Full Disclosure mailing list archives
RE: Hackers View Visa/MasterCard Accounts
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Tue, 18 Feb 2003 10:29:55 -0500
Wouldn't the AVS system used by the credit card companies catch this kind of hack? The AVS system does a rudimentary check to make sure that the billing address given on a order is correct one for the credit card. Richard -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Jason Coombs Sent: Tuesday, February 18, 2003 4:29 AM To: full-disclosure () lists netsys com Subject: [Full-disclosure] Hackers View Visa/MasterCard Accounts So, anyone know whether this was a simple "real-time credit card processing oracle" attack where a tool throws fake orders at sites that provide real-time credit card authorizations until a valid card number and expiration date are found? Any third-grader with a copy of Microsoft .NET or Java 2 class libraries could whip up the code needed to bang away at the typical e-commerce site logging rejected orders due to invalid credit card payment and revealing card numbers and expiration dates that can be used for fraud in a variety of ways. There must be such credit card "hacking" tools circulating for the benefit of script kiddies -- anyone looked into this before? If so, will you share some references? Jason Coombs jasonc () science org -- Hackers View Visa/MasterCard Accounts Mon February 17, 2003 11:17 PM ET NEW YORK (Reuters) - More than five million Visa and MasterCard accounts throughout the nation were accessed after the computer system at a third party processor was hacked into, according to representatives for the card associations. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- GLSA: nethack Daniel Ahlberg (Feb 18)
- Hackers View Visa/MasterCard Accounts Jason Coombs (Feb 18)
- RE: Hackers View Visa/MasterCard Accounts Richard M. Smith (Feb 18)
- Re: Hackers View Visa/MasterCard Accounts KF (Feb 18)
- Re: Hackers View Visa/MasterCard Accounts Kevin Spett (Feb 18)
- RE: Hackers View Visa/MasterCard Accounts Jason Coombs (Feb 18)
- Re: Hackers View Visa/MasterCard Accounts Kevin Spett (Feb 18)
- RE: Hackers View Visa/MasterCard Accounts Jason Coombs (Feb 18)
- RE: Hackers View Visa/MasterCard Accounts Bernie, CTA (Feb 18)
- RE: Hackers View Visa/MasterCard Accounts Jason Coombs (Feb 18)
- RE: Hackers View Visa/MasterCard Accounts Bernie, CTA (Feb 19)
- RE: Hackers View Visa/MasterCard Accounts Richard M. Smith (Feb 18)
- Hackers View Visa/MasterCard Accounts Jason Coombs (Feb 18)
- RE: Hackers View Visa/MasterCard Accounts Richard M. Smith (Feb 18)
- RE: Hackers View Visa/MasterCard Accounts Bernie, CTA (Feb 18)