RE: *MAJOR SECURITY BREACH AT CCBILL**

From: jlewisat_private
Date: Thu Dec 20 2001 - 05:30:01 PST

Next message: Markus Friedl: "Re: sshd brake-in attempts"

Previous message: Christian Vogel: "Contacting t-dialin {MAJOR SECURITY BREACH AT CCBILL}"
In reply to: robhat_private: "RE: *MAJOR SECURITY BREACH AT CCBILL**"
Next in thread: Rick Darsey: "RE: *MAJOR SECURITY BREACH AT CCBILL**"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 20 Dec 2001 robhat_private wrote:

>
> And they used telnet, ftp as well as ssh for doing that? The scary thing is
> that people have credit card facilities on a machine accessible by telnet.
> Obviously CCBILL's forte' is not security.

The way CCBILL works, sites that use it redirect customers to a CCBILL web
site for the actual credit card payment.  Then CCBILL updates the web
server's passwd file on the appropriate customer system.  AFAIK, this part
is done via CGI.

-- 
----------------------------------------------------------------------
 Jon Lewis *jlewisat_private*|  I route
 System Administrator        |  therefore you are
 Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Markus Friedl: "Re: sshd brake-in attempts"
Previous message: Christian Vogel: "Contacting t-dialin {MAJOR SECURITY BREACH AT CCBILL}"
In reply to: robhat_private: "RE: *MAJOR SECURITY BREACH AT CCBILL**"
Next in thread: Rick Darsey: "RE: *MAJOR SECURITY BREACH AT CCBILL**"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Dec 20 2001 - 08:25:10 PST