And they used telnet, ftp as well as ssh for doing that? The scary thing is that people have credit card facilities on a machine accessible by telnet. Obviously CCBILL's forte' is not security. ---------------------------------------------------- Robbert Hofman forestknoll technologies www.forestknoll.com Website and network monitoring tools Phone: +61 (02) 9963 2600 Fax: +61 (02) 9365 3520 Email: robhat_private -----Original Message----- From: Dayne Jordan [mailto:djordanat_private] Sent: Thursday, 20 December 2001 6:37 AM To: NESTING, DAVID M (SBCSI) Cc: incidentsat_private Subject: Re: *MAJOR SECURITY BREACH AT CCBILL** Because they occasionally go in and update their software used to clear the credit cards... repair password files of authorized users of protected areas on the customers website, etc etc. D. ======== "NESTING, DAVID M (SBCSI)" wrote: > > Out of curiosity, why does CCBILL need usernames and passwords on their > customers' systems? > > -----Original Message----- > From: Dayne Jordan [mailto:djordanat_private] > Sent: Wednesday, December 19, 2001 3:15 AM > To: incidentsat_private > Subject: *MAJOR SECURITY BREACH AT CCBILL** > > It appears that perhaps tens of thousands of username/passwords for valid > shell logins ALL ACROSS THE NET may have been compromised at CCBILL, ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Dec 20 2001 - 00:01:47 PST