|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: ICQ >= 99* + CC Data
Subject: Re: ICQ >= 99* + CC Data
From: Flynn, Harold M. III (Flynnh
MONT.DISA.MIL)
Date: Tue Jan 18 2000 - 09:25:18 CST
- Next message: Blue Boar: "Re: Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21Days"
- Previous message: kay: "Re: Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21 Days"
- Maybe reply: Flynn, Harold M. III: "Re: ICQ >= 99* + CC Data"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I'm curious as to whether or not the Java client does the same thing.
Wonder if that code is open sourced or not? Time to pick it apart tonite.
Hal
> -----Original Message-----
> From: Sachs, Marcus [SMTP:sachsmJTFCND.IA.MIL]
> Sent: Monday, January 17, 2000 8:37 AM
> To: VULN-DEVSECURITYFOCUS.COM
> Subject: Re: ICQ >= 99* + CC Data
>
> Maybe it was going after a Microsoft Wallet file?
>
> ms
>
> -----Original Message-----
> From: Vanja Hrustic [ <mailto:vanjarelaygroup.com>]
> Sent: Monday, January 17, 2000 1:15 AM
> To: VULN-DEVSECURITYFOCUS.COM
> Subject: Re: ICQ >= 99* + CC Data
>
>
> Ken Williams wrote:
> >
> > I agree that it sounds very unlikely, but one of the reports came from a
> respected security software developer (who is now MIA, unavailable).
>
> >
> > Here is the only additional info I have:
> >
> > - All reports involved ICQ for Windows 95/98/NT4
> > - Attempts to snag Credit Card data only noticed/picked up by firewall
> and/or proxy when ICQ was initially started for the first time after ICQ
> client installation
>
> Could someone clarify what exactly means 'snag Credit Card data'?
> Looking for a known file on a hard drive? Stealing cookies? Intercepting
> traffic? Recording keystrokes? Or ... ?
>
> It'd be interesting to know if there is a way that someone (not talking
> about ICQ) is able to *locate* the credit card information on a hard
> disk (yes, we can make many theories, but does anybody actually know for
> sure that cc data is located somewhere on the hard disk, for whatever
> reason?)
>
> How could it send data to Mirabilis? Basically, if your firewall lets
> ICQ traffic through - it will most likely be at port 4000. If cc data is
> sent though port 4000, it shouldn't be too hard to distinguish between
> 'real' ICQ traffic, and "something else". If it's destined to some other
> port (or even some other type of 'traffic') - I am pretty sure that many
> people would notice that. Just take a look at what kinds of questions
> (related to 'strange traffic') are posted on
> Firewalls/FW-Wizards/Incidents lists. Someone would ask about traffic to
> mirabilis.com, for sure... :)
>
> Of course, there is always a possibility that some disgruntled employee
> inserted a piece of code in order to get his/her "revenge" (for whatever
> reason).
>
> Or they have been 'r00t3d' ;)
>
> --
>
> Vanja Hrustic
> The Relay Group
> <http://relaygroup.com>
> Technology Ahead of Time
>
- Next message: Blue Boar: "Re: Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21Days"
- Previous message: kay: "Re: Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21 Days"
- Maybe reply: Flynn, Harold M. III: "Re: ICQ >= 99* + CC Data"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b27 : Tue Jan 18 2000 - 10:40:41 CST