[AusNOG] Security for CC details of new signups

Daniel Hood dsmhood at gmail.com
Tue Jul 6 10:37:23 EST 2010


So many companies need to be taught lessons. There's just not enough time in
the day for me and metasploit ;-) 

I think it's not at all standard operating procedure to teach them a lesson.
I think standard operating procedure is to report them to someone who can
actually do something about it. First try the higher (or highest up's) in
the company. If that doesn't work make sure you've detailed it in a lovely
colourful report (higher up's love color and pictures... It makes them feel
like they are actually important...) and so when it comes to the fact that
they've had all their customer's CC details stolen you can throw the report
back in their face and say "I told you so" and possibly do a dance to go
with it. 

Dan 


-----Original Message-----
From: ausnog-bounces at lists.ausnog.net
[mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of James Paussa
Sent: Tuesday, 6 July 2010 10:13 AM
To: Steve Skeevens
Cc: ausnog at ausnog.net
Subject: Re: [AusNOG] Security for CC details of new signups

Steve,
Make them aware of the problem. If they don't congratulate you and give
you a full time job for at least 6 figures it seems that the standard
operating procedure is to release the details publicly to teach them a
lesson.
</sarcasm>

James.

> Hi List,
>
> I've been doing some work on a client's network and I was wondering if
> their
> method of storing credit card numbers of newly registering users was BCP
> or
> not.  Basically, what seems to be happening is the new user's details,
> including CC, get stored in a world-readable file in /tmp.  I'm worried
> that
> this might be susceptible to being stolen and posted somewhere by a
> hacker.
> Does this seem well-founded to you or am I just paranoid?
>
> Regards,
> Steve
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>


_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog




More information about the AusNOG mailing list