I'm familiar with phishing attacks, and social engineering and you are correct - damage would be done to someone, but not ebay. It's not THEIR security problem. It's more a marketing or maybe customer perception problem. For example, if I opened a physical store and called it 'best buy' and asked people to come in and purchase from me, is it a security problem for best buy or a marketing/trademark/legal problem?
I agree the end result is someone is defrauded and someone may think they're looking at ebay but they're not etc. My point is that there is no real security threat TO EBAY so it's not really a security risk for them. The the risk is that the public will think ebay is hosting porn or spam, or maybe someone will convince someone else to given them their ebay credentials, not that ebay will DIRECTLY divulge customer information, DIRECTLY host porn/warez/spam etc etc.
My whole point in this is that to ebay, the risks associated with running a redirector are not that great. It will take a lot to get their attention, and it probably won't happen by talking to some tier 1 help desk guy who exists to shield higher level techs, not to resolve this type of issue. There's NO point explaining it to that guy, tell him to escalate. Tell him to put a manger on the phone etc.
John Delisle, CISA Senior Network Analyst, Network and Security Team Information Systems & Technology Management Dept. Ceridian Canada Ltd 600 - 125 Garry St Winnipeg, MB R3C 3P2 204-975-5909
"Nick Askew" Nick@askew.nl Sent by: discuss-bounces@lists.surbl.org 02/28/2005 09:36 AM Please respond to SURBL Discussion list discuss@lists.surbl.org
To "SURBL Discussion list" discuss@lists.surbl.org cc
Subject Re: [Maybe spam 71%] Re: [SURBL-Discuss] Re: SP91011 your recent report to eBay's Trustand Safety Department (KMM157050156V37604L0KM)
John,
My understanding of the problem is this. They have an open redirector within their domain that will redirect you wherever you want. We are not placing that URL in a black list because it's neither spam nor phishing. But suppose I set up a very convincing fake e-bay site and send a bunch of convincing e-bay type mails to people telling them of the great new auctions now in progress and conveniently provide a link (as e-bay do from time to time). This link goes via their redirector to the fake site where the user name and password are captured.
If they are being really convincing they even redirect you to the correct page having grabbed your identity so you have no idea anything has gone wrong.
Of course they don't have to use this against e-bay. They could attack anyone and as long as we don't block the redirector they can get away with
it. I'd suggest blocking the redirector immediately and let e-bay ask to be unblocked but that is a bit harsh given that they have apparently stated they are working on a fix.
Nick
Protect your domain from use by spammers. Set up an SPF record, read more about it here http://spf.pobox.com/.
-----Original Message----- From: John_Delisle@ceridian.ca To: SURBL Discussion list discuss@lists.surbl.org Cc: "SURBL Discussion list" discuss@lists.surbl.org, discuss-bounces@lists.surbl.org Date: Mon, 28 Feb 2005 08:58:38 -0600 Subject: Re: [Maybe spam 71%] Re: [SURBL-Discuss] Re: SP91011 your recent report to eBay's Trustand Safety Department (KMM157050156V37604L0KM)
Your comment re security hole is not accurate. It in no way is a security concern for them. How can this possibly impact, in terms of their security?
Don't get me wrong - this is obnoxious and should be stopped, but it's not a security problem for them. If anything, it's a marketing problem. Spammers will include the ebay domain and brand in their spam. Maybe you'd have better luck contacting their marketing staff in addition to their security people. That's if you can get through the impenetrable wall of outsourced support reps...
John Delisle, CISA Senior Network Analyst, Network and Security Team Information Systems & Technology Management Dept. Ceridian Canada Ltd 600 - 125 Garry St Winnipeg, MB R3C 3P2 204-975-5909
"Kevin A. McGrail" kmcgrail@pccc.com Sent by: discuss-bounces@lists.surbl.org 02/28/2005 08:40 AM Please respond to SURBL Discussion list discuss@lists.surbl.org
To "SURBL Discussion list" discuss@lists.surbl.org cc
Subject [Maybe spam 71%] Re: [SURBL-Discuss] Re: SP91011 your recent report to eBay's Trustand Safety Department (KMM157050156V37604L0KM)
your website. Does this include child pornography or is that only
in
Europe and places where the age of consent for pornography is under
18?
I don't know why you wrote this, but I don't know where in Europe
"consent for
pornography is under 18".
Jose,
I hope you know that I really don't a) believe that Europe is a haven for child porn or b) that eBay promotes it. I encoded the URL myself to prove the point to eBay that this is a huge gaping security hole. I was making ludicrous statements for the purpose of getting eBay's attention and not to be factual.
Sorry for any unintended offense!
Regards, KAM
Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
_______________________________________________ Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss