lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: b.griffin at cqu.edu.au (Brad Griffin)
Subject: Wireless ISPs

 
> Hi Brian 
> 
> Sit down sometime inside a wireless ISPs area and run kismet. 
> You can see someone connect to a service via SSL, then 
> immediately after they purchase something they check the 
> email. Guess what ? the Credit card # and address are in that email.

Dan

If you're doing transactions with any company who announces your full CC
number in an email, then you should contact your bank and get your cc
changed, then make loud noises at the online vendor. In all transactions
I've conducted over the 'net, not one company has included my full cc
number in any email receipt. Generally the first block of numbers is
shown and the rest are represented by crosses.

> 
> Doesn't take some 15 year veteran of the internet to see how 
> this is a bad thing. 
> 
> Go flame some newb who has no brain.

I won't flame, but do some research before you give examples.


Cheers,
Brad

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ