On Sun, Sep 07, 2003 at 05:44:02PM -0400, Dossy wrote: > On 2003.09.07, Jerry Asher <[EMAIL PROTECTED]> wrote: > > > > WS: uses Verisign Payment gateway to charge user for the new virus and > > drug. > > If your front-end webservers are doing CC auth and verification, then > you might as well be giving your product away. Or, hope your e-commerce
Can you substantiate that statement with examples of actual real-world exploits? Of the bajillion web sites out there accepting credit card payments, broadly, what sorts of security do different sites have? And which of those sites have been compromised, how, and what were the resulting financial losses? (Or in the case of exploits by good-guy tiger teams, what were the simulated financial losses?) If you have that sort of info I think it'd be awfully interesting to hear. -- Andrew Piskorski <[EMAIL PROTECTED]> http://www.piskorski.com -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
