Full Disclosure mailing list archives
Re: SPAM, credit card numbers, what would you do?
From: lists_full-disclosure () darkuncle net
Date: Tue, 14 Oct 2003 10:18:15 -0700
On Tue, Oct 14, 2003 at 09:48:40AM -0700, tedklugman () yahoo com said: [snip]
Lo and behold, I look at the root of said website, and I get a directory listing: submit.php orders.txt And as you can probably guess, orders.txt contains -- ORDERS. Names, addresses, phone numbers, and CREDIT CARD NUMBERS. Dozens of them. So I got to thinking... what should I do here? a) Nothing. It's not my problem. b) Notify the provider who hosts the submission page c) Send e-mails to all the morons who tried to buy this "product" (their e-mail addresses are readily available, next to their credit card numbers), letting them know that they are morons and this is why they shouldn't buy products advertised in SPAM. d) Something else I chose option a.
I'd've done option c, coupled with an email to the security/fraud division of Mastercard/Visa/Amex/Discover/etc. But then, I'm feeling altruistic today. Must be the lack of user interaction so far. (option b would probably be a complete waste of time. Also, if this had a criminal/scam feel to it, I'd probably notify the FTC/FBI ... they have reasonably responsive folks that deal with electronic fraud/scams. Too bad they don't pay any attention to other kinds of network abuse ...) -- Scott Francis || darkuncle (at) darkuncle (dot) net illum oportet crescere me autem minui
Attachment:
_bin
Description:
Current thread:
- RE: SPAM, credit card numbers, what would you do?, (continued)
- RE: SPAM, credit card numbers, what would you do? Poof (Oct 14)
- RE: SPAM, credit card numbers, what would you do? Curt Purdy (Oct 14)
- RE: SPAM, credit card numbers, what would you do? Jonathan A. Zdziarski (Oct 14)
- RE: SPAM, credit card numbers, what would you do? madsaxon (Oct 14)
- Re: SPAM, credit card numbers, what would you do? Jeremiah Cornelius (Oct 14)
- Re: SPAM, credit card numbers, what would you do? Jeremiah Cornelius (Oct 14)
- RE: SPAM, credit card numbers, what would you do? Poof (Oct 14)
- Re: SPAM, credit card numbers, what would you do? Ron DuFresne (Oct 14)
- Re: SPAM, credit card numbers, what would you do? Jeremiah Cornelius (Oct 14)
- Re: SPAM, credit card numbers, what would you do? /dev/null (Oct 14)
- Re: SPAM, credit card numbers, what would you do? Cael Abal (Oct 14)