| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: guninski at guninski.com (Georgi Guninski) Subject: Hackers View Visa/MasterCard Accounts I don't understand why compromising a few milion CC is such a news. Are the rest of the CCs safe? After all, the ms sql worm DoSed the bofa internal network and stopped ATMs by accident (not intentionally). Just consider what could have done an intentional worm or a human guided creature. From the news it is not clear whether the attack was over the Internet. If it was, I am interested in the following question: They got cracked because: A. Their adminz are lame. B. Their software vendorz are lame. C. The cracker is an uber cracker. D. All of the above. E. None of the above. Just my 2 stotinki, Georgi Jason Coombs wrote: > Calling it a DoS might be a misnomer. It would look a lot more like a replay > attack. The damage one could do with the millions of card numbers and > expiration dates one could deduce from the seed list of 8 to 10 million > would be the greatest when e-commerce shopping is replayed -- at any and > every POS that accepts "card not present" transactions and ignores AVS. > > Use people.yahoo.com to assemble a list of shoppers and wham-o, thousands of > merchants are busy shipping product, tens of thousands start to have > difficulty picking legitimate orders out of the noise. DoS would only occur > in the case of merchants who are incompetent at risk management to begin > with and just stop filling orders or choose to ignore orders where AVS > doesn't report a full match. > > Jason Coombs > jasonc@...ence.org >
Powered by blists - more mailing lists