On Tue, Dec 30, 2008 at 2:42 PM, n3td3v <[email protected]> wrote: > On Tue, Dec 30, 2008 at 10:29 PM, <[email protected]> wrote: >> On Tue, 30 Dec 2008 20:10:16 GMT, n3td3v said: >>> Aiding script kids to get credit card numbers out of folks e-commerce >>> purchases. >> >> Dear Idiot: >> >> This is hardly an attack that the average script kiddie can pull off. >> > > Until HD Moore releases an attack module for it.
Since you're so certain this is possible, could you kindly summarize (at a high level, no need for detail) how this could be accomplished? Now that you're unable to do so, I will explain why: Because you don't have a clue how PKI works, much less how it's possible to exploit it, which is really tragic considering there are plenty of pretty graphs and dumbed-down explanations out there now that even a drop-out should be able to comprehend. Assuming source code, or even full attack details, are published any time soon, will HD Moore also be sending out free super-computing clusters to find the MD5 collisions? Well he be sending free money to buy the certificates required to accurately predict the serial number to generate? This isn't some SQL injection or remote buffer overflow, there are a lot of manual steps involved that cannot simply be plugged into a generic attack platform. You're an ignorant fool. You should ask questions to learn how things work before you spout opinions. Statements are only thought-provoking if they're made based on comprehension of the subject matter. The only thing you have full comprehension of is how to hit Send, and that's quite unfortunate. -- chort _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
