[thelist] I can't believe what I just read....
Anthony Baratta
Anthony at Baratta.com
Thu Oct 19 14:46:41 CDT 2000
Lumir G Janku wrote:
>
> Anthony Baratta wrote:
>
> >Do you know how easy it is to spoof HTTP Headers??? There are perl and
> >other scripts
> >as well as custom browsers (hell grab a copy of Mozilla source and build
> >your own)
> >out there that allow you to hack the HTTP headers.
>
> Yea, true. But what good it would be to someone? Sending you more money? :-)
> We're talking about passing a payment information here. The only security
> issue is the CC info and that would be true idiocy to pass it as hidden
> fields, otherwise, knowing someone's processing gateway ID does not provide
> any advantage to a hacker.
What about paying less or zero (or negative)?? What about forcing you to do a ton of
charge backs, which cost you money? Your exposing you account login name - that's an
attack point. If I know the payment system, then I can possibly use that account name
to hack to admin portions of their system and really screw things up.
--
Anthony Baratta
President
KeyBoard Jockeys
South Park Speaks Version 3 is here!!!
http://www.baratta.com/southpark
Powered by Tsunami
More information about the thelist
mailing list