Marek Kilimajer wrote:
Greg Donald wrote:
On Mon, 07 Feb 2005 22:25:46 -0500, trlists@xxxxxxxxxx
<trlists@xxxxxxxxxx> wrote:
I think this is an extraordinary (and unjustified) level of paranoia.
This was aimed at me. I personally wouldn't touch a CCN with a barge pole,
I did say it was 'best' not to accept them at all, although accepting them and
immediately passing them on via an SSL link (e.g. with cURL) is probably
'good enough' - at least, apparently, 10,000s of merchant seem to think so.
cat /dev/mem | strings | egrep "^[0-9]+$"
nice bit of magic tho, Greg :-)
cat: /dev/mem: Permission denied
:)
You need root access. If anyone gains root on your providers server, he
has simpler ways to find the CCNs
getting root is often quite trivial for anyone with a fair bit of knowledge & determination,
mostly because for alot of vulnerabilities there are 'make'n'run' exploits which
any numpty can use.
besides which anyone ever here of 'an inside job' - i.e. when the CCNs go wandering from
your DB/encrypted zipfile/index.html, its the sysadmin who you should be looking at first
(e.g. its often alot easier to bribe a sysadmin than it is to hack into a server).
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
