lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 9 Jun 2011 19:49:28 +0300
From: nix@...roxylists.com
To: "mrx" <mrx@...pergander.org.uk>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: NiX API

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 09/06/2011 16:05, nix@...roxylists.com wrote:
>> Primarily this is an advertisement.
>>
>>
>> I would guess that it is some anti-hack system for webmasters who
>> haven't
>> a clue, a kind of auto-generating block list.
>> I'm a noob and I am just guessing.
>>
>>
>>> It does provide great protection also to those webmasters who got a
>>> clue.
>>
>>> We had fraudulent purchase almost every second day, paypal let every
>>> fraudulent purchase through and the ** next day ** their automation
>>> reversed the payment. ..
>>
>>> Needless to say how much we got frustrated and pissed while filing
>>> their
>>> forms regarding unauthorized claims. We were also charged by paypal for
>>> a
>>> certain percentage of each fraudulent payment!
>>
>>> This is where NiX API comes in:
>>
>>> In most cases, the malicious user is denied access even before a
>>> fraudulent purchase is made!
>>
>>> Since implementation of NiX API with it's current featuers: 0
>>> fraudulent
>>> purchases in last 2-3 weeks period. It definitely does something.
>>
>
> I don't see how it is possible to tell a fraudulent paypal payment from a
> legitimate one, unless the IP address used to make the purchase is all
> ready known as a source of fraudulent transactions.

You don't see it because you have no experience. Let me enlight you a bit.

You're a legit user --> Why in earth you would like to use a proxy or or
anonymizer to do the purchase?

Why I would do so and purchase unless I have something to hide? You have
the option block or allow hosting provider ranges, of course.

You are a fraudulent user --> Of course you want to use any IP that is not
yours and not a surprise; A majority of fraudulent purchases originates
from proxies, anonyminity networks, VPN's (commonly hosted by hosting
providers due to fast speeds) and so on.

After careful verification, we have accurately 'blacklisted' this data
beforehand and this way our API will block the user real-time, not after
the damage has happened unlike the others.


>
> Obviously if "John Smith" made a payment from an IP address originating
> from China, Japan or other non-English/American IP address range then
> something is suspect, but this is still not definitive.

This is one method how a majority of payment gateway protections add a
'fraud score' to the final decision whether or not to prevent the
transaction.

According to experience from my own sites, it has been 85% of times
definitive.

>
> How could this system stop a fraudulent payment from a source with an IP
> address the system has never seen before originating from a corporate
> address block or respected ISP, or unlikely but not impossible an IP
> address that has previously made a valid transaction?
>
> Any smart fraudster would use a device purchased with cash using a spoofed
> MAC address from a wifi hotspot out of sight of CCTV.
>
> Please enlighten me, or would that let the cat out of the bag?
>
> regards
> mx
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQEVAwUBTfDu6bIvn8UFHWSmAQLG1gf9Gv9cpFERJWbxzY05U4Wd6vYxLQb2N4Oy
> eb8HWYsVALjDO2M3Od9FdXRFCtkF7VHx4hsL67fe69UAqRq3+7yUJEpj+vPMGhow
> lrb9Nn93R5r14i/dCYJTKQkzQ8zdvkYv3uyvu9A7MP+ME4mukBUTFUyCN2oekr6R
> fHa7YcjUkB43+IocUjr0EqnVZLtGMbJsFzGXoUNTVpIwPrj5kvTOo4rK8upwaE9g
> 1V3TRUM815v2hq7IH9IUdu2mAKB9UDNEp8K6Vi6RL0ZMGNWXsf9BL8kmDD/dcOlf
> 9e2MSN6QQOYeAMYNaZSgOPOjX0sVqhd/fVKEeBMs+OZaOJOfG1Chow==
> =ytkT
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ