tag:blogger.com,1999:blog-6836909.post6995562014381255284..comments2011-08-22T17:27:12.170+05:30Saurabh Nandahttp://www.blogger.com/profile/00867453089820169282noreply@blogger.comBlogger7125tag:blogger.com,1999:blog-6836909.post-16763663085400830362011-08-22T17:27:12.170+05:302011-08-22T17:27:12.170+05:30sa they say that no hack were done bt this is to inform you tat paytm.com<br /><br />latest hack yesterdayAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-6836909.post-21638659716288660952011-08-22T17:24:17.848+05:302011-08-22T17:24:17.848+05:30ccaevenue has low security<br /><br />anyone should tell them to upgrade<br /><br />now hackers are very sharp ,like me and childrens like age of 17 hacking itAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-6836909.post-68976136080778960112011-08-22T17:22:14.371+05:302011-08-22T17:22:14.371+05:30ccavenue is a payment gateway website tat gateways the bank and the website&quot;S<br /><br /><br />it got hacked many timesAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-6836909.post-50333874677229021292011-06-10T17:49:35.160+05:302011-06-10T17:49:35.160+05:30I&#39;m glad that my gyaan helped. Where have you used bcrypt, Srikanth?Saurabh Nandahttp://www.blogger.com/profile/00867453089820169282noreply@blogger.comtag:blogger.com,1999:blog-6836909.post-33210903403619879092011-06-10T17:41:20.727+05:302011-06-10T17:41:20.727+05:30Thanks for the bcrypt thing Saurabh.srikanthhttp://www.blogger.com/profile/15900742782134100536noreply@blogger.comtag:blogger.com,1999:blog-6836909.post-32697665502078086472011-05-08T10:46:37.921+05:302011-05-08T10:46:37.921+05:30Hmm, probably you&#39;re right about the upgrade date, but it could be that the hacker got lazy and looked-up the server ID string on netcraft on 4th may just before publishing the hack. Possible?<br /><br />And yeah, hiding server identification is security 101. Not sure whether that&#39;s part of PCI-DSS or not.Saurabh Nandahttp://www.blogger.com/profile/00867453089820169282noreply@blogger.comtag:blogger.com,1999:blog-6836909.post-35743717302414235882011-05-08T08:08:45.979+05:302011-05-08T08:08:45.979+05:30Good point about MD5 and SHA.<br /><br />The CCAvenue response is preciously what one would have expected. We are like our politicians - always blaming the opposition party for the &quot;mischief&quot;. However I don&#39;t think the interpretation of Netcraft report is correct. Since the last 2 pings are at a difference of 1 year, upgrade could have happened anytime in between. Also have a look at this: http://toolbar.netcraft.com/site_report?url=http://ccavenue.com which shows that Apache was indeed upgraded on another server.<br /><br />Also isn&#39;t it also suggested as part of basic hardening of site that you turn off detailed server headers giving the version of Apache and other installed modules? :)abhayahttp://www.blogger.com/profile/02584059046263945740noreply@blogger.com