A followup posting:
Date: Fri, 8 Feb 2002 09:08:49 -0800 (PST)
From: Nojan Moshiri
Reply-To: redwood@linex.com
To: Andrej Todosic
Cc: "'bugtraq@securityfocus.com'"
Subject: Re: verisign payment site backdoor ?
Is this a function of Verisign or a function of Address Verification
(AVS) on the credit card side. Credit Card companies use the digits
of your stress address and your zip to validate billing. This may
be true for US citizens only based on verisign's CC verification
company.
If would be good to try five zeros with a US based credit card. If AVS
is being properly used it should no go through.
