John,
My understanding of the problem is this. They have an open redirector within their domain that will redirect you wherever you want. We are not placing that URL in a black list because it's neither spam nor phishing. But suppose I set up a very convincing fake e-bay site and send a bunch of convincing e-bay type mails to people telling them of the great new auctions now in progress and conveniently provide a link (as e-bay do from time to time). This link goes via their redirector to the fake site where the user name and password are captured.
If they are being really convincing they even redirect you to the correct page having grabbed your identity so you have no idea anything has gone wrong.
Of course they don't have to use this against e-bay. They could attack anyone and as long as we don't block the redirector they can get away with it. I'd suggest blocking the redirector immediately and let e-bay ask to be unblocked but that is a bit harsh given that they have apparently stated they are working on a fix.
Nick
Protect your domain from use by spammers. Set up an SPF record, read more about it here http://spf.pobox.com/.
-----Original Message----- From: John_Delisle@ceridian.ca To: SURBL Discussion list discuss@lists.surbl.org Cc: "SURBL Discussion list" discuss@lists.surbl.org, discuss-bounces@lists.surbl.org Date: Mon, 28 Feb 2005 08:58:38 -0600 Subject: Re: [Maybe spam 71%] Re: [SURBL-Discuss] Re: SP91011 your recent report to eBay's Trustand Safety Department (KMM157050156V37604L0KM)
Your comment re security hole is not accurate. It in no way is a security concern for them. How can this possibly impact, in terms of their security?
Don't get me wrong - this is obnoxious and should be stopped, but it's not a security problem for them. If anything, it's a marketing problem. Spammers will include the ebay domain and brand in their spam. Maybe you'd have better luck contacting their marketing staff in addition to their security people. That's if you can get through the impenetrable wall of outsourced support reps...
John Delisle, CISA Senior Network Analyst, Network and Security Team Information Systems & Technology Management Dept. Ceridian Canada Ltd 600 - 125 Garry St Winnipeg, MB R3C 3P2 204-975-5909
"Kevin A. McGrail" kmcgrail@pccc.com Sent by: discuss-bounces@lists.surbl.org 02/28/2005 08:40 AM Please respond to SURBL Discussion list discuss@lists.surbl.org
To "SURBL Discussion list" discuss@lists.surbl.org cc
Subject [Maybe spam 71%] Re: [SURBL-Discuss] Re: SP91011 your recent report to eBay's Trustand Safety Department (KMM157050156V37604L0KM)
your website. Does this include child pornography or is that only
in
Europe and places where the age of consent for pornography is under
18?
I don't know why you wrote this, but I don't know where in Europe
"consent for
pornography is under 18".
Jose,
I hope you know that I really don't a) believe that Europe is a haven for child porn or b) that eBay promotes it. I encoded the URL myself to prove the point to eBay that this is a huge gaping security hole. I was making ludicrous statements for the purpose of getting eBay's attention and not to be factual.
Sorry for any unintended offense!
Regards, KAM
Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss