funsec mailing list archives
RE: Stolen 'iBill' Data Still Online
From: Drsolly <drsollyp () drsolly com>
Date: Fri, 10 Mar 2006 22:47:26 +0000 (GMT)
On Fri, 10 Mar 2006, Larry Seltzer wrote:
iBill officials say a cross-reference of email addresses in the cache,discovered on the Internet by security firms, shows that only three are iBill customers.
Hmm. But I wonder how many were iBill customers in the past?
I also read somewhere that this data is a few years old. What I haven't read is how many of the cards/PINs are still active. For all we know, few of them still work.
I've never understood by banks don't routinely give you a new credit card number when the old card expires. But they don't, about 9x% of the time. "Ah, but the expiry date is expired ..." Well, banks don't usually check the expiry date. And even if they do, if you add an even number of years to the old date, that usually works, because many banks just seem to do exactly that. "Ah, but the cvv code won't be right ..." Well, banks are quite happy to do a billing on a card if you don't give the cvv number. "Yes, but the PIN ..." ... isn't used in internet transactions. So, the result is, you can take a batch of cards that are a few years out of date, and successfully get money on most of them - I'd guess more than 80% _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Stolen 'iBill' Data Still Online Fergie (Mar 10)
- RE: Stolen 'iBill' Data Still Online Larry Seltzer (Mar 10)
- RE: Stolen 'iBill' Data Still Online Drsolly (Mar 10)
- RE: Stolen 'iBill' Data Still Online Larry Seltzer (Mar 10)
- RE: Stolen 'iBill' Data Still Online Drsolly (Mar 10)
- RE: Stolen 'iBill' Data Still Online Larry Seltzer (Mar 10)