Actually, I think the email was pointless.
You're attacking a customer support rep who likely isn't in any way capable of helping you with this problem. I really don't know how you'll get the attention of the appropriate staff at ebay, but you're obviously not talking to the right people. I'd be surprised if this support rep had a escalation path/procedure to contact ebay security staff.
You need to talk to the right people - you're completely wasting your time explaining this to some help desk jockey.
John Delisle, CISA Senior Network Analyst, Network and Security Team Information Systems & Technology Management Dept. Ceridian Canada Ltd 600 - 125 Garry St Winnipeg, MB R3C 3P2 204-975-5909
"Nick Askew" Nick@askew.nl Sent by: discuss-bounces@lists.surbl.org 02/28/2005 03:14 AM Please respond to SURBL Discussion list discuss@lists.surbl.org
To "SURBL Discussion list" discuss@lists.surbl.org cc
Subject Re: [SURBL-Discuss] Re: SP91011 your recent report to eBay's Trust and Safety Department (KMM157050156V37604L0KM)
Kevin,
If you had wanted to "get their attention" you would have been better off creating a web site that looks just like of theirs and harvests log in information. Naturally you would not have done anything with this information but it would have made them realise that they are being dumb about security.
The way forward could perhaps be to wait for the first spammer/phisher to use their URL and then place it on the black list in the way we always used to to with otherwise innocent open relays. I realise that e-bay are not spammers and are just being naive but in the same way open relay operators
were being naive.
Your comments comparing Europeans to child pornographers are, frankly, insulting. I'm not sure where you thought you got your information from about the age of consent but it certainly isn't based on fact.
Nick
Protect your domain from use by spammers. Set up an SPF record, read more about it here http://spf.pobox.com/.
-----Original Message----- From: "Kevin A. McGrail" kmcgrail@pccc.com To: "eBay Customer Support" rswebhelp@ebay.com Cc: SURBL Discussion list discuss@lists.surbl.org Date: Sat, 26 Feb 2005 12:41:55 -0500 Subject: [SURBL-Discuss] Re: SP91011 your recent report to eBay's Trust and Safety Department (KMM157050156V37604L0KM)
Dear eBay:
Wow, your form letter has changed my mind. Your security is perfect. Your commitment to security is stellar. Running an open redirector is a great idea. Sorry I didn't see the light earlier.
However, on a new topic, I was shocked and dismayed that eBay is allowing and assumingly SUPPORTING pornography to be distributed through your website. Does this include child pornography or is that only in Europe and places where the age of consent for pornography is under 18?
Please advise based on the following link from eBay --WARNING: The following pages contains naked photos: http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=RedirectToDomain& DomainUrl=%68%74%74%70%3A%2F%2F%77%77%77%2E%70%65%6E%74%68%6F%75%73%65% 2E%63%6F%6D%2F
What is the meaning of this? eBay is facilitating porn now?
OK, now that I have your attention maybe this extreme last resort will ACTUALLY get you to forward this to someone at your company with an understanding of phishing and security that is slightly higher than the Trust and Safety department?
If not, I give up and wish you well in your support of the child pornography industry that your company is facilitating by turning a blind eye to glaring security issues.
Sincerely, Kevin A. McGrail
----- Original Message ----- From: "eBay Customer Support" rswebhelp@ebay.com To: "Kevin A. McGrail" kmcgrail@pccc.com Sent: Saturday, February 26, 2005 12:06 PM Subject: RE: SP91011 your recent report to eBay's Trust and Safety Department (KMM157050156V37604L0KM)
Hello,
Thank you for writing back.
I truly apologize if you felt we were not concerned about the email
you
received. We are aware of the potential for fraud that these emails pose.
Let me assure you that we do work actively and aggressively in partnership with many agencies, ISP's, and law enforcement groups to investigate these fraudulent entities. Please keep in mind that eBay
is
a public company and not associated with any legislative or police entity. We rely on the same agencies you do to pursue these
fraudulent
activities. We are very much concerned about our member's safety, but
we
cannot control the actions of those intent on committing fraud.
If you have already received a spoofed email once, your email address has already been harvested. Sadly, you may continue to receive
spoofed
emails for some time as these groups migrate from ISP to ISP setting
up
fraudulent sites or sending fraudulent emails.
We advise you to be very cautious of all email messages that ask you
to
submit information such as your credit card number or your email password. eBay (and most other Internet companies) will never ask you for sensitive personal information such as passwords, bank account or credit card numbers, Personal Identification Numbers (PINs), or
Social
Security numbers in an email. If you ever need to provide information
to
eBay please open a new Web browser, type www.ebay.com, and click on
the
"site map" link located at the top the page to access the eBay page
you
need.
To keep your eBay experience safe, we have set up a new tutorial
about
Spoof Emails to educate our members spotting a fake email. To check
it
out, please click on the help link located at the top of all eBay
page.
Once the help window appears, click on the link to eBay's Security Center. From the Security Center you will find a variety of safety related links. On the right hand side you will see a link to "Protect yourself from spoof emails".
Help > Security Center > Protect yourself from spoof emails
Once again, thank you for alerting us to the spoof email you
received.
Your vigilance helps us ensure that eBay remains a safe and vibrant online marketplace.
Regards,
Marcel eBay SafeHarbor Investigations Team ______________________________ eBay Inc. The World's Online MarketplaceĀ®
Important: eBay will not ask you for sensitive personal information (such as your password, credit card and bank account numbers, Social Security numbers, etc.) in an email. Learn more account protection
tips
at:
http://pages.ebay.com/help/confidence/isgw-account-theft-reporting.html
For our latest announcements, please check:
http://www2.ebay.com/aw/announce.shtml _____________________________________________
In order to better serve you, we'd occasionally like to request feedback on our service. If you would rather not participate, please click on the link below and send us an email with the word "REMOVE" in the subject line. If that does not work, please send an email to the email address below. Your request will be processed within 5 days.
mailto:cssremove@ebay.com
Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
_______________________________________________ Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss