Results 1 to 7 of 7

Thread: hacking large commercial site

  1. #1

    Question hacking large commercial site

    Hello All,

    Is it possible that an enemy could hack a large commercial site where I have an online shop and compromise my email and shopping cart, so that I might be getting traffic and never know about it? I called cust serv of this business (cafepress) and was told that tampering with the site is impossible since it rests on their secure server. Is this so?

    Thanks.

  2. #2
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    buahahhahahahahhahahhahahha no, unless there server is not connected to a network that is conected to the internet, then there is some risk. It would also have to be burried somewhere very deep that way no one has physical access to it either. Chances are you spoke to someone that si just trying to reassure you that everything is ok, when in fact it is possible to do what you are asking. It may be harder for large companies that take the time and money to secure there stuff, but it is far from impossible.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  3. #3
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    795
    Is it possible that an enemy could hack a large commercial site where I have an online shop and compromise my email and shopping cart, so that I might be getting traffic and never know about it?
    All members will say yes to that question. Now as far as:

    called cust serv of this business (cafepress) and was told that tampering with the site is impossible since it rests on their secure server. Is this so?
    Thanks.

    No its no so. The person you were speaking with told you what you wanted to hear, or just to get you off the phone either way the person should have not told you that. Sorry for the in-correct information.

  4. #4
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Listener:

    Simply put, there is no such thing as security where computer are concerned when they are connected to the internet. It's very easy to give yourself the illusion of security but it is just that, an illusion. This company is suffering from the illusion of security I'm afraid.

    However, rather than just alarm you, I will expand a little....

    The "art" of security is the balance between effort and reward. In other words, can I make an attacker expend more effort than the reward is worth to him. Added into the equation, is risk. Risk on the part of the attacker. My job is to make it sufficiently difficult for him to gain entry that it becomes apparent that I am also looking for traces of his tiptoeing through my defenses. If I can show him that I take security seriously, (with properly set up firewalls, up to date patches, warnings about illegal activity, etc. etc. etc.), then he has to conclude that the risk of getting caught is high. Then it's his choice.... Does he think the potential reward gained from a successful intrusion and egress without detection exceed the risk of getting caught and not only not getting the reward but also having to deal with the punishment.

    The level of security a company requires is dependent upon the risk assessment they do on their own business. The risk assessment determines the "cost" to the business of a successful intrusion, (whether it is detected or not). In the case of the business you are involved with the probability is high that they take security seriously and have employees that are skilled in the "art" of security. I say that because the reputation of the business _is_ it's bottom line.... If the reputation goes bad they will have no customers, with no customers they have only expense and no income... which means they lose their shirts.... Which they don't want to do.

    As to being told that "tampering is impossible".... That's a standard "company line" to the customers.... The person telling you that knows no more about computer security then you do.... But that's what he's been told. Where you to ask what _exact_ measures the company takes to protect your data you will get the standard "We do not divulge the security systems we have in place because....." answer..... It's what you'd get from me too.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #5
    Senior Member
    Join Date
    Jan 2005
    Posts
    128

    Re: hacking large commercial site

    Originally posted here by listener
    Hello All,

    Is it possible that an enemy could hack a large commercial site where I have an online shop and compromise my email and shopping cart, so that I might be getting traffic and never know about it? I called cust serv of this business (cafepress) and was told that tampering with the site is impossible since it rests on their secure server. Is this so?

    Thanks.
    Listener, also remember, their server maybe completely impenetrable (bear with me here) but a simple email from their Database Admins saying they have lost your records, and could you send them your username and password, or credit card information etc etc

    There a just too many methods of attack to be completely prepared. But as a website dealing with money, they are going to be alot more secure than your best mates phpNuke/BB site running with all defaults...

    Be reliant on the fact they are offering you a service, and will have to (as an internet company) follow certain rules to protect themselves aswell as their clients best interests.

    Be Alert No Alarmed (stupid aussie anti terrorism quote, fits well though)
    http://sfx-images.mozilla.org/affili...88x31/take.gif
    If You\'ve Done Something Right. People Wont Know You\'ve Done Anything At All - God (futurama)

  6. #6
    Junior Member
    Join Date
    Dec 2004
    Posts
    17
    This pretty much sums it up:
    The only system which is truly secure is one which is switched off
    and unplugged, locked in a titanium lined safe, buried in a concrete
    bunker, and is surrounded by nerve gas and very highly paid armed
    guards. Even then I wouldn't stake my life on it.
    -ch4r
    http://binaryuniverse.net
    irc.binaryuniverse.net (#binaryuniverse)

  7. #7
    well i ve heard that there was this company which was hacxked by some hacker and he stole all the transactin numbers and started to black mail the company that if they did not pay him a a hefty amount he would post all the credit card numbers on the net ,

    of course that was a along time ago and the hacker was also caught and put behinde bars

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •