|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: ICQ >= 99* + CC Data
Subject: Re: ICQ >= 99* + CC Data
From: Blue Boar (BlueBoar
THIEVCO.COM)
Date: Tue Jan 18 2000 - 00:59:51 CST
- Next message: Blue Boar: "Re: Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21 Days"
- Previous message: Valery Dachev: "Re: Secure coding in C (was Re: Administrivia #4883)"
- In reply to: Jon Hadley: "Re: ICQ >= 99* + CC Data"
- Next in thread: Mikael Olsson: "Re: ICQ >= 99* + CC Data"
- Reply: Blue Boar: "Re: ICQ >= 99* + CC Data"
- Reply: Mikael Olsson: "Re: ICQ >= 99* + CC Data"
- Reply: Raistlin: "R: Re: ICQ >= 99* + CC Data"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jon Hadley wrote:
>
> Or 'IntelliSense' saved numbers in IE5? Assuming it's possible to access
> these?
>
> For example:
>
> -Pick an appropriate computer
> -Pick an appropriate site (CD NOW is a good one)
> -Press the down arrow
> -Watch as a list of previously used CC numbers appear as if by magic ...
>
> (Assuming the history hasn't been cleared, IntelliSense is enabled blah blah
> ...)
>
I think that's the most likely place to look. You'll probably get a
relatively low percentage of success per machine, but that hardly matters
if you're attacking thousands of machines.
I read an article about that last night. Apparently, with the feature
turned on IE just looks at the field name in the HTML code, and throws
up a list of choices that you've previously used for the same field
name elsewhere. So, all one has to do is grab the source for a couple
hundred order pages, profile the field names for the CC number and
exp date, and pick the top 10.
As for whether you can get at it... absolutely. If IE can descramble
it without requiring you to type a password, then so can any program on
your machines. That might be a useful exercise.
Now *there's* something interesting to use a Melissa-style trojan/worm
for.. in addition to mailing itself to your friends, it will mail your
CC numbers to your clearing house that deposits straight to your
offshore account. Heh, how long do you think it would take MS to
produce a patch to permanently remove Intellisense under those
circumstances?
I love having a peer group that can appreciate my evil plans.
BB
- Next message: Blue Boar: "Re: Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21 Days"
- Previous message: Valery Dachev: "Re: Secure coding in C (was Re: Administrivia #4883)"
- In reply to: Jon Hadley: "Re: ICQ >= 99* + CC Data"
- Next in thread: Mikael Olsson: "Re: ICQ >= 99* + CC Data"
- Reply: Blue Boar: "Re: ICQ >= 99* + CC Data"
- Reply: Mikael Olsson: "Re: ICQ >= 99* + CC Data"
- Reply: Raistlin: "R: Re: ICQ >= 99* + CC Data"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b27 : Tue Jan 18 2000 - 01:17:57 CST