|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
ICQ >= 99* + CC Data (Was: Re: Administrivia #4883)
Subject: ICQ >= 99* + CC Data (Was: Re: Administrivia #4883)
From: Ken Williams (Ken.Williams
EY.COM)
Date: Sun Jan 16 2000 - 10:06:46 CST
- Next message: Brian Kifiak: "Re: Secure coding in C (was Re: Administrivia #4883)"
- Previous message: Liviu Daia: "Re: Secure coding in C (was Re: Administrivia #4883)"
- Next in thread: Vanja Hrustic: "Re: ICQ >= 99* + CC Data"
- Reply: Vanja Hrustic: "Re: ICQ >= 99* + CC Data"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I agree that it sounds very unlikely, but one of the reports came from a respected security software developer (who is now MIA, unavailable).
Here is the only additional info I have:
- All reports involved ICQ for Windows 95/98/NT4
- Attempts to snag Credit Card data only noticed/picked up by firewall and/or proxy when ICQ was initially started for the first time after ICQ client installation
- kw
p.s. If you're going to be at RSA2000, then feel free to contact me (ken.williamsey.com) for a cup of coffee.
BlueBoarthievco.com on 01/16/2000 12:17:40 AM
To: Ken Williams/AABS/EYLLP/USEY-NAmerica, vuln-devsecurityfocus.comInternet
cc:
Subject: Re: Administrivia #4883
Ken Williams wrote:
>
> i have received reports that ICQ 99* and later surreptitiously snag
> credit card data from your HD and send it to Mirabilis, without any
> notification or confirmation. these reports are unsubstantiated - based
> on the report sources though, this is worth looking into.
That sounds terribly unlikely. There's no universal spot where credit
card numbers are stored on Windows machines. Does the rumor include
a particular app that is targeted?
BB
*******************************************************************************
Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. Ernst & Young LLP
*******************************************************************************
- Next message: Brian Kifiak: "Re: Secure coding in C (was Re: Administrivia #4883)"
- Previous message: Liviu Daia: "Re: Secure coding in C (was Re: Administrivia #4883)"
- Next in thread: Vanja Hrustic: "Re: ICQ >= 99* + CC Data"
- Reply: Vanja Hrustic: "Re: ICQ >= 99* + CC Data"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b27 : Sun Jan 16 2000 - 21:07:43 CST