Here's an excerpt from the posting to net-security.org: --------- The hacker breached the security system of a company that processes credit card transactions on behalf of merchants, Visa and MasterCard said. ---------
Looks like someone just ran off with a database. I haven't done any math, but I'd think that brute forcing that many card numbers and expiration dates would take ages. Kevin. ----- Original Message ----- From: "Jason Coombs" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, February 18, 2003 4:28 AM Subject: [Full-Disclosure] Hackers View Visa/MasterCard Accounts > So, anyone know whether this was a simple "real-time credit card processing > oracle" attack where a tool throws fake orders at sites that provide > real-time credit card authorizations until a valid card number and > expiration date are found? > > Any third-grader with a copy of Microsoft .NET or Java 2 class libraries > could whip up the code needed to bang away at the typical e-commerce site > logging rejected orders due to invalid credit card payment and revealing > card numbers and expiration dates that can be used for fraud in a variety of > ways. > > There must be such credit card "hacking" tools circulating for the benefit > of script kiddies -- anyone looked into this before? If so, will you share > some references? > > Jason Coombs > [EMAIL PROTECTED] > > -- > > Hackers View Visa/MasterCard Accounts > > Mon February 17, 2003 11:17 PM ET > > NEW YORK (Reuters) - More than five million Visa and MasterCard accounts > throughout the nation were accessed after the computer system at a third > party processor was hacked into, according to representatives for the card > associations. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
