lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3E53F455.6030608@guninski.com>
From: guninski at guninski.com (Georgi Guninski)
Subject: Hackers View Visa/MasterCard Accounts

I don't understand why compromising a few milion CC is such a news.
Are the rest of the CCs safe?
After all, the ms sql worm DoSed the bofa internal network and stopped ATMs by 
accident (not intentionally). Just consider what could have done an intentional 
worm or a human guided creature.
 From the news it is not clear whether the attack was over the Internet.
If it was, I am interested in the following question:
They got cracked because:
A. Their adminz are lame.
B. Their software vendorz are lame.
C. The cracker is an uber cracker.
D. All of the above.
E. None of the above.

Just my 2 stotinki,
Georgi

Jason Coombs wrote:
> Calling it a DoS might be a misnomer. It would look a lot more like a replay
> attack. The damage one could do with the millions of card numbers and
> expiration dates one could deduce from the seed list of 8 to 10 million
> would be the greatest when e-commerce shopping is replayed -- at any and
> every POS that accepts "card not present" transactions and ignores AVS.
> 
> Use people.yahoo.com to assemble a list of shoppers and wham-o, thousands of
> merchants are busy shipping product, tens of thousands start to have
> difficulty picking legitimate orders out of the noise. DoS would only occur
> in the case of merchants who are incompetent at risk management to begin
> with and just stop filling orders or choose to ignore orders where AVS
> doesn't report a full match.
> 
> Jason Coombs
> jasonc@...ence.org
> 



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ