lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <BANLkTimbgVuT1=4rLKcvDRP8RDvTn1U5xA@mail.gmail.com>
Date: Thu, 9 Jun 2011 11:51:55 -0500
From: adam <adam@...sy.net>
To: nix@...roxylists.com
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: NiX API

"You're a legit user --> Why in earth you would like to use a proxy or or
anonymizer to do the purchase?"

Because you're out of state and PayPal has been *notorious *for locking
accounts accessed from *unusual* locations. That's just one example, there
are plenty more.

On Thu, Jun 9, 2011 at 11:49 AM, <nix@...roxylists.com> wrote:

> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > On 09/06/2011 16:05, nix@...roxylists.com wrote:
> >> Primarily this is an advertisement.
> >>
> >>
> >> I would guess that it is some anti-hack system for webmasters who
> >> haven't
> >> a clue, a kind of auto-generating block list.
> >> I'm a noob and I am just guessing.
> >>
> >>
> >>> It does provide great protection also to those webmasters who got a
> >>> clue.
> >>
> >>> We had fraudulent purchase almost every second day, paypal let every
> >>> fraudulent purchase through and the ** next day ** their automation
> >>> reversed the payment. ..
> >>
> >>> Needless to say how much we got frustrated and pissed while filing
> >>> their
> >>> forms regarding unauthorized claims. We were also charged by paypal for
> >>> a
> >>> certain percentage of each fraudulent payment!
> >>
> >>> This is where NiX API comes in:
> >>
> >>> In most cases, the malicious user is denied access even before a
> >>> fraudulent purchase is made!
> >>
> >>> Since implementation of NiX API with it's current featuers: 0
> >>> fraudulent
> >>> purchases in last 2-3 weeks period. It definitely does something.
> >>
> >
> > I don't see how it is possible to tell a fraudulent paypal payment from a
> > legitimate one, unless the IP address used to make the purchase is all
> > ready known as a source of fraudulent transactions.
>
> You don't see it because you have no experience. Let me enlight you a bit.
>
> You're a legit user --> Why in earth you would like to use a proxy or or
> anonymizer to do the purchase?
>
> Why I would do so and purchase unless I have something to hide? You have
> the option block or allow hosting provider ranges, of course.
>
> You are a fraudulent user --> Of course you want to use any IP that is not
> yours and not a surprise; A majority of fraudulent purchases originates
> from proxies, anonyminity networks, VPN's (commonly hosted by hosting
> providers due to fast speeds) and so on.
>
> After careful verification, we have accurately 'blacklisted' this data
> beforehand and this way our API will block the user real-time, not after
> the damage has happened unlike the others.
>
>
> >
> > Obviously if "John Smith" made a payment from an IP address originating
> > from China, Japan or other non-English/American IP address range then
> > something is suspect, but this is still not definitive.
>
> This is one method how a majority of payment gateway protections add a
> 'fraud score' to the final decision whether or not to prevent the
> transaction.
>
> According to experience from my own sites, it has been 85% of times
> definitive.
>
> >
> > How could this system stop a fraudulent payment from a source with an IP
> > address the system has never seen before originating from a corporate
> > address block or respected ISP, or unlikely but not impossible an IP
> > address that has previously made a valid transaction?
> >
> > Any smart fraudster would use a device purchased with cash using a
> spoofed
> > MAC address from a wifi hotspot out of sight of CCTV.
> >
> > Please enlighten me, or would that let the cat out of the bag?
> >
> > regards
> > mx
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.2 (MingW32)
> > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> >
> > iQEVAwUBTfDu6bIvn8UFHWSmAQLG1gf9Gv9cpFERJWbxzY05U4Wd6vYxLQb2N4Oy
> > eb8HWYsVALjDO2M3Od9FdXRFCtkF7VHx4hsL67fe69UAqRq3+7yUJEpj+vPMGhow
> > lrb9Nn93R5r14i/dCYJTKQkzQ8zdvkYv3uyvu9A7MP+ME4mukBUTFUyCN2oekr6R
> > fHa7YcjUkB43+IocUjr0EqnVZLtGMbJsFzGXoUNTVpIwPrj5kvTOo4rK8upwaE9g
> > 1V3TRUM815v2hq7IH9IUdu2mAKB9UDNEp8K6Vi6RL0ZMGNWXsf9BL8kmDD/dcOlf
> > 9e2MSN6QQOYeAMYNaZSgOPOjX0sVqhd/fVKEeBMs+OZaOJOfG1Chow==
> > =ytkT
> > -----END PGP SIGNATURE-----
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ