Security Incidents mailing list archives

Re: *MAJOR SECURITY BREACH AT CCBILL**

From: l0rtamus Prime <simon () snosoft com>
Date: 19 Dec 2001 17:49:57 -0500

Also on this note:
        Did you request permission to disclose this information from CBILL to
this list?  I know that many companies prefer to deal with issues like
this on their own and have their own controlled ways of disclosing
information.

        I am asking because I know of a site that has similar issues (not
nearly as serious).  When I contacted the person responsible he flat out
insulted me and accused me of trying to make money off of his
vulnerability. (which is not the case at all.) When I asked him if he
would like me to explain the issue he said "no" and hung up the phone.

        The problem with his web site is a simple perl issue that any average
perl programmer can figure out. Any advice on what I should do?  Should
I post a full disclosure?  

I have tried to contact him, his ISP (verio) and other people but thus
far have yet to speak to anyone reasonable.





On Wed, 2001-12-19 at 15:16, Dayne Jordan wrote:

Yes, I notitifed CCBILL/Cavecreek.Net at approx. 4:00am EST.
I spoke directly with their network security. 

As of this morning, they are unreachable as they are all in
a meeting. The person I spoke with this morning over there told
me that they are meeting regarding this situation right now
and would make an announcement to their customers soon.

D.
============

H C wrote:


Dayne,

It is my opinion that Cavecreek/CCBILL has had a
breach of security
thus releasing user ids and logins on various
servers around the
internet. CCBILLS customer base is in the tens of
thousands.


Just out of curiosity, did you happen to contact
anyone at CCBILL prior to posting this information to
a public list server?

__________________________________________________
Do You Yahoo!?
Check out Yahoo! Shopping and Yahoo! Auctions for all of
your unique holiday gifts! Buy at http://shopping.yahoo.com
or bid at http://auctions.yahoo.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

-- 
Regards,
        l0rtamus Prime
        
        ----------------------------------------------
        "The best defense against logic is ignorance."


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

*MAJOR SECURITY BREACH AT CCBILL** Dayne Jordan (Dec 19)
- Re: *MAJOR SECURITY BREACH AT CCBILL** H C (Dec 19)
  - Re: *MAJOR SECURITY BREACH AT CCBILL** Dayne Jordan (Dec 19)
    - Re: *MAJOR SECURITY BREACH AT CCBILL** l0rtamus Prime (Dec 19)
    - Re: *MAJOR SECURITY BREACH AT CCBILL** Robert van der Meulen (Dec 19)
- RE: *MAJOR SECURITY BREACH AT CCBILL** Rick Darsey (Dec 19)
  - Contacting t-dialin {MAJOR SECURITY BREACH AT CCBILL} Christian Vogel (Dec 20)
    - Re: Contacting t-dialin {MAJOR SECURITY BREACH AT CCBILL} Damir Rajnovic (Dec 21)
- Re: *MAJOR SECURITY BREACH AT CCBILL** Matthew S. Hallacy (Dec 24)
- <Possible follow-ups>
- RE: *MAJOR SECURITY BREACH AT CCBILL** NESTING, DAVID M (SBCSI) (Dec 19)
  - Re: *MAJOR SECURITY BREACH AT CCBILL** Dayne Jordan (Dec 19)
  - Re: *MAJOR SECURITY BREACH AT CCBILL** Dayne Jordan (Dec 19)
    - RE: *MAJOR SECURITY BREACH AT CCBILL** robh (Dec 20)
    - RE: *MAJOR SECURITY BREACH AT CCBILL** jlewis (Dec 20)

(Thread continues...)