lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: kspett at spidynamics.com (Kevin Spett)
Subject: Hackers View Visa/MasterCard Accounts

Here's an excerpt from the posting to net-security.org:

---------
The hacker breached the security system of a company that processes credit
card transactions on behalf of merchants, Visa and MasterCard said.
---------

Looks like someone just ran off with a database.  I haven't done any math,
but I'd think that brute forcing that many card numbers and expiration dates
would take ages.

Kevin.


----- Original Message -----
From: "Jason Coombs" <jasonc@...ence.org>
To: <full-disclosure@...ts.netsys.com>
Sent: Tuesday, February 18, 2003 4:28 AM
Subject: [Full-Disclosure] Hackers View Visa/MasterCard Accounts


> So, anyone know whether this was a simple "real-time credit card
processing
> oracle" attack where a tool throws fake orders at sites that provide
> real-time credit card authorizations until a valid card number and
> expiration date are found?
>
> Any third-grader with a copy of Microsoft .NET or Java 2 class libraries
> could whip up the code needed to bang away at the typical e-commerce site
> logging rejected orders due to invalid credit card payment and revealing
> card numbers and expiration dates that can be used for fraud in a variety
of
> ways.
>
> There must be such credit card "hacking" tools circulating for the benefit
> of script kiddies -- anyone looked into this before? If so, will you share
> some references?
>
> Jason Coombs
> jasonc@...ence.org
>
> --
>
> Hackers View Visa/MasterCard Accounts
>
> Mon February 17, 2003 11:17 PM ET
>
> NEW YORK (Reuters) - More than five million Visa and MasterCard accounts
> throughout the nation were accessed after the computer system at a third
> party processor was hacked into, according to representatives for the card
> associations.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ