RE: *MAJOR SECURITY BREACH AT CCBILL**
From: jlewis@lewis.orgDate: 12/20/01
- Previous message: Christian Vogel: "Contacting t-dialin {MAJOR SECURITY BREACH AT CCBILL}"
- In reply to: robh@forestknoll.com: "RE: *MAJOR SECURITY BREACH AT CCBILL**"
- Next in thread: Rick Darsey: "RE: *MAJOR SECURITY BREACH AT CCBILL**"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 20 Dec 2001 08:30:01 -0500 (EST) From: <jlewis@lewis.org> To: <robh@forestknoll.com>
On Thu, 20 Dec 2001 robh@forestknoll.com wrote:
>
> And they used telnet, ftp as well as ssh for doing that? The scary thing is
> that people have credit card facilities on a machine accessible by telnet.
> Obviously CCBILL's forte' is not security.
The way CCBILL works, sites that use it redirect customers to a CCBILL web
site for the actual credit card payment. Then CCBILL updates the web
server's passwd file on the appropriate customer system. AFAIK, this part
is done via CGI.
-- ---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
- Previous message: Christian Vogel: "Contacting t-dialin {MAJOR SECURITY BREACH AT CCBILL}"
- In reply to: robh@forestknoll.com: "RE: *MAJOR SECURITY BREACH AT CCBILL**"
- Next in thread: Rick Darsey: "RE: *MAJOR SECURITY BREACH AT CCBILL**"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
