Done_Posting
Shoot to kill
Premium
join:2003-08-22
Toledo, OH
 ·buckeye cable
| reply to Sodium
Re: DNS flaw..
said by Sodium  :Am I the only person that gets the reference to the Underpants Gnomes? Nope! It's pretty tough to miss it, if you're "in the know"... 
- Tate
--
Happiness is an OC-768 in your basement... |
|
insomniac84
join:2002-01-03
Schererville, IN
1 edit | reply to baineschile1
said by baineschile1 :
never understood people that shopped online with stolen credit card numbers. if i buy a plasma...dont i have to have it "shipped somewhere"?
People will ship to other addresses and attempt to intercept the package. It happened to my grandma. She got a package with what she refers to as computer thing. Calls the shipper and the company and neither cared it wasn't hers and she didn't pay for it. (Maybe the companies all assumed it must have been a gift because no one reported fraud?) But a few days later some kid comes to her door and says he heard she got a package. She knowing there was no way this was possible, she told him he could have it if he calls UPS and get them to authorize her to give it to him. She never saw him again and after a few months (in case someone did want it back) she told me about it. It was a mediocre video card and I think I ended up putting in an aunt's computer. |
|
Sodium
Premium
join:2003-12-02
Rice Lake, WI | reply to insomniac84
Am I the only person that gets the reference to the Underpants Gnomes? |
|
dvd536
as Mr. Pink as they come
Premium
join:2001-04-27
Phoenix, AZ
| reply to ISurfTooMuch
said by ISurfTooMuch :Ah, but I can complete that for you. step 1 - alter dns records step 2 - redirect users from legit commerce and banking sites to lookalike phishing sites step 3 - grab credit card numbers and usernames/passwords step 4 - shop with stolen cards, sell stolen card numbers, and drain bank accounts step 5 - profit step 4.5 - sell booty on ebay.
--
When I gez aju zavateh na nalechoo more new yonooz tonigh molinigh - Ken Lee |
|
haze_nme
join:2004-01-13
Tucson, AZ | reply to baineschile1
You can get away with using stolen card numbers for intangible things like memberships to sites, or for purchasing more domain names/hosts. |
|
morbo
Complete Your Transaction
join:2002-01-22
00000
clubs:
·Charter Pipeline
 ·AT&T Southwest
| reply to baineschile1
said by baineschile1 :
never understood people that shopped online with stolen credit card numbers. if i buy a plasma...dont i have to have it "shipped somewhere"?
there's no real enforcement out there for these smallish crimes. local police won't touch it and credit card companies prefer to write it off, as long as it's not too much.
the lawyers and effort would cost them more than it's worth.
sad but true. |
|
ISurfTooMuch
join:2007-04-23
Tuscaloosa, AL
| reply to baineschile1
You'd think that would be a deterrant, but people seem to still get away with it. And I'd imagine many stolen card numbers would be printed on counterfeit cards and used overseas. I doubt a shop in Moscow or Shanghai is going to care too much if a card is stolen as long as the transaction is approved. The shop owner is going to sell the goods for a profit, and they can always deny they knew the card was stolen if they're asked about it.
Still, I think the big money would be in selling the numbers. The seller gets their money, and the buyers use the cards until they're canceled. |
|
baineschile1
@comcast.net | reply to ISurfTooMuch
never understood people that shopped online with stolen credit card numbers. if i buy a plasma...dont i have to have it "shipped somewhere"? |
|
ISurfTooMuch
join:2007-04-23
Tuscaloosa, AL
| reply to insomniac84
Ah, but I can complete that for you.
step 1 - alter dns records
step 2 - redirect users from legit commerce and banking sites to lookalike phishing sites
step 3 - grab credit card numbers and usernames/passwords
step 4 - shop with stolen cards, sell stolen card numbers, and drain bank accounts
step 5 - profit |
|
mworks
join:2006-06-13
Faison, NC
| reply to insomniac84
said by insomniac84 :We will see it a lot only because: step 1 - alter dns records step 2 - ????? step 3 - profit Alter a site like bank of america, grab login info for just 5 minutes and walk away with thousands . |
|
insomniac84
join:2002-01-03
Schererville, IN | reply to ISurfTooMuch
We will see it a lot only because:
step 1 - alter dns records
step 2 - ?????
step 3 - profit |
|
ISurfTooMuch
join:2007-04-23
Tuscaloosa, AL
| reply to ztmike
And this is the same attitude that keeps many users from cleaning the viruses, worms, and trojans off their machines.
If this exploit turns out to be as easy as it's reported to be, you're going to see it used a lot. The Internet won't fail, but a lot of folks are going to get scammed. If you don't think it will happen, check your spam folder and see all the phishing attempts out there. Right now, if you're a careful user and don't get infected, you can be reasonably safe. If this DNS exploit is used, you won't be able to trust any site you're visiting as being legit. |
|
