lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: rms at computerbytesman.com (Richard M. Smith)
Subject: Hackers View Visa/MasterCard Accounts

Wouldn't the AVS system used by the credit card companies catch this
kind of hack?  The AVS system does a rudimentary check to make sure that
the billing address given on a order is correct one for the credit card.

Richard

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Jason
Coombs
Sent: Tuesday, February 18, 2003 4:29 AM
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] Hackers View Visa/MasterCard Accounts


So, anyone know whether this was a simple "real-time credit card
processing
oracle" attack where a tool throws fake orders at sites that provide
real-time credit card authorizations until a valid card number and
expiration date are found?

Any third-grader with a copy of Microsoft .NET or Java 2 class libraries
could whip up the code needed to bang away at the typical e-commerce
site
logging rejected orders due to invalid credit card payment and revealing
card numbers and expiration dates that can be used for fraud in a
variety of
ways.

There must be such credit card "hacking" tools circulating for the
benefit
of script kiddies -- anyone looked into this before? If so, will you
share
some references?

Jason Coombs
jasonc@...ence.org

--

Hackers View Visa/MasterCard Accounts

Mon February 17, 2003 11:17 PM ET

NEW YORK (Reuters) - More than five million Visa and MasterCard accounts
throughout the nation were accessed after the computer system at a third
party processor was hacked into, according to representatives for the
card
associations.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ