Vanja Hrustic The Relay Group http://relaygroup.com Technology Ahead of Time
Current thread:
- [Fwd: Administrivia #4883], (continued)
- [Fwd: Administrivia #4883] Blue Boar (Jan 13)
- Firewall-1 Logging *Issue* Mike Frantzen (Jan 13)
- Re: Firewall-1 Logging *Issue* Blue Boar (Jan 13)
- Re: Administrivia #4883 nascheme () ENME UCALGARY CA (Jan 14)
- Secure coding in C (was Re: Administrivia #4883) Bennett Todd (Jan 14)
- Re: Secure coding in C (was Re: Administrivia #4883) Marco Walther (Jan 14)
- Re: Secure coding in C (was Re: Administrivia #4883) Bennett Todd (Jan 14)
- Re: Secure coding in C (was Re: Administrivia #4883) Liviu Daia (Jan 14)
- Re: Secure coding in C (was Re: Administrivia #4883) spin0ff (Jan 16)
- ICQ >= 99* + CC Data (Was: Re: Administrivia #4883) Ken Williams (Jan 16)
- Re: ICQ >= 99* + CC Data Vanja Hrustic (Jan 16)
- Re: Secure coding in C (was Re: Administrivia #4883) Liviu Daia (Jan 16)
- Re: Secure coding in C (was Re: Administrivia #4883) Valery Dachev (Jan 17)
- Secure coding in C (was Re: Administrivia #4883) Bennett Todd (Jan 14)
- Netdetect.exe with backdoor? (ICQ) WolF Knox (Jan 15)
- Re: Netdetect.exe with backdoor? (ICQ) Brad Griffin (Jan 15)
- Re: Secure coding in C (was Re: Administrivia #4883) Iván Arce (Jan 14)
- Re: Secure coding in C (was Re: Administrivia #4883) kay (Jan 15)
- Re: Secure coding in C (was Re: Administrivia #4883) Brian Masney (Jan 16)
- Re: Secure coding in C (was Re: Administrivia #4883) K Martin (Jan 16)
- Re: Secure coding in C (was Re: Administrivia #4883) Paul Cardon (Jan 16)
- Re: Secure coding in C (was Re: Administrivia #4883) K Martin (Jan 17)