[thelist] I can't believe what I just read....

Lumir G Janku lgjanku at w3matrix.com
Thu Oct 19 17:33:57 CDT 2000


>Anthony Baratta wrote:
>What about paying less or zero (or negative)??

0 or - declined as an invalid entry. If item is shipped, it would be 
apparent that price does not match before shipping.
If member access site, one may disable the access. If immediate access for 
sw goods, a different system is available.

>What about forcing you to do a ton of
>charge backs, which cost you money?

Well, a possibility, but that means the attacker would have to use his 
valid card. I would like to see the idiot that would charge his card to a 
limit, just to make you pay a few buck for chargebacks. I think you would 
be able to successfuly dispute the chargebacks in that extent. BTW, the IP 
trail is recorded, so even spoofing the http headers is not good enuff.
As for stolen cards, I think that the thief has a better idea how to 
utilize it.

>Your exposing you account login name - that's an
>attack point.
>If I know the payment system, then I can possibly use that account name
>to hack to admin portions of their system and really screw things up.

The login name without a valid password will get you nowhere. Dare to try?
I think that VeriSign would be blowing a whistle in notime. Not that I like 
the guys, they are getting too big. But as the security is concerned, they 
are as secure as you can get.







More information about the thelist mailing list