[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <005401c2d762$9721b250$6401a8c0@rms2>
From: rms at computerbytesman.com (Richard M. Smith)
Subject: Hackers View Visa/MasterCard Accounts
Wouldn't the AVS system used by the credit card companies catch this
kind of hack? The AVS system does a rudimentary check to make sure that
the billing address given on a order is correct one for the credit card.
Richard
-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Jason
Coombs
Sent: Tuesday, February 18, 2003 4:29 AM
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] Hackers View Visa/MasterCard Accounts
So, anyone know whether this was a simple "real-time credit card
processing
oracle" attack where a tool throws fake orders at sites that provide
real-time credit card authorizations until a valid card number and
expiration date are found?
Any third-grader with a copy of Microsoft .NET or Java 2 class libraries
could whip up the code needed to bang away at the typical e-commerce
site
logging rejected orders due to invalid credit card payment and revealing
card numbers and expiration dates that can be used for fraud in a
variety of
ways.
There must be such credit card "hacking" tools circulating for the
benefit
of script kiddies -- anyone looked into this before? If so, will you
share
some references?
Jason Coombs
jasonc@...ence.org
--
Hackers View Visa/MasterCard Accounts
Mon February 17, 2003 11:17 PM ET
NEW YORK (Reuters) - More than five million Visa and MasterCard accounts
throughout the nation were accessed after the computer system at a third
party processor was hacked into, according to representatives for the
card
associations.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists