RE: Hacking IIS -- how sweet it is

[InfoSec News <isn () c4i org>]

Forwarded from: Luqman Mahmud <Lmahmud () fast net>

I buy a lot of stuff from Mwave.com and was shocked to learn of a
possible breach.  After reading the Carders BB at CardCops.com
(http://www.adcops.com/CC/messages/5/98.html?997201901_)  it seems
like this so called breach may never have happened.  The Register page
wasn't available and the General Manager of Mwave.com replied on the
Cardcops.com BB that Mwave had not been "hacked".  They did have a
CodeRed version 1 compromise which defaced their website but their
database was not compromised.  They have a response on their web site
at: http://direct.mwave.com/mwave/bulletin.hmx?UID=&CID=

Luqman Mahmud
Lmahmud () fast net


-----Original Message-----
From: owner-isn () attrition org [mailto:owner-isn () attrition org] On Behalf
Of InfoSec News
Sent: Saturday, August 11, 2001 2:51 AM
To: isn () attrition org
Subject: [ISN] Hacking IIS -- how sweet it is


http://www.theregister.co.uk/content/4/20960.html

By Thomas C Greene in Washington
Posted: 10/08/2001 at 19:29 GMT

We've looked over a few recent credit-card database compromises brought
to our attention by CardCops (formerly AdCops), an organization which
tries to get the straight dope on e-commerce hacks directly from the
blackhat community to better inform merchants of threats to their
systems.

The most recent victims CardCops has seen are on-line perfumery
StrawberryNet.com; computer retailer mWave.com; and a very large Texas
ISP called Stic.net, which gave up many thousands of credit card
details, along with the records of 500 businesses and their FTP logins.
All of the victims are running IIS 4 or 5 over Win-NT or 2K.

Not surprisingly, Microsoft IIS is quite popular among carders, because
its got lots and lots of holes, and because its often used by people who
lack the technical know-how to bung them. It's easy to use, which makes
it particularly attractive for those who want to break into e-commerce
on a shoestring, and particularly attractive as well for those who just
want to break in.

CardCops founder Dan Clements reckons that IIS is in use by roughly
fifty per cent of e-merchants, but represents over eighty per cent of
their data compromises.

Under its 'amnesty program,' CardCops seeks information from active
carders in exchange for a guarantee that they won't be tracked, reported
or otherwise harassed. The idea is to warn the merchants and card
issuers when they've been hacked, and to learn which exploits are most
popular and most successful.

[...]




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.