lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: jasonc at science.org (Jason Coombs)
Subject: Hackers View Visa/MasterCard Accounts

So, anyone know whether this was a simple "real-time credit card processing
oracle" attack where a tool throws fake orders at sites that provide
real-time credit card authorizations until a valid card number and
expiration date are found?

Any third-grader with a copy of Microsoft .NET or Java 2 class libraries
could whip up the code needed to bang away at the typical e-commerce site
logging rejected orders due to invalid credit card payment and revealing
card numbers and expiration dates that can be used for fraud in a variety of
ways.

There must be such credit card "hacking" tools circulating for the benefit
of script kiddies -- anyone looked into this before? If so, will you share
some references?

Jason Coombs
jasonc@...ence.org

--

Hackers View Visa/MasterCard Accounts

Mon February 17, 2003 11:17 PM ET

NEW YORK (Reuters) - More than five million Visa and MasterCard accounts
throughout the nation were accessed after the computer system at a third
party processor was hacked into, according to representatives for the card
associations.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ