Quote:
Originally Posted by TheDoc
Smokey, for your CC theory to work in NATS you could only change the post url in the join form.
|
and thats not enough ?
Quote:
Originally Posted by TheDoc
Everything else is to wrapped around nats and would break something big enough you would notice.
|
seems like losing your master password list would be noticed as well , or an admin logging onto multiple sponsors hundreds of times per day for weeks
Quote:
Originally Posted by TheDoc
NATS doesn't store, record, pass through, or even see/touch/smell any credit card data.
|
and yet using the method i mentioned above, its very possible for a hacker to inject code using the nats admin password that would steal credit card numbers.
my point is exactly how i stated it above. There is NO indication any credit card information was compromised .
In order to RULE out this , every nats sponsor should have a security audit done. i would feel unsafe with the statement that "no credit card information was compromised" because it just hasn't been established yet.
Personally if i was nats i would pay to have each of their clients security audited so they CAN say that no credit card info was compromised, until then its just a guess ( and not very wise one either i would think )