Security Incidents mailing list archives
RE: *MAJOR SECURITY BREACH AT CCBILL**
From: <jlewis () lewis org>
Date: Thu, 20 Dec 2001 08:30:01 -0500 (EST)
On Thu, 20 Dec 2001 robh () forestknoll com wrote:
And they used telnet, ftp as well as ssh for doing that? The scary thing is that people have credit card facilities on a machine accessible by telnet. Obviously CCBILL's forte' is not security.
The way CCBILL works, sites that use it redirect customers to a CCBILL web site for the actual credit card payment. Then CCBILL updates the web server's passwd file on the appropriate customer system. AFAIK, this part is done via CGI. -- ---------------------------------------------------------------------- Jon Lewis *jlewis () lewis org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: *MAJOR SECURITY BREACH AT CCBILL**, (continued)
- Re: *MAJOR SECURITY BREACH AT CCBILL** l0rtamus Prime (Dec 19)
- Re: *MAJOR SECURITY BREACH AT CCBILL** Robert van der Meulen (Dec 19)
- RE: *MAJOR SECURITY BREACH AT CCBILL** Rick Darsey (Dec 19)
- Contacting t-dialin {MAJOR SECURITY BREACH AT CCBILL} Christian Vogel (Dec 20)
- Re: Contacting t-dialin {MAJOR SECURITY BREACH AT CCBILL} Damir Rajnovic (Dec 21)
- Contacting t-dialin {MAJOR SECURITY BREACH AT CCBILL} Christian Vogel (Dec 20)
- Re: *MAJOR SECURITY BREACH AT CCBILL** Matthew S. Hallacy (Dec 24)
- RE: *MAJOR SECURITY BREACH AT CCBILL** NESTING, DAVID M (SBCSI) (Dec 19)
- Re: *MAJOR SECURITY BREACH AT CCBILL** Dayne Jordan (Dec 19)
- Re: *MAJOR SECURITY BREACH AT CCBILL** Dayne Jordan (Dec 19)
- RE: *MAJOR SECURITY BREACH AT CCBILL** robh (Dec 20)
- RE: *MAJOR SECURITY BREACH AT CCBILL** jlewis (Dec 20)