[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-developers] Off Topic Question

Subject: Re: [cobalt-developers] Off Topic Question
From: Sean Pecor <sean@xxxxxxxxxxxxxxxxxx>
Date: Mon Dec 4 17:00:01 2000
Organization: Digital Spinner, Inc.
List-id: Mailing list for developers on Cobalt Networks products <cobalt-developers.list.cobalt.com>

Hello,

The first thing to do is communicate with all of the ebusinesses where your 
credit card number was used. A friendly and experienced web master could 
track the web site activity correlating with the user submitting your credit 
card information. The web master could then provide you with the IP number, 
EXACT times of each page request and possibly the domain name of the dialup / 
internet server acting as a gateway for your cracker's modem / desktop. By 
locating the ISP, you can contact them with the IP addresses and EXACT times 
(adjusting for time zone) and they should be able to zero in on the user's 
dialup account. The dialup account may not be owned by the petty thief, but 
then you'll be able to possibly track the thief to the phone line that was 
used to connect to the dialup account, with the help of the phone company of 
course :). All this, of course, takes vast quantities of time, and unless 
you're out 10 large or more, I'd skip it. Life is too short. 

The best thing to do is to cancel that credit card and transfer your balance. 
It was probably stolen when a cracker breached the security of a web server 
containing your credit card information (and likely thousands of other #s 
too). This happens more often than web system administrators care to admit 
(or are even aware of). Thankfully, you often need much more information than 
just the # (zip code, address, etc.) but an insecure database definition can 
contain all of that information in one record (contact info, credit card 
info, etc.). If one small time cracker has your credit card #, postal code, 
trust me, within several months, thousands of them will. They pass them 
around like candy. 

While you're at it, change all of your passwords. If the cracker nabbed a 
database table row with your contact information, you could have specified an 
account password at that web site that is identical to your dialup account, 
bank account pin, calling card pin, etc. An intermediate cracker could do 
some investigating and take away a whole lot more than just a few bucks from 
you!

BTW, I'm not paranoid. A long ago, in a galaxy far far away, I was heavily 
into the dark side of the Net. I'm all growed up now though :).

Sean.

-- 
Digital Spinner, Inc.
802.948.2020
sean@xxxxxxxxxxxxxxxxxx

References:
- Re: [cobalt-developers] Default home page for new sites
  - From: Daniel Foster
- Re: [cobalt-developers] Off Topic Question
  - From: jale

Prev by Date: Re: [cobalt-developers] Off Topic Question
Next by Date: [cobalt-developers] RAQ4 -> Siteadmin -> Site Usage -> Access By Domain
Previous by thread: Re: [cobalt-developers] Off Topic Question
Next by thread: [cobalt-developers] RE:[cobalt-users][Raq2/Qube2]Sleeping nfsoid loaded in Kernels?

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index