lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <HPEOIOJANKMPPBGKBPHBOEOICBAA.zorkshin@tampabay.rr.com>
From: zorkshin at tampabay.rr.com (Justin Shin)
Subject: credit card numbers

carding is still very much the same as it was 10 years ago, before online shopping kicked off. basically its a ring of losers who dig in the trash cans, use deceptive web pages (ie fake logins for paypal, ebay, etc.), steal numbers from cc vendors databases, and then trade them off because they are too much of pussies to actually try to use any of them...

for example if you ever visit an irc carding room or a carding newsgroup its all the same:

Thrash1: i have 10 gazillion ccs w/cvv2 and full info, selling for $25 each
Thrash2: huh, i dont understand. how do u use these credit cards online
Thrash3: newbie, get out, go screw yourself
Thrash2: whats cvv2

Although it can be a serious problem carding remains largely the same deal as before. The best thing online vendors can do is to encrypt cc information as well as any accounts tied to those numbers (ie user/pass) in case another one of those 0day shopping cart sploits come out. Another thing they can do is to delete cc info after "x" days or just not store it at all ... after all, doesn't that eliminate the problem all together?

Also, sorry about the stupid vacation message. I got about 20 million emails that said something along the lines of:

>Its July, dipshit.

:)

-- Justin Shin


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ