[ale] Linode hacked, CCs and passwords leaked
Scott Plante
splante at insightsys.com
Tue Apr 16 11:51:41 EDT 2013
Presumably when they say credit card numbers, they mean payment info, including debit and ACH numbers, and associated data like billing zip, etc.
One of my credit card companies used to have a great service where you could go on their site and generate a special credit card number for use with online transactions. You could limit the total value allowed on the number and set an expiration date any time up to your real card's expiration date. Only transactions from the first vendor to use it could ever use it. So if you generated it for, say, Linode and they immediately made a charge (as they would tend to), no one who later got that credit card number could use it to buy something on Amazon. You could also cancel the individual special use number without affecting your whole card and that whole rigmarole of cancelling your credit card, being sent a new card, and updating all the places where you had recurring charges.
It seemed like a great system and I don't know why they quit it, unless it was a victim of it's own success--perhaps they were using up their cc number address space too fast. Then again, that bank may have just been bought by some other one who didn't have the systems in place to offer that service. Does anyone know of a credit card company that does offer such a service these days?
Scott
----- Original Message -----
From: "leam hall" <leamhall at gmail.com>
To: "Atlanta Linux Enthusiasts" <ale at ale.org>
Sent: Tuesday, April 16, 2013 10:53:59 AM
Subject: Re: [ale] Linode hacked, CCs and passwords leaked
One more reason I'm glad we don't have credit cards.
On Tue, Apr 16, 2013 at 10:40 AM, Chuck Peters < cp at axs.org > wrote:
http://blog.linode.com/2013/04/16/security-incident-update/ says: Credit card numbers... The private key is itself encrypted with passphrase encryption and the complex passphrase is not stored electronically. ... We have no evidence decrypted credit card numbers were obtained.
Do the crackers have the public and private keys?
And if that /. link to irc stuff is right, they have the public and private keys. So how long will it takes to brute force a passphrase. Not long I assume...
Chuck
_______________________________________________
Ale mailing list
Ale at ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
--
Mind on a Mission
_______________________________________________
Ale mailing list
Ale at ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130416/eef95284/attachment.html>
More information about the Ale
mailing list