Full Disclosure mailing list archives

Re: NiX API

From: mrx <mrx () propergander org uk>
Date: Thu, 09 Jun 2011 17:03:53 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/06/2011 16:05, nix () myproxylists com wrote:

Primarily this is an advertisement.


I would guess that it is some anti-hack system for webmasters who haven't
a clue, a kind of auto-generating block list.
I'm a noob and I am just guessing.

It does provide great protection also to those webmasters who got a clue.

We had fraudulent purchase almost every second day, paypal let every
fraudulent purchase through and the ** next day ** their automation
reversed the payment. ..

Needless to say how much we got frustrated and pissed while filing their
forms regarding unauthorized claims. We were also charged by paypal for a
certain percentage of each fraudulent payment!

This is where NiX API comes in:

In most cases, the malicious user is denied access even before a
fraudulent purchase is made!

Since implementation of NiX API with it's current featuers: 0 fraudulent
purchases in last 2-3 weeks period. It definitely does something.


I don't see how it is possible to tell a fraudulent paypal payment from a legitimate one, unless the IP address used to 
make the purchase is all
ready known as a source of fraudulent transactions.

Obviously if "John Smith" made a payment from an IP address originating from China, Japan or other non-English/American 
IP address range then
something is suspect, but this is still not definitive.

How could this system stop a fraudulent payment from a source with an IP address the system has never seen before 
originating from a corporate
address block or respected ISP, or unlikely but not impossible an IP address that has previously made a valid 
transaction?

Any smart fraudster would use a device purchased with cash using a spoofed MAC address from a wifi hotspot out of sight 
of CCTV.

Please enlighten me, or would that let the cat out of the bag?

regards
mx

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEVAwUBTfDu6bIvn8UFHWSmAQLG1gf9Gv9cpFERJWbxzY05U4Wd6vYxLQb2N4Oy
eb8HWYsVALjDO2M3Od9FdXRFCtkF7VHx4hsL67fe69UAqRq3+7yUJEpj+vPMGhow
lrb9Nn93R5r14i/dCYJTKQkzQ8zdvkYv3uyvu9A7MP+ME4mukBUTFUyCN2oekr6R
fHa7YcjUkB43+IocUjr0EqnVZLtGMbJsFzGXoUNTVpIwPrj5kvTOo4rK8upwaE9g
1V3TRUM815v2hq7IH9IUdu2mAKB9UDNEp8K6Vi6RL0ZMGNWXsf9BL8kmDD/dcOlf
9e2MSN6QQOYeAMYNaZSgOPOjX0sVqhd/fVKEeBMs+OZaOJOfG1Chow==
=ytkT
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

NiX API nix (Jun 08)
- Re: NiX API phocean (Jun 08)
  - Re: NiX API mrx (Jun 08)
    - Re: NiX API nix (Jun 09)
    - Re: NiX API James Rankin (Jun 09)
    - Re: NiX API nix (Jun 09)
    - Re: NiX API Rove Monteux (Jun 10)
    - Re: NiX API Valdis . Kletnieks (Jun 09)
    - Re: NiX API nix (Jun 09)
    - Re: NiX API David Ford (Jun 09)
    - Re: NiX API mrx (Jun 09)
    - Re: NiX API nix (Jun 09)
    - Re: NiX API adam (Jun 09)
    - Re: NiX API jabea (Jun 09)
    - Re: NiX API nix (Jun 09)
    - Message not available
    - Message not available
    - Re: NiX API Aaron Turner (Jun 09)
    - Re: NiX API nix (Jun 09)
    - Re: NiX API Aaron Turner (Jun 09)
    - Re: NiX API nix (Jun 09)
    - Re: NiX API Aaron Turner (Jun 09)
    - Re: NiX API Thor (Hammer of God) (Jun 09)

(Thread continues...)