Home page logo

bugtraq logo Bugtraq mailing list archives

verisign payment site backdoor ?
From: Andrej Todosic <atodosic () ubisoft com>
Date: Thu, 7 Feb 2002 19:43:53 -0500


so i had today a little adventure with verisign about paying some domains. 
When you go on their secure site and enter payment information, they now
require a security check
The security check consists of entering a billing address postal code.
Without this the payment wouldnt work.
After verifying several times witht hem on the phoen ( their system wont
accept a canadian postal code).
They told me just to put 5 zeros. The payment went through. I also seem to
vaguely remember a mention of it somewhere in the payment confirmation
screen. My question is:

they gave it to me, so they know very well it exists, but what security do
they have if they have a backdoor like this, 
and what is the point of extra precautions when you publicly tell everyone
to use zeros if nothing else works. 

I dont know if this should be made into a big thing, but i certainly dont
feel comfortable with these guys having my CC number.

Comments or opinions are welcome. 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]