[thelist] I can't believe what I just read....
Lumir G Janku
lgjanku at w3matrix.com
Thu Oct 19 17:33:57 CDT 2000
>Anthony Baratta wrote:
>What about paying less or zero (or negative)??
0 or - declined as an invalid entry. If item is shipped, it would be
apparent that price does not match before shipping.
If member access site, one may disable the access. If immediate access for
sw goods, a different system is available.
>What about forcing you to do a ton of
>charge backs, which cost you money?
Well, a possibility, but that means the attacker would have to use his
valid card. I would like to see the idiot that would charge his card to a
limit, just to make you pay a few buck for chargebacks. I think you would
be able to successfuly dispute the chargebacks in that extent. BTW, the IP
trail is recorded, so even spoofing the http headers is not good enuff.
As for stolen cards, I think that the thief has a better idea how to
utilize it.
>Your exposing you account login name - that's an
>attack point.
>If I know the payment system, then I can possibly use that account name
>to hack to admin portions of their system and really screw things up.
The login name without a valid password will get you nowhere. Dare to try?
I think that VeriSign would be blowing a whistle in notime. Not that I like
the guys, they are getting too big. But as the security is concerned, they
are as secure as you can get.
More information about the thelist
mailing list