lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: lists at computersecurityonline.com (lists@...putersecurityonline.com)
Subject: visa XSS?

Mauro,

This is quite simply a fraud that is designed to get people to part with
their authentication details via a fake website. This is all the rage in
the fraud community at the moment and has targeted most of the major
online banking sites at some time or the other.

Most people don't realise that they are being directed to 64.21.80.2
because the URL starts with www.visa.com. It is just a confidence trick
on an internet scale.

Have a look at the following for some more details :

http://support.microsoft.com/?id=833786

Merry Christmas,

Simon

--
Simon Biles                            /// computer security online ltd.


> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com 
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of 
> Mauro Flores
> Sent: 23 December 2003 11:45
> To: full-disclosure@...ts.netsys.com
> Subject: [Full-Disclosure] visa XSS?
> 
> 
> I receive this mail today, the funny stuff is that when you 
> click on the link, you execute: 
> http://www.visa.com:UserSession=2f6q9uuu88312264trzzz55884495&
useroption=SecurityUpdate&StateLevel=GetFrom@>
64.21.80.2/~gotier/verified_by_visa.htm
> 
> I don't have a Visa card and I don't like that 64.21.80.2 
> which is not a Visa IP, AFAIK. Anyone else receive it??
> 
> regards, Mauro Flores
> 
> On Tue, 2003-12-23 at 08:29, Mauro Flores wrote:
> > -----Forwarded Message-----
> > From: Visa International Service <security@...a-security.com>
> > Subject: Visa Security Update
> > Date: 23 Dec 2003 05:24:34 -0600
> > 
> >                                                 [image]
> >                                     
> >                              Dear Customer,
> >                                     
> > Our latest security system will help you to avoid possible 
> fraud actions
> >                                   and
> >                     keep your investments in safety.
> >                                     
> >   Due to technical security update you have to reactivate 
> your account
> >                                     
> >      Click on the link below to login to your updated Visa account.
> >                                     
> >       To log into your account, please visit the Visa Website at
> >                                     
> >                           http://www.visa.com
> >                                     
> >                    We respect your time and business.
> >                     It's our pleasure to serve you.
> >                                     
> >                                     
> >  Please don't reply to this email. This e-mail was 
> generated by a mail
> >                             handling system.
> >                                     
> >                                     
> >                                                 [image]
> >                                     
> > Copyright 1996-2003, Visa International Service 
> Association. All rights
> >                                                reserved.
> >                                     
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> -- 
> Virus scanned by edNET.
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ