Print PDF
Favorite
Email
This instructable has been removed by the author.
105
comments
|
Add Comment
|
| 1-50 of 105 | next » |
Oct 29, 2008. 12:13 PMoaey
says:
best paypal ( paypalsploit 5.2 ) and libertyreserve (xt-libertyreservehack 9.1) hacking software
visit this site http://xt-hackgold.com
recomended
visit this site http://xt-hackgold.com
recomended
Jun 13, 2009. 10:20 PMNaotakkun
says:
That works very rarely. Most systems automatically correct these errors. My paypal account was banned for it. . . AND i was still charged! -if that even matters- :P
Jun 8, 2009. 5:10 AMjoneljavellana
says:
is this for real?? its all illegal?? woooo! cool stuff! but making money through illegal is worst, you get ur self into death. anyway. want to have legal and good income as this 100% for free for 7 days here's my site: www.worldmoney.ws p.s- money is worth keeping for good...Godbless
Feb 11, 2009. 9:29 PMScienceWiz
says:
OMG!!! I KNOW THAT SITE HEHEHE Wondering if it actualy works, has anyone tried it, and, assuming its illeagal, has anyone been cought?? Great instructable!!!
May 21, 2009. 8:28 AM11221
says:
It dont say that on mine will it work on vistaprint.com? some 1 tell me somewebsites wat it will work on thanks
May 20, 2009. 6:41 PMbcarl6
says:
hey guys. I was thinking about this and how to not get caught. You can just download Tor, which is an internet proxy program which for all you people who don't know what it is, it disguises your ip address online. So, if you really want to go deep, start up tor and sign up for a paypal account and do this whole hack while tor is running. And, fill in fake information (but I don't really know what to do about the address... some one can figure it out) to make sure that people can not trace you. There you go. just my personal thoughts. anyone correct me if I'm wrong
May 5, 2009. 3:24 AMeller
says:
this has worked for me on one site so far the item has been dispatched and is being shipped according to my status update. i have tried it on a couple of site but alot of them say there was a problem with the payment system please use another method of payment. some who are not automated have sent me an invoice for the rest of the amount to be paid but i have just cancelled tthe order. none of them have realised what has happend they think there has just been an error with the checkout. i have one problem though on some sites when the tamper box comes up it comes up blank so i have to press the x and cannot press tamper. this box is usually when the amount should come up so i cannot tamper with the price of the item. does anybody know why this is and weather i can do anything about it?
Apr 14, 2009. 5:57 PMsteed1172
says:
just one thing..... i didn't see the thing where it says use at own risk.. i mean ur flipping scamming people out of money... you get cought... you gunna do time(in jail!!!)
Feb 5, 2009. 1:45 PMthami
says:
the tutorial doesent work for me. I go to the site smartstuffer.com. then i go to the tamper data. i dont see the amount and anything. can you help me ???? Thanks Thami
Jan 15, 2009. 8:22 AMjordy.boy.ghetto
says:
how come when it dont show up to change the shipping value, and the AMOUNT...and the rest.....im not doing it right.........HELP?
Jan 9, 2009. 1:10 AMmzmaker
says:
Wow this is so much fun... Is incredible what dumb people would do..
May 23, 2008. 3:49 PMprc123
says:
I have been caught and i got an email that said this: Peter Clark: You have purposely attempted to defraud this company by manipulating the post form via are payment system. This constitutes retail fraud, interruption of business, wire fraud, and theft. The cost of dealing with this is significant, in addition to losses we incur. You have also provided your full contact information and address and email. And we have secured your IP Address during the transaction. In addition you provided a credit card or check with PayPal or Verisign. Thanks for the proof of the crime. This information will be forwarded to the authorities in one week, specifically the Federal Bureau of Investigation, Interpol, and the Secret Service-which handles wire fraud. Expect to spend the night or weekend in jail, initially before you are sentenced. We will seek the maximum penalty under the law including the maximum fine and the maximum prison time. If this is all just a misunderstanding and you completed the order incorrectly on accident, etc, then you must complete the order for the original products and quantities within 7 days and the matter will be closed. We have your order info in the database and you will automatically be exempt if the email and order qty's are the same as the incorrect order. If you do not complete the order properly, then it is clear that you were trying to defraud us and your information will be supplied to the authorities they don't care if you actually buy the product after because they think it was just like a glitch or something
Dec 31, 2008. 1:16 PMyx516
says:
Wow, well anyone else who, like me, doesn't care about getting caught
Speedy toys sells airsoft weapons and are exploitable.
I am looking for a clothing or knife store that is exploitable.
Best regards yx516
Speedy toys sells airsoft weapons and are exploitable.
I am looking for a clothing or knife store that is exploitable.
Best regards yx516
Dec 13, 2008. 8:29 AMomnibot
says:
Then you get Firefox and stop getting annoying pop-ups and viruses.
Sep 6, 2008. 1:31 AMdippytard
says:
ur not supposed to send this to real people becuse theyll receive a emailsaying u hav received 0.01 dollars and theyll probably report u =P
Hi everyone!
I'm going to leave this one up because I feel the best way to close security flaws is to expose them to daylight. This reminds me of the Security Analysis of the Diebold AccuVote-TS Voting Machine. While this Instructable clearly isn't as well written as the Princeton paper, and the intent seems to be more on the negative than the positive side, it still exposes a flaw and encourages PayPal to fix it.
Tamper Data seems to be an interesting extension. I wonder what other things it can do?
I'm going to leave this one up because I feel the best way to close security flaws is to expose them to daylight. This reminds me of the Security Analysis of the Diebold AccuVote-TS Voting Machine. While this Instructable clearly isn't as well written as the Princeton paper, and the intent seems to be more on the negative than the positive side, it still exposes a flaw and encourages PayPal to fix it.
Tamper Data seems to be an interesting extension. I wonder what other things it can do?
Jul 12, 2008. 12:51 PMEstwald
says:
ewilhelm, You might reconsider. An aggressive prosecutor might go after Instructables for "aiding and abetting". As Instructables is an organization or company, RICO statutes could be applied. Though IANAL, I believe leaving this up puts Instructables at serious risk.
Aug 22, 2008. 2:48 PMGrey_Wolfe
says:
I'm pretty sure aiding and abetting implies an already commited crime and the assisting in escape from punishment. But, that aside, it is not illegal to educate anyone in how to break the law. That is the freedom of press and speech. It is the responsibility of the reader to not use the information in an inappropriate manner. The 'man' does however pay extra attention to the individuals researching such information. And holds a list of these individuals in case a related perpetration occurs. This is especially true of explosives. Even library check outs are kept track of.
Dec 25, 2008. 10:47 AMjillg
says:
yeah, just like its not illegal to buy speed trap detectors, just to use them
Jan 5, 2008. 4:21 PMvavud
says:
Good one!. I thought at first it shold be removed but your reasoning is more sound. Leave it to expose this rort to re-check their security. There's no bending the laws. This is morally wrong!
This reminds me of the Security Analysis of the Diebold AccuVote-TS Voting Machine.
I respectfully disagree, and here's why:
1) In a typical "white hat" hacking scenario, it's considered good form to approach the vendor with any security issues before releasing significant details to the public. Releasing details of an exploit to the public (or threatening to) is usually the measure of last resort used to strong-arm vendors who refuse to issue fixes. In the case of the Princeton paper there has been an ongoing denial on the part of Diebold that security flaws exist. Was PayPal even given a chance to respond to this alleged security flaw?
2) The authors of the Princeton paper withheld key details that would be needed to actually exploit the vulnerabilities they describe. This write-up does not show similar restraint. In fact, it seems to be nothing but a description of how to exploit the vulnerability. There is really no security analysis to speak of.
Also, from vicarious experience, I can tell you that revealing security exploits can be more trouble than it's worth. If you have to hire an attorney to respond to legal threats (even if those threats are totally bogus), it's going to cost you several hundred dollars an hour. In the case of the Princeton paper they reveal security flaws that may undermine a core element of our electoral process. In this case you're revealing a security flaw that lets people steal things. Honestly, if it were me, that's not something I'd be willing to go to bat for.
I respectfully disagree, and here's why:
1) In a typical "white hat" hacking scenario, it's considered good form to approach the vendor with any security issues before releasing significant details to the public. Releasing details of an exploit to the public (or threatening to) is usually the measure of last resort used to strong-arm vendors who refuse to issue fixes. In the case of the Princeton paper there has been an ongoing denial on the part of Diebold that security flaws exist. Was PayPal even given a chance to respond to this alleged security flaw?
2) The authors of the Princeton paper withheld key details that would be needed to actually exploit the vulnerabilities they describe. This write-up does not show similar restraint. In fact, it seems to be nothing but a description of how to exploit the vulnerability. There is really no security analysis to speak of.
Also, from vicarious experience, I can tell you that revealing security exploits can be more trouble than it's worth. If you have to hire an attorney to respond to legal threats (even if those threats are totally bogus), it's going to cost you several hundred dollars an hour. In the case of the Princeton paper they reveal security flaws that may undermine a core element of our electoral process. In this case you're revealing a security flaw that lets people steal things. Honestly, if it were me, that's not something I'd be willing to go to bat for.
Great points.
I'll admit that the Princeton paper was a bit of a stretch. Perhaps the U-lock pen hack would have been a better example. In any case, I did mean remind rather than "is directly analogous to".
I agree with your first point. However, it's the author's choice to publish it, and considering the author seems to be silent on this issue so far, we can only make assumptions. I will admit that the tone of the Instructable indicates a pretty clear answer. Since this was published and presumably there are already copies of it across the internet, whether PayPal was contacted is water under the bridge for the question of whether I should leave it published.
Your second point directly addresses whether I should leave it or not. I made my decision based on two thoughts: Potential damage and credibility.
The level of potential damage from this hack seems low. No one's life is in danger, there's a substantial paper trail left when someone does this so it's easy to find the culprits, and PayPal's reputation hinges on their system being robust to these types of attacks. I bet PayPal will refund the full amount that anyone loses to this.
If the author had posted an Instructable saying "I can steal from PayPal" but didn't give details no one would believe it and I would have unpublished the Instructable for lack of instruction. I'm going out on the limb here, but it's my guess that if the author had sent these instructions to PayPal's customer support, they would have been lost in multiple layers of management and not acted on in a timely fashion. Sadly, that experiment can't be run this time round.
So, that brings me to the point. When an individual finds a security hole, and he doesn't have the credibility to directly affect the holder of that security nor the credibility to publish without complete instructions and be believed, what options does he have?
I don't know the answer, and obviously I'm experimenting here with what the Instructables community finds acceptable. I continue to think this a great test case for these questions, though - no has to use PayPal, the potential damage is low, and no lives are at stake.
Imagine what this debate would be like if we were talking about "hack the Golden Gate to fall down." I'm gonna go add that phrase to our Instructable-spam-filter right now, just in case.
I'll admit that the Princeton paper was a bit of a stretch. Perhaps the U-lock pen hack would have been a better example. In any case, I did mean remind rather than "is directly analogous to".
I agree with your first point. However, it's the author's choice to publish it, and considering the author seems to be silent on this issue so far, we can only make assumptions. I will admit that the tone of the Instructable indicates a pretty clear answer. Since this was published and presumably there are already copies of it across the internet, whether PayPal was contacted is water under the bridge for the question of whether I should leave it published.
Your second point directly addresses whether I should leave it or not. I made my decision based on two thoughts: Potential damage and credibility.
The level of potential damage from this hack seems low. No one's life is in danger, there's a substantial paper trail left when someone does this so it's easy to find the culprits, and PayPal's reputation hinges on their system being robust to these types of attacks. I bet PayPal will refund the full amount that anyone loses to this.
If the author had posted an Instructable saying "I can steal from PayPal" but didn't give details no one would believe it and I would have unpublished the Instructable for lack of instruction. I'm going out on the limb here, but it's my guess that if the author had sent these instructions to PayPal's customer support, they would have been lost in multiple layers of management and not acted on in a timely fashion. Sadly, that experiment can't be run this time round.
So, that brings me to the point. When an individual finds a security hole, and he doesn't have the credibility to directly affect the holder of that security nor the credibility to publish without complete instructions and be believed, what options does he have?
I don't know the answer, and obviously I'm experimenting here with what the Instructables community finds acceptable. I continue to think this a great test case for these questions, though - no has to use PayPal, the potential damage is low, and no lives are at stake.
Imagine what this debate would be like if we were talking about "hack the Golden Gate to fall down." I'm gonna go add that phrase to our Instructable-spam-filter right now, just in case.
Jan 29, 2007. 1:26 PMtrebuchet03
says:
aha! I'm wrong again :P But that's okay.... As a side note, I've been talking with my old boss man.... While I can't say how they're able to catch this sort of thing.... I will say it's easier than dealing with database injection...
Jul 28, 2008. 8:25 PMScienceWiz
says:
OMG FINAL another use for my tamper data add-on! I was getting tired of hacking my way to the top of flash games BORING!!! AWSUM INSTRUCTABLE I LUV YOU!!!!!!!!!!
Jul 24, 2008. 4:08 PMJustMe7
says:
lol.....the FBI? That right there guarantees that it is utter BS. I can say with confidence that the FBI will not investigate such small time acts. If you've using this method to steal thousands and thousands of dollars, you might have an issue, but a couple bucks here and there.....you'd be lucky to even have your local PD take on such a case.
Jan 31, 2008. 11:24 AMKaspar389
says:
Dam. I made like 10 purchases. Now paypal limited my account, asking why I made so many low ammount purchases. I dont know what to say :-( Anyone have suggestions on what to say?
Jul 6, 2008. 6:50 AMbrimckeon
says:
Just say that you bought sumtin cool nd told ur friends, nd dey asked you to order them some too.
Jul 5, 2008. 1:25 PMthinker
says:
low income, your money, you dont have to make high cost purchases legally, and im pretty sure under their terms and conditions they cant remove the account just for low cost purchases etc
Jul 7, 2008. 8:38 PMconrad2468
says:
lol unitednuclear.com i guessed it from the start! ill notify them
Jul 12, 2008. 12:30 PMEstwald
says:
Reply fromUnited Nuclear after being alerted: Thanks, we do already know about it. We've been working with the FBI for some time now and have apprehended 4 people so far, all charged with Felony Internet Wire Fraud. All get jail time even for the first offense. We're basically going on with business as usual and each fraud payment that comes in just gets automatically routed to the Feds for prosecution. We got another one yesterday which is in process. Thanks though for the info and web page.... So...you gotta ask yourself, "Do I feel lucky ?' Well do ya ....punk ?
Jul 12, 2008. 2:12 PMconrad2468
says:
Lol i got the same message after i emailed them lol except for the john wayne quote
Jul 12, 2008. 10:15 PMEstwald
says:
I put the quote in, and its Clint Eastwood in "Dirty Harry" that the quote is from.
| 1-50 of 105 | next » |
 |
