[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Credit cards
- Subject: Re: [cobalt-security] Credit cards
- From: "E.B. Dreger" <eddy+public+spam@xxxxxxxxxxxxxxxxx>
- Date: Wed, 15 May 2002 15:35:40 +0000 (GMT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
GW> Date: Wed, 15 May 2002 05:29:23 -0400
GW> From: Gerald Waugh
GW> We process the card in RAM, then wipe the arrays. I have seen
Exactly. :-)
GW> processing software that writes the data to a file, then
GW> deletes the file. I stay away from that.
Yup. Good job. :-) A quick story for the benefit of others who
might think that deleting files is sufficient:
I once did something really stupid...
dd if=/dev/zero of=/dev/ad0
when I meant
dd if=/dev/zero of=/dev/da0
on a BSD machine. Bye bye slice table and first volume on the
wrong spindle. I caught myself in time to save the other
partitions... if only I could remember where they were.
Solution? A program that munched disk sector by sector, checking
for valid superblock candidates. I took another program, made
some changes, and ran it... soon enough, I had my partition table
reconstructed.
Now let's say that somebody cracks root on a box with "deleted"
credit card numbers. How hard is it to write a program that
scans a raw drive for "deleted" credit card numbers?
--
Eddy
Brotsman & Dreger, Inc. - EverQuick Internet Division
Phone: +1 (316) 794-8922 Wichita/(Inter)national
Phone: +1 (785) 865-5885 Lawrence
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@xxxxxxxxx>
To: blacklist@xxxxxxxxx
Subject: Please ignore this portion of my mail signature.
These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist@xxxxxxxxx>, or you are likely to
be blocked.