Boy that's gonna really suck for all them ransomware kiddies demanding gift cards for the unlock code.
Cybercrooks are using a bot to automate the process of breaking into and draining online gift card accounts. The software nasty, named GiftGhostBot, attempts to steal cash from money-loaded gift cards provided by a variety of retailers around the globe, according to Distil Networks. Any website – from luxury retailers to …
Saturday 25th March 2017 19:36 GMT MNGrrrl
Validation on a magic number alone was stupid even in Roman times. At least they rolled up parchment on a stick to cipher things. And yet here we are.
The companies should be held liable for this kind of criminal stupidity. Even sophisticated encryption still usually has a second form of authentication besides the keys. And we only use stupidly large prime numbers because they are so hard to find. That is the only reason it works. Ccard numbers are largely sequential and very limited in the number of valid possibilities.
I'm disappointed the criminal element took this long. Step up your game people, you're slipping.
Saturday 25th March 2017 23:30 GMT Anonymous Coward
Monday 27th March 2017 09:01 GMT juice
Monday 27th March 2017 12:44 GMT Anonymous Coward
Presumably the submission/validation pages live behind a login wall
I know that wouldn't stop the process but relatively easy to identify the validation of 1.6M codes within one hour across a handful of users and/or control it at the session level via rate limiting. Smash and grab though as they'll take what they have up until the point the application blocks them off.
If not behind a login wall, why not?