|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: ICQ >= 99* + CC Data
Subject: Re: ICQ >= 99* + CC Data
From: Vanja Hrustic (vanja
RELAYGROUP.COM)
Date: Mon Jan 17 2000 - 00:14:47 CST
- Next message: Ken Williams: "Re: ICQ >= 99* + CC Data"
- Previous message: Aviram Jenik: "Re: Secure coding in C (was Re: Administrivia #4883)"
- In reply to: Ken Williams: "ICQ >= 99* + CC Data (Was: Re: Administrivia #4883)"
- Next in thread: Ken Williams: "Re: ICQ >= 99* + CC Data"
- Reply: Vanja Hrustic: "Re: ICQ >= 99* + CC Data"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ken Williams wrote:
>
> I agree that it sounds very unlikely, but one of the reports came from a respected security software developer (who is now MIA, unavailable).
>
> Here is the only additional info I have:
>
> - All reports involved ICQ for Windows 95/98/NT4
> - Attempts to snag Credit Card data only noticed/picked up by firewall and/or proxy when ICQ was initially started for the first time after ICQ client installation
Could someone clarify what exactly means 'snag Credit Card data'?
Looking for a known file on a hard drive? Stealing cookies? Intercepting
traffic? Recording keystrokes? Or ... ?
It'd be interesting to know if there is a way that someone (not talking
about ICQ) is able to *locate* the credit card information on a hard
disk (yes, we can make many theories, but does anybody actually know for
sure that cc data is located somewhere on the hard disk, for whatever
reason?)
How could it send data to Mirabilis? Basically, if your firewall lets
ICQ traffic through - it will most likely be at port 4000. If cc data is
sent though port 4000, it shouldn't be too hard to distinguish between
'real' ICQ traffic, and "something else". If it's destined to some other
port (or even some other type of 'traffic') - I am pretty sure that many
people would notice that. Just take a look at what kinds of questions
(related to 'strange traffic') are posted on
Firewalls/FW-Wizards/Incidents lists. Someone would ask about traffic to
mirabilis.com, for sure... :)
Of course, there is always a possibility that some disgruntled employee
inserted a piece of code in order to get his/her "revenge" (for whatever
reason).
Or they have been 'r00t3d' ;)
--Vanja Hrustic The Relay Group http://relaygroup.com Technology Ahead of Time
- Next message: Ken Williams: "Re: ICQ >= 99* + CC Data"
- Previous message: Aviram Jenik: "Re: Secure coding in C (was Re: Administrivia #4883)"
- In reply to: Ken Williams: "ICQ >= 99* + CC Data (Was: Re: Administrivia #4883)"
- Next in thread: Ken Williams: "Re: ICQ >= 99* + CC Data"
- Reply: Vanja Hrustic: "Re: ICQ >= 99* + CC Data"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b27 : Mon Jan 17 2000 - 00:47:17 CST