will allow a naughty user to get access to information such as order
numbers. No access needed, just a forgery of information.
Yes, but the fact that the email had the order number in it would lead
one to believe that the hacker somehow has access into the system.
John Burns
-----Original Message-----
From: Michael Dinowitz [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 01, 2004 1:43 PM
To: CF-Talk
Subject: RE: Security gurus out there?
We don't know that the box has been compromised. We need to see the
email to know if it was from the site or not. We also need to know if
the information came from a hack, a hijack or a fishing scheme. Shutting
the box down is an extreme and reactionary measure, especially with the
limited information we have. Remember that most spam you recieve that
claims to be from X is really from Y. This may well be the case here.
_____
From: jonese [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 01, 2004 1:33 PM
To: CF-Talk
Subject: Re: Security gurus out there?
what you need to do is as follows
1. shut the site down
2. alert the host that your box has been compromised and ask them to
remove the network cable and shut the box down. DO NOT let them start
poking around looking for evidence
3. contact your local PD and report a cyber crime.
your local PD will make the call to the FBI office (and it'll get a
better response coming from them)
You shut the site / server down to prevent futher attacks but also to
preserve the chain of evidence. and that data.
More than likely your local PD will take the HD of the system in order
to check it out and begin working the case with the FBI.
Hope you have backups.
----- Original Message -----
From: Michael Dinowitz <[EMAIL PROTECTED]>
Date: Wed, 1 Sep 2004 13:25:13 -0400
Subject: RE: Security gurus out there?
To: CF-Talk <[EMAIL PROTECTED]>
Looks like there's a hole in their site that'll allow a user to grab the
account of another. This should provide enough information to send an
and get the CC info. I expect that the email that was sent can be
examined
to show that it did not originate at the original site.
1. forge an account id to get access to anothers account
2. use this to get information such as account number, order number and
email.
3. send email to hacked user and ask for the CC info.
4. make money
Fix:
1. check the original email for source
2. Contact the FBI with the information
3. Get someone to look through the site for holes.
4. Fix the holes
_____
From: Ray Champagne [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 01, 2004 1:18 PM
To: CF-Talk
Subject: Security gurus out there?
We got an email from a guy that has a security problem, and I am just
not
confident enough in my skills to be able to help him out. I am also
swamped with so much work that even if I was able, we cannot take this
on. I told him that I might have a resource to get him the answers he
needs...
Here is the email. Pls contact me if you feel you are the right man (or
woman) for the job. This job is in no way associated with CrystalVision
(my company), so I have no other information other than what you see
below. Contact me offlist, and I will forward your name to him.
Thanks!
Ray
([EMAIL PROTECTED])
-------------------------
Our website is <http://www.dcyoungpro.com>www.dcyoungpro.com.
>>
>>Yesterday, somebody emailed our customers after they purchased tickets
>>through our website.
>>
>>The email mentioned the customer's transaction number, and requested
the
>>customer send them their credit card PIN or their order would be
voided.
>>
>>The email address claimed to be us, but was not, of course.
>>
>>We think that the cause of this may be a hold in our cfm scripts,
perhaps
>>something that would allow unauthorized access or that is not properly
>>secured to prevent break-ins.
>>
>>What would you charge to review our cfm scripts for this, and how long
>>would this take you? Do you have any other suggestions for addressing
this?
>>
>>We have already notified the FBI and the offender's ISP.
=============================================
Ray Champagne - Senior Application Developer
CrystalVision Web Site Design and Internet Services
603.433.9559
www.crystalvision.org
=============================================
The information contained in this transmission (including any attached
files) is CONFIDENTIAL and is intended only for the person(s) named
above. If you received this transmission in error, please delete it
from your system and notify us immediately. If you are not an intended
recipient, please note that any use or dissemination of the information
contained in this transmission (including any attached files) and the
copying, printing, or retransmission of that information is strictly
prohibited. You can notify us by return email or by phone at
603.433.9559.
Thank you.
_____________________________________
_____
_____
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
