Re: [Full-Disclosure] Credit card numbers
On Thu, 17 Jul 2003, northern snowfall wrote: Carding is for hackers who enjoy prison. If you are considering illegal activity that involves theft or the possibly involvement of the secret service, I suggest you first ask yourself whether or not you enjoyed high school cafeteria food and then imagine eating that for the next 20-30 years. It's not the food that scares me, (I ate public school food in Brooklyn NY, those aren't rasins in the stuffing kids) it's your new girlfriend with the 42 chest and the hairlip. He likes you ALOT, you wish you had shoe laces to hang yourself with. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Credit card numbers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Myers, Marvin wrote: | Maybe it is only me, but does anyone else notice a big jump in the | number of merchants that are printing the entire credit card number and | expiration date on receipts? | Over the past 6 months I have had to educate about a dozen local | merchants about the possible abuse scenarios that exist with this type | of information leakage. If there | Is not already some sort of law governing this policy, there should be. | | | Marvin R. Myers | This may not be exactly what you're looking for, but the Gramm-Leach-Bliley Act has some protections for consumer credit card information: http://thomas.loc.gov/cgi-bin/bdquery/z?d106:SN00900:| Thanks, Jeff - -- Jeff Bollinger, CISSP University of North Carolina IT Security Analyst 105 Abernethy Hall mailto: jeff @unc dot edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/F/W8voVlxVBmgsURAgxJAJ9kbu8KeQH8Jg4gJH347OCfN9yzHgCZAdON nLiywjVil5HeaxA28Rd92d8= =UscJ -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Credit card numbers
Nick Jacobsen wrote: Perhaps it is just my imagination here, and I do realize this is an unmoderated list, but this seems to be a more than unacceptable email. This is a professional list - would you go up to someone at a Haha, this a professional list! : ) Too funny!! We'd like it to be... But we all know running a unmoderated list will NEVER result in a professional list however hard we try. Same as why we have police. A few individuals think they cannot be valuable to society, or some such. Next thing we hire people to keep them in check, and off it goes until we all suffer for the few. Why would this be different? The idea is right - having a list where all security announcements can be made. However one have to have the time and ability, and be willing, to stop non security related posts. Not too hard, but many thinks it cannot be done. All you need is the ability to differentiate. (In the end if you're not sure you could just post it. Then if it runs away into some BS stop it.) It can still be full disclosure as far as security goes. ALL security related mail is posted, simple. Name calling is not security related so it goes to /dev/null. computer security conference and tell em oh yeah, I used to card during highschool all the time? My favorite phase is the I don't exploit this *ANYMORE* (emphasis added) Bah, I used to shoplift for a living, I don't do it anymore. I believe god forgives sinners as long as they admit it. Occasionally I actually break in to other peoples computers. Boo-fucking-hoo. This list isn't corporate-whores-trying-to-gather-enough-strings-to-get-a-clue. -- kokanin, speaker of truth, friend of jesus, son of God. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -- Steve Szmidt VP Information Technology Video Group Distributors, Inc. 727-585-7737 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Credit card numbers
Maybe it is only me, but does anyone else notice a big jump in the number of merchants that are printing the entire credit card number and expiration date on receipts? Over the past 6 months I have had to educate about a dozen local merchants about the possible abuse scenarios that exist with this type of information leakage. If there Is not already some sort of law governing this policy, there should be. Marvin R. Myers �
Re: [Full-Disclosure] Credit card numbers
On Thu, 2003-07-17 at 10:49, Myers, Marvin wrote: Maybe it is only me, but does anyone else notice a big jump in the number of merchants that are printing the entire credit card number and expiration date on receipts? Over the past 6 months I have had to educate about a dozen local merchants about the possible abuse scenarios that exist with this type of information leakage. If there Is not already some sort of law governing this policy, there should be. I believe there's a patent on the idea of only listing four digits of a credit card. So yes, there's an actual financial incentive to do the wrong thing. A local grocery store was doing 8 digits for a while - before they went out of business. Another shows all of them - they seem to be doing well. Shredders are your friends. But don't let that stop you from complaining to the merchant in question. Don't behead the person behind the counter - but maybe ask them to relay a message to their manager. On a related note, how do you get web vendors not to store your credit card # on their hard disks longer than absolutely necessary? I trust (ssl data entry * number of orders) a lot more than a merchant's ability to stay up to date on patches until my card expires. -- Dan Stromberg DCS/NACS/UCI [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
RE: [Full-Disclosure] Credit card numbers
Title: Message This is or will soon be illegal in California. Part of the anti-identity theft legislation movement there. They will also be requiring the ability toattach PINs to credit reports. They will be requiring that all merchants use credit card systems which do NOT print the full credit card number and/or expiration date. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myers, MarvinSent: Thursday, July 17, 2003 1:49 PMTo: [EMAIL PROTECTED]Subject: [Full-Disclosure] Credit card numbers Maybe it is only me, but does anyone else notice a big jump in the number of merchants that are printing the entire credit card number and expiration date on receipts? Over the past 6 months I have had to educate about a dozen local merchants about the possible abuse scenarios that exist with this type of information leakage. If there Is not already some sort of law governing this policy, there should be. Marvin R. Myers
Re: [Full-Disclosure] Credit card numbers
Myers, Marvin wrote: Maybe it is only me, but does anyone else notice a big jump in the number of merchants that are printing the entire credit card number and expiration date on receipts? In Denmark they out 4 ciphers, but sadly the position of them alternate(jeez). No expiry date on the receipt, but VISA has limited lifetime, so 50 tries should do it. -- kokanin ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Credit card numbers
Perhaps it is just my imagination here, and I do realize this is an unmoderated list, but this seems to be a more than unacceptable email. This is a professional list - would you go up to someone at a computer security conference and tell em oh yeah, I used to card during highschool all the time? My favorite phase is the I don't exploit this *ANYMORE* (emphasis added) Nick Jacobsen [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -Original Message- From: Kristian Hermansen Sent: Thu 7/17/2003 12:43 PM To: [EMAIL PROTECTED] Cc: Subject: Re: [Full-Disclosure] Credit card numbers There are many companies that still leave the full numbers on their receipts. I am going to give away a pretty big secret right now. If you have ever eaten at the 99 Restaurant you will notice that they have the MOST sensitive information out of any company I have ever used my credit card at. Here's a list of what is on the receipt: 1) Full CC# - nothing blanked out 2) Full Name - just as it appears on the card 3) Expiration date 4) Customer signature (if they signed their copy) Now here's how to easily get them. When I was in high school I used to go there late on Friday and Saturday nights and snag all the receipts out of the conveniently placed trash receptacle right outside the front door. Friday and Saturday nights are the best because they usually have the most customers (at the bar, drunk people, etc...) Anyway, I have kept this pretty much a secret for a long time now and since we are on the topic and I don't exploit this anymore I figured I should make it public. There is even a way to get the CVV2 numbers from the back of the cards, but I will NOT tell you how to do that! If you check out the restaurant, I'm sure you will figure out how I got the CVV2 numbers as well. AND DON'T F**KING EMAIL ASKING HOW TO DO IT!!! Peace out... Kris winmail.dat
Re: [Full-Disclosure] Credit card numbers
Nick Jacobsen wrote: Perhaps it is just my imagination here, and I do realize this is an unmoderated list, but this seems to be a more than unacceptable email. This is a professional list - would you go up to someone at a computer security conference and tell em oh yeah, I used to card during highschool all the time? My favorite phase is the I don't exploit this *ANYMORE* (emphasis added) Bah, I used to shoplift for a living, I don't do it anymore. I believe god forgives sinners as long as they admit it. Occasionally I actually break in to other peoples computers. Boo-fucking-hoo. This list isn't corporate-whores-trying-to-gather-enough-strings-to-get-a-clue. -- kokanin, speaker of truth, friend of jesus, son of God. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Credit card numbers
This is a professional list - would you go up to someone at a computer security conference and tell em oh yeah, I used to card during highschool all the time? Oh grow up Don http://www.7f.no-ip.com/~north_ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Credit card numbers
Carding is for hackers who enjoy prison. If you are considering illegal activity that involves theft or the possibly involvement of the secret service, I suggest you first ask yourself whether or not you enjoyed high school cafeteria food and then imagine eating that for the next 20-30 years. The issue isn't about what people are about to do, but what people have done. Everyone has made mistakes, that's just an inherent part of life. Learning from the problems is the main issue. I've never carded, nor plan to, but I'm not so foolish to think that I couldn't learn something about security from someone who has had experience in that area. So, yes, grow up and realize everyone has something to offer. Don http://www.7f.no-ip.com/~north_ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Credit card numbers
Also I'm really not entirely sure what's so professional about this list. What deems a professional anyway? I mean seriously, you stopped hacking and got a job instead so now you're a professional? You avoided prison until the age of 18 and someone was foolish enough to pay you for your intellectual property so now you are a professional? Or maybe you have a CISSP and you know absolutely everything and that makes you a professional. Come on please. Nothing is even remotely at black and white as it's made out to be. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of gml Sent: Thursday, July 17, 2003 6:18 PM To: 'northern snowfall'; 'Nick Jacobsen' Cc: [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] Credit card numbers Carding is for hackers who enjoy prison. If you are considering illegal activity that involves theft or the possibly involvement of the secret service, I suggest you first ask yourself whether or not you enjoyed high school cafeteria food and then imagine eating that for the next 20-30 years. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of northern snowfall Sent: Thursday, July 17, 2003 6:59 PM To: Nick Jacobsen Cc: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Credit card numbers This is a professional list - would you go up to someone at a computer security conference and tell em oh yeah, I used to card during highschool all the time? Oh grow up Don http://www.7f.no-ip.com/~north_ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Credit card numbers
i used to card during high school all the time. /m - Original Message - From: gml [EMAIL PROTECTED] To: 'northern snowfall' [EMAIL PROTECTED]; 'Nick Jacobsen' [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, July 17, 2003 3:18 PM Subject: RE: [Full-Disclosure] Credit card numbers Carding is for hackers who enjoy prison. If you are considering illegal activity that involves theft or the possibly involvement of the secret service, I suggest you first ask yourself whether or not you enjoyed high school cafeteria food and then imagine eating that for the next 20-30 years. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of northern snowfall Sent: Thursday, July 17, 2003 6:59 PM To: Nick Jacobsen Cc: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Credit card numbers This is a professional list - would you go up to someone at a computer security conference and tell em oh yeah, I used to card during highschool all the time? Oh grow up Don http://www.7f.no-ip.com/~north_ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Credit card numbers
I would have mentioned the butt sex, but I guess the food is pretty bad too. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of gml Sent: Thursday, July 17, 2003 6:18 PM To: 'northern snowfall'; 'Nick Jacobsen' Cc: [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] Credit card numbers Carding is for hackers who enjoy prison. If you are considering illegal activity that involves theft or the possibly involvement of the secret service, I suggest you first ask yourself whether or not you enjoyed high school cafeteria food and then imagine eating that for the next 20-30 years. smime.p7s Description: S/MIME cryptographic signature
Re: [Full-Disclosure] Credit card numbers
Good lord. Trashing 101. This is so 30 years ago. Why is this even on the list? Chris Watson Bestor G. Brown #433 Wichita, KS USA M.M AIM: BSDUNIX44 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Credit card numbers
My point being was that at a certain point regardless you realize hopefully as you grow up that carding is REALLY INCREDIBLY STUPID and often results in a serious prison sentence. -Original Message- From: micah mcnelly [mailto:[EMAIL PROTECTED] Sent: Thursday, July 17, 2003 6:47 PM To: gml; 'northern snowfall'; 'Nick Jacobsen' Cc: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Credit card numbers i used to card during high school all the time. /m - Original Message - From: gml [EMAIL PROTECTED] To: 'northern snowfall' [EMAIL PROTECTED]; 'Nick Jacobsen' [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, July 17, 2003 3:18 PM Subject: RE: [Full-Disclosure] Credit card numbers Carding is for hackers who enjoy prison. If you are considering illegal activity that involves theft or the possibly involvement of the secret service, I suggest you first ask yourself whether or not you enjoyed high school cafeteria food and then imagine eating that for the next 20-30 years. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of northern snowfall Sent: Thursday, July 17, 2003 6:59 PM To: Nick Jacobsen Cc: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Credit card numbers This is a professional list - would you go up to someone at a computer security conference and tell em oh yeah, I used to card during highschool all the time? Oh grow up Don http://www.7f.no-ip.com/~north_ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Credit card numbers
On Thursday 17 July 2003 03:51 pm, gml wrote: My point being was that at a certain point regardless you realize hopefully as you grow up that carding is REALLY INCREDIBLY STUPID and often results in a serious prison sentence. Not to mention the fact that it generally causes serious financial damage and distress to innocents. This isn't page-defacement or software-license evasion. Someone is actually harmed by these actions. -- Jeremiah Cornelius, CISSP, CCNA, MCSE Information Security Technology - farm9.com email: [EMAIL PROTECTED] - mobile: 415.235.7689 What would be the use of immortality to a person who cannot use well a half hour? --Ralph Waldo Emerson ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
