So, anyone know whether this was a simple "real-time credit card processing oracle" attack where a tool throws fake orders at sites that provide real-time credit card authorizations until a valid card number and expiration date are found?
Any third-grader with a copy of Microsoft .NET or Java 2 class libraries could whip up the code needed to bang away at the typical e-commerce site logging rejected orders due to invalid credit card payment and revealing card numbers and expiration dates that can be used for fraud in a variety of ways. There must be such credit card "hacking" tools circulating for the benefit of script kiddies -- anyone looked into this before? If so, will you share some references? Jason Coombs [EMAIL PROTECTED] -- Hackers View Visa/MasterCard Accounts Mon February 17, 2003 11:17 PM ET NEW YORK (Reuters) - More than five million Visa and MasterCard accounts throughout the nation were accessed after the computer system at a third party processor was hacked into, according to representatives for the card associations. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
