Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Vuln-Dev> 2000-q1

Vuln-Dev Archives: Re: ICQ >= 99* + CC Data

Re: ICQ >= 99* + CC Data

Subject: Re: ICQ >= 99* + CC Data
From: Jon Hadley (jonhAPAK.CO.UK)
Date: Mon Jan 17 2000 - 10:41:10 CST

Next message: Warner Losh: "Re: Secure coding in C (was Re: Administrivia #4883)"
Previous message: Bennett Todd: "Re: Secure coding in C (was Re: Administrivia #4883)"
Next in thread: Blue Boar: "Re: ICQ >= 99* + CC Data"
Maybe reply: Jon Hadley: "Re: ICQ >= 99* + CC Data"
Reply: Blue Boar: "Re: ICQ >= 99* + CC Data"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Or 'IntelliSense' saved numbers in IE5? Assuming it's possible to access
these?

For example:

-Pick an appropriate computer
-Pick an appropriate site (CD NOW is a good one)
-Press the down arrow
-Watch as a list of previously used CC numbers appear as if by magic ...

(Assuming the history hasn't been cleared, IntelliSense is enabled blah blah
...)

> -----Original Message-----
> From: Sachs, Marcus [SMTP:sachsmJTFCND.IA.MIL]
> Sent: Monday, January 17, 2000 2:37 PM
> To: VULN-DEVSECURITYFOCUS.COM
> Subject: Re: ICQ >= 99* + CC Data
>
> Maybe it was going after a Microsoft Wallet file?
>
> ms
>
> -----Original Message-----
> From: Vanja Hrustic [ <mailto:vanjarelaygroup.com>]
> Sent: Monday, January 17, 2000 1:15 AM
> To: VULN-DEVSECURITYFOCUS.COM
> Subject: Re: ICQ >= 99* + CC Data
>
>
> Ken Williams wrote:
> >
> > I agree that it sounds very unlikely, but one of the reports came from a
> respected security software developer (who is now MIA, unavailable).
>
> >
> > Here is the only additional info I have:
> >
> > - All reports involved ICQ for Windows 95/98/NT4
> > - Attempts to snag Credit Card data only noticed/picked up by firewall
> and/or proxy when ICQ was initially started for the first time after ICQ
> client installation
>
> Could someone clarify what exactly means 'snag Credit Card data'?
> Looking for a known file on a hard drive? Stealing cookies? Intercepting
> traffic? Recording keystrokes? Or ... ?
>
> It'd be interesting to know if there is a way that someone (not talking
> about ICQ) is able to *locate* the credit card information on a hard
> disk (yes, we can make many theories, but does anybody actually know for
> sure that cc data is located somewhere on the hard disk, for whatever
> reason?)
>
> How could it send data to Mirabilis? Basically, if your firewall lets
> ICQ traffic through - it will most likely be at port 4000. If cc data is
> sent though port 4000, it shouldn't be too hard to distinguish between
> 'real' ICQ traffic, and "something else". If it's destined to some other
> port (or even some other type of 'traffic') - I am pretty sure that many
> people would notice that. Just take a look at what kinds of questions
> (related to 'strange traffic') are posted on
> Firewalls/FW-Wizards/Incidents lists. Someone would ask about traffic to
> mirabilis.com, for sure... :)
>
> Of course, there is always a possibility that some disgruntled employee
> inserted a piece of code in order to get his/her "revenge" (for whatever
> reason).
>
> Or they have been 'r00t3d' ;)
>
> --
>
> Vanja Hrustic
> The Relay Group
> <http://relaygroup.com>
> Technology Ahead of Time
>

Next message: Warner Losh: "Re: Secure coding in C (was Re: Administrivia #4883)"
Previous message: Bennett Todd: "Re: Secure coding in C (was Re: Administrivia #4883)"
Next in thread: Blue Boar: "Re: ICQ >= 99* + CC Data"
Maybe reply: Jon Hadley: "Re: ICQ >= 99* + CC Data"
Reply: Blue Boar: "Re: ICQ >= 99* + CC Data"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b27 : Mon Jan 17 2000 - 14:19:25 CST