[thelist] I can't believe what I just read....

Anthony Baratta Anthony at Baratta.com
Thu Oct 19 14:46:41 CDT 2000

Lumir G Janku wrote:
> Anthony Baratta wrote:
> >Do you know how easy it is to spoof HTTP Headers??? There are perl and
> >other scripts
> >as well as custom browsers (hell grab a copy of Mozilla source and build
> >your own)
> >out there that allow you to hack the HTTP headers.
> Yea, true. But what good it would be to someone? Sending you more money? :-)
> We're talking about passing a payment information here. The only security
> issue is the CC info and that would be true idiocy to pass it as hidden
> fields, otherwise, knowing someone's processing gateway ID does not provide
> any advantage to a hacker.

What about paying less or zero (or negative)?? What about forcing you to do a ton of
charge backs, which cost you money? Your exposing you account login name - that's an
attack point. If I know the payment system, then I can possibly use that account name
to hack to admin portions of their system and really screw things up.

Anthony Baratta
KeyBoard Jockeys
                    South Park Speaks Version 3 is here!!!
                              Powered by Tsunami

More information about the thelist mailing list