Dear eBay:
Wow, your form letter has changed my mind. Your security is perfect. Your commitment to security is stellar. Running an open redirector is a great idea. Sorry I didn't see the light earlier.
However, on a new topic, I was shocked and dismayed that eBay is allowing and assumingly SUPPORTING pornography to be distributed through your website. Does this include child pornography or is that only in Europe and places where the age of consent for pornography is under 18?
Please advise based on the following link from eBay --WARNING: The following pages contains naked photos: http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=RedirectToDomain&D...
What is the meaning of this? eBay is facilitating porn now?
OK, now that I have your attention maybe this extreme last resort will ACTUALLY get you to forward this to someone at your company with an understanding of phishing and security that is slightly higher than the Trust and Safety department?
If not, I give up and wish you well in your support of the child pornography industry that your company is facilitating by turning a blind eye to glaring security issues.
Sincerely, Kevin A. McGrail
----- Original Message ----- From: "eBay Customer Support" rswebhelp@ebay.com To: "Kevin A. McGrail" kmcgrail@pccc.com Sent: Saturday, February 26, 2005 12:06 PM Subject: RE: SP91011 your recent report to eBay's Trust and Safety Department (KMM157050156V37604L0KM)
Hello,
Thank you for writing back.
I truly apologize if you felt we were not concerned about the email you received. We are aware of the potential for fraud that these emails pose.
Let me assure you that we do work actively and aggressively in partnership with many agencies, ISP's, and law enforcement groups to investigate these fraudulent entities. Please keep in mind that eBay is a public company and not associated with any legislative or police entity. We rely on the same agencies you do to pursue these fraudulent activities. We are very much concerned about our member's safety, but we cannot control the actions of those intent on committing fraud.
If you have already received a spoofed email once, your email address has already been harvested. Sadly, you may continue to receive spoofed emails for some time as these groups migrate from ISP to ISP setting up fraudulent sites or sending fraudulent emails.
We advise you to be very cautious of all email messages that ask you to submit information such as your credit card number or your email password. eBay (and most other Internet companies) will never ask you for sensitive personal information such as passwords, bank account or credit card numbers, Personal Identification Numbers (PINs), or Social Security numbers in an email. If you ever need to provide information to eBay please open a new Web browser, type www.ebay.com, and click on the "site map" link located at the top the page to access the eBay page you need.
To keep your eBay experience safe, we have set up a new tutorial about Spoof Emails to educate our members spotting a fake email. To check it out, please click on the help link located at the top of all eBay page. Once the help window appears, click on the link to eBay's Security Center. From the Security Center you will find a variety of safety related links. On the right hand side you will see a link to "Protect yourself from spoof emails".
Help > Security Center > Protect yourself from spoof emails
Once again, thank you for alerting us to the spoof email you received. Your vigilance helps us ensure that eBay remains a safe and vibrant online marketplace.
Regards,
Marcel eBay SafeHarbor Investigations Team ______________________________ eBay Inc. The World's Online Marketplace®
Important: eBay will not ask you for sensitive personal information (such as your password, credit card and bank account numbers, Social Security numbers, etc.) in an email. Learn more account protection tips at:
http://pages.ebay.com/help/confidence/isgw-account-theft-reporting.html
For our latest announcements, please check:
http://www2.ebay.com/aw/announce.shtml _____________________________________________
In order to better serve you, we'd occasionally like to request feedback on our service. If you would rather not participate, please click on the link below and send us an email with the word "REMOVE" in the subject line. If that does not work, please send an email to the email address below. Your request will be processed within 5 days.
mailto:cssremove@ebay.com
Hello Kevin,
You're right... and wrong...
Kevin A. McGrail wrote:
Dear eBay:
...
your website. Does this include child pornography or is that only in Europe and places where the age of consent for pornography is under 18?
I don't know why you wrote this, but I don't know where in Europe "consent for pornography is under 18".
One consequence of spam is the way one people see other people. Maybe most of spam you receive in US may come from Europe. But the same thing happens on the other side of ocean : ALL pornographic spam we receive here in France come from United States. And I'm not talking about zombies inside american networks, but spam generated at United states. The same apply to drugs without prescription, and other sexual health enhancers.
So, the goal is to fight spammers, not other countries, as does some stupid american provider (verizon), who blacklisted all european IPs.
Regards,
Joe
On Monday, February 28, 2005, 12:48:10 AM, Jose Cruz wrote:
One consequence of spam is the way one people see other people. Maybe most of spam you receive in US may come from Europe. But the same thing happens on the other side of ocean : ALL pornographic spam we receive here in France come from United States. And I'm not talking about zombies inside american networks, but spam generated at United states. The same apply to drugs without prescription, and other sexual health enhancers.
Let's not start a flame war here. Spam comes from anyplace where there's an insecure computer connected the Internet, i.e. everywhere....
For SURBLs we don't really care where spam comes from, just what site it advertises.
Jeff C. -- "If it appears in hams, then don't list it."
your website. Does this include child pornography or is that only in Europe and places where the age of consent for pornography is under 18?
I don't know why you wrote this, but I don't know where in Europe "consent
for
pornography is under 18".
Jose,
I hope you know that I really don't a) believe that Europe is a haven for child porn or b) that eBay promotes it. I encoded the URL myself to prove the point to eBay that this is a huge gaping security hole. I was making ludicrous statements for the purpose of getting eBay's attention and not to be factual.
Sorry for any unintended offense!
Regards, KAM
Your comment re security hole is not accurate. It in no way is a security concern for them. How can this possibly impact, in terms of their security?
Don't get me wrong - this is obnoxious and should be stopped, but it's not a security problem for them. If anything, it's a marketing problem. Spammers will include the ebay domain and brand in their spam. Maybe you'd have better luck contacting their marketing staff in addition to their security people. That's if you can get through the impenetrable wall of outsourced support reps...
John Delisle, CISA Senior Network Analyst, Network and Security Team Information Systems & Technology Management Dept. Ceridian Canada Ltd 600 - 125 Garry St Winnipeg, MB R3C 3P2 204-975-5909
"Kevin A. McGrail" kmcgrail@pccc.com Sent by: discuss-bounces@lists.surbl.org 02/28/2005 08:40 AM Please respond to SURBL Discussion list discuss@lists.surbl.org
To "SURBL Discussion list" discuss@lists.surbl.org cc
Subject [Maybe spam 71%] Re: [SURBL-Discuss] Re: SP91011 your recent report to eBay's Trustand Safety Department (KMM157050156V37604L0KM)
your website. Does this include child pornography or is that only in Europe and places where the age of consent for pornography is under
18?
I don't know why you wrote this, but I don't know where in Europe
"consent for
pornography is under 18".
Jose,
I hope you know that I really don't a) believe that Europe is a haven for child porn or b) that eBay promotes it. I encoded the URL myself to prove the point to eBay that this is a huge gaping security hole. I was making ludicrous statements for the purpose of getting eBay's attention and not to be factual.
Sorry for any unintended offense!
Regards, KAM
_______________________________________________ Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
On Monday, February 28, 2005, 6:58:38 AM, John Delisle wrote:
Your comment re security hole is not accurate. It in no way is a security concern for them. How can this possibly impact, in terms of their security?
In a narrow sense, an open redirector doesn't a direct breech eBay's network or anything like that, but in a more general sense, it is a security problem because it becomes much easier to impersonate their site, do a phish that looks to the casual observer like it goes to eBay, make eBay appear to host objectionable sites, etc. Sometimes it's good to take the 20,000 foot view of things.
Jeff C. -- "If it appears in hams, then don't list it."
John,
My understanding of the problem is this. They have an open redirector within their domain that will redirect you wherever you want. We are not placing that URL in a black list because it's neither spam nor phishing. But suppose I set up a very convincing fake e-bay site and send a bunch of convincing e-bay type mails to people telling them of the great new auctions now in progress and conveniently provide a link (as e-bay do from time to time). This link goes via their redirector to the fake site where the user name and password are captured.
If they are being really convincing they even redirect you to the correct page having grabbed your identity so you have no idea anything has gone wrong.
Of course they don't have to use this against e-bay. They could attack anyone and as long as we don't block the redirector they can get away with it. I'd suggest blocking the redirector immediately and let e-bay ask to be unblocked but that is a bit harsh given that they have apparently stated they are working on a fix.
Nick
Protect your domain from use by spammers. Set up an SPF record, read more about it here http://spf.pobox.com/.
-----Original Message----- From: John_Delisle@ceridian.ca To: SURBL Discussion list discuss@lists.surbl.org Cc: "SURBL Discussion list" discuss@lists.surbl.org, discuss-bounces@lists.surbl.org Date: Mon, 28 Feb 2005 08:58:38 -0600 Subject: Re: [Maybe spam 71%] Re: [SURBL-Discuss] Re: SP91011 your recent report to eBay's Trustand Safety Department (KMM157050156V37604L0KM)
Your comment re security hole is not accurate. It in no way is a security concern for them. How can this possibly impact, in terms of their security?
Don't get me wrong - this is obnoxious and should be stopped, but it's not a security problem for them. If anything, it's a marketing problem. Spammers will include the ebay domain and brand in their spam. Maybe you'd have better luck contacting their marketing staff in addition to their security people. That's if you can get through the impenetrable wall of outsourced support reps...
John Delisle, CISA Senior Network Analyst, Network and Security Team Information Systems & Technology Management Dept. Ceridian Canada Ltd 600 - 125 Garry St Winnipeg, MB R3C 3P2 204-975-5909
"Kevin A. McGrail" kmcgrail@pccc.com Sent by: discuss-bounces@lists.surbl.org 02/28/2005 08:40 AM Please respond to SURBL Discussion list discuss@lists.surbl.org
To "SURBL Discussion list" discuss@lists.surbl.org cc
Subject [Maybe spam 71%] Re: [SURBL-Discuss] Re: SP91011 your recent report to eBay's Trustand Safety Department (KMM157050156V37604L0KM)
your website. Does this include child pornography or is that only
in
Europe and places where the age of consent for pornography is under
18?
I don't know why you wrote this, but I don't know where in Europe
"consent for
pornography is under 18".
Jose,
I hope you know that I really don't a) believe that Europe is a haven for child porn or b) that eBay promotes it. I encoded the URL myself to prove the point to eBay that this is a huge gaping security hole. I was making ludicrous statements for the purpose of getting eBay's attention and not to be factual.
Sorry for any unintended offense!
Regards, KAM
Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
I'm familiar with phishing attacks, and social engineering and you are correct - damage would be done to someone, but not ebay. It's not THEIR security problem. It's more a marketing or maybe customer perception problem. For example, if I opened a physical store and called it 'best buy' and asked people to come in and purchase from me, is it a security problem for best buy or a marketing/trademark/legal problem?
I agree the end result is someone is defrauded and someone may think they're looking at ebay but they're not etc. My point is that there is no real security threat TO EBAY so it's not really a security risk for them. The the risk is that the public will think ebay is hosting porn or spam, or maybe someone will convince someone else to given them their ebay credentials, not that ebay will DIRECTLY divulge customer information, DIRECTLY host porn/warez/spam etc etc.
My whole point in this is that to ebay, the risks associated with running a redirector are not that great. It will take a lot to get their attention, and it probably won't happen by talking to some tier 1 help desk guy who exists to shield higher level techs, not to resolve this type of issue. There's NO point explaining it to that guy, tell him to escalate. Tell him to put a manger on the phone etc.
John Delisle, CISA Senior Network Analyst, Network and Security Team Information Systems & Technology Management Dept. Ceridian Canada Ltd 600 - 125 Garry St Winnipeg, MB R3C 3P2 204-975-5909
"Nick Askew" Nick@askew.nl Sent by: discuss-bounces@lists.surbl.org 02/28/2005 09:36 AM Please respond to SURBL Discussion list discuss@lists.surbl.org
To "SURBL Discussion list" discuss@lists.surbl.org cc
Subject Re: [Maybe spam 71%] Re: [SURBL-Discuss] Re: SP91011 your recent report to eBay's Trustand Safety Department (KMM157050156V37604L0KM)
John,
My understanding of the problem is this. They have an open redirector within their domain that will redirect you wherever you want. We are not placing that URL in a black list because it's neither spam nor phishing. But suppose I set up a very convincing fake e-bay site and send a bunch of convincing e-bay type mails to people telling them of the great new auctions now in progress and conveniently provide a link (as e-bay do from time to time). This link goes via their redirector to the fake site where the user name and password are captured.
If they are being really convincing they even redirect you to the correct page having grabbed your identity so you have no idea anything has gone wrong.
Of course they don't have to use this against e-bay. They could attack anyone and as long as we don't block the redirector they can get away with
it. I'd suggest blocking the redirector immediately and let e-bay ask to be unblocked but that is a bit harsh given that they have apparently stated they are working on a fix.
Nick
Protect your domain from use by spammers. Set up an SPF record, read more about it here http://spf.pobox.com/.
-----Original Message----- From: John_Delisle@ceridian.ca To: SURBL Discussion list discuss@lists.surbl.org Cc: "SURBL Discussion list" discuss@lists.surbl.org, discuss-bounces@lists.surbl.org Date: Mon, 28 Feb 2005 08:58:38 -0600 Subject: Re: [Maybe spam 71%] Re: [SURBL-Discuss] Re: SP91011 your recent report to eBay's Trustand Safety Department (KMM157050156V37604L0KM)
Your comment re security hole is not accurate. It in no way is a security concern for them. How can this possibly impact, in terms of their security?
Don't get me wrong - this is obnoxious and should be stopped, but it's not a security problem for them. If anything, it's a marketing problem. Spammers will include the ebay domain and brand in their spam. Maybe you'd have better luck contacting their marketing staff in addition to their security people. That's if you can get through the impenetrable wall of outsourced support reps...
John Delisle, CISA Senior Network Analyst, Network and Security Team Information Systems & Technology Management Dept. Ceridian Canada Ltd 600 - 125 Garry St Winnipeg, MB R3C 3P2 204-975-5909
"Kevin A. McGrail" kmcgrail@pccc.com Sent by: discuss-bounces@lists.surbl.org 02/28/2005 08:40 AM Please respond to SURBL Discussion list discuss@lists.surbl.org
To "SURBL Discussion list" discuss@lists.surbl.org cc
Subject [Maybe spam 71%] Re: [SURBL-Discuss] Re: SP91011 your recent report to eBay's Trustand Safety Department (KMM157050156V37604L0KM)
your website. Does this include child pornography or is that only
in
Europe and places where the age of consent for pornography is under
18?
I don't know why you wrote this, but I don't know where in Europe
"consent for
pornography is under 18".
Jose,
I hope you know that I really don't a) believe that Europe is a haven for child porn or b) that eBay promotes it. I encoded the URL myself to prove the point to eBay that this is a huge gaping security hole. I was making ludicrous statements for the purpose of getting eBay's attention and not to be factual.
Sorry for any unintended offense!
Regards, KAM
Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
_______________________________________________ Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
Your comment re security hole is not accurate. It in no way is a security concern for them. How can this possibly impact, in terms of their security?
eBay has a responsibility to protect their users and I feel that an open redirector on their servers is a security concern for them. We may have to agree to disagree on that point though as I wasn't trying to drum up dissent here but rather just show some people how ludicrous it is to try and stop SPAM sometimes when you can't even get the support of the companies at the core of the victimization. Truthfully, I though some of the security people here would be able to laugh and commiserate.
Regards, KAM
Hi Kevin,
Kevin A. McGrail wrote:
Jose,
I hope you know that I really don't a) believe that Europe is a haven for child porn or b) that eBay promotes it. I encoded the URL myself to prove the point to eBay that this is a huge gaping security hole. I was making ludicrous statements for the purpose of getting eBay's attention and not to be factual.
This is surely a misunderstanding, but I'd like to make it clear that we all are victims of spammers, and if we shall fight someone, this someone isn't europeans or americans, but spammers. Child porn is something very disgusting, and I don't think americans or europeans are worst than anyone - spammers are worst than any other people.
Sorry for any unintended offense!
I'm not really offended : I'm a brazilian who lives in France... 8-)
Best regards,
Joe
Regards, KAM
Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
Kevin,
If you had wanted to "get their attention" you would have been better off creating a web site that looks just like of theirs and harvests log in information. Naturally you would not have done anything with this information but it would have made them realise that they are being dumb about security.
The way forward could perhaps be to wait for the first spammer/phisher to use their URL and then place it on the black list in the way we always used to to with otherwise innocent open relays. I realise that e-bay are not spammers and are just being naive but in the same way open relay operators were being naive.
Your comments comparing Europeans to child pornographers are, frankly, insulting. I'm not sure where you thought you got your information from about the age of consent but it certainly isn't based on fact.
Nick
Protect your domain from use by spammers. Set up an SPF record, read more about it here http://spf.pobox.com/.
-----Original Message----- From: "Kevin A. McGrail" kmcgrail@pccc.com To: "eBay Customer Support" rswebhelp@ebay.com Cc: SURBL Discussion list discuss@lists.surbl.org Date: Sat, 26 Feb 2005 12:41:55 -0500 Subject: [SURBL-Discuss] Re: SP91011 your recent report to eBay's Trust and Safety Department (KMM157050156V37604L0KM)
Dear eBay:
Wow, your form letter has changed my mind. Your security is perfect. Your commitment to security is stellar. Running an open redirector is a great idea. Sorry I didn't see the light earlier.
However, on a new topic, I was shocked and dismayed that eBay is allowing and assumingly SUPPORTING pornography to be distributed through your website. Does this include child pornography or is that only in Europe and places where the age of consent for pornography is under 18?
Please advise based on the following link from eBay --WARNING: The following pages contains naked photos: http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=RedirectToDomain& DomainUrl=%68%74%74%70%3A%2F%2F%77%77%77%2E%70%65%6E%74%68%6F%75%73%65% 2E%63%6F%6D%2F
What is the meaning of this? eBay is facilitating porn now?
OK, now that I have your attention maybe this extreme last resort will ACTUALLY get you to forward this to someone at your company with an understanding of phishing and security that is slightly higher than the Trust and Safety department?
If not, I give up and wish you well in your support of the child pornography industry that your company is facilitating by turning a blind eye to glaring security issues.
Sincerely, Kevin A. McGrail
----- Original Message ----- From: "eBay Customer Support" rswebhelp@ebay.com To: "Kevin A. McGrail" kmcgrail@pccc.com Sent: Saturday, February 26, 2005 12:06 PM Subject: RE: SP91011 your recent report to eBay's Trust and Safety Department (KMM157050156V37604L0KM)
Hello,
Thank you for writing back.
I truly apologize if you felt we were not concerned about the email
you
received. We are aware of the potential for fraud that these emails pose.
Let me assure you that we do work actively and aggressively in partnership with many agencies, ISP's, and law enforcement groups to investigate these fraudulent entities. Please keep in mind that eBay
is
a public company and not associated with any legislative or police entity. We rely on the same agencies you do to pursue these
fraudulent
activities. We are very much concerned about our member's safety, but
we
cannot control the actions of those intent on committing fraud.
If you have already received a spoofed email once, your email address has already been harvested. Sadly, you may continue to receive
spoofed
emails for some time as these groups migrate from ISP to ISP setting
up
fraudulent sites or sending fraudulent emails.
We advise you to be very cautious of all email messages that ask you
to
submit information such as your credit card number or your email password. eBay (and most other Internet companies) will never ask you for sensitive personal information such as passwords, bank account or credit card numbers, Personal Identification Numbers (PINs), or
Social
Security numbers in an email. If you ever need to provide information
to
eBay please open a new Web browser, type www.ebay.com, and click on
the
"site map" link located at the top the page to access the eBay page
you
need.
To keep your eBay experience safe, we have set up a new tutorial
about
Spoof Emails to educate our members spotting a fake email. To check
it
out, please click on the help link located at the top of all eBay
page.
Once the help window appears, click on the link to eBay's Security Center. From the Security Center you will find a variety of safety related links. On the right hand side you will see a link to "Protect yourself from spoof emails".
Help > Security Center > Protect yourself from spoof emails
Once again, thank you for alerting us to the spoof email you
received.
Your vigilance helps us ensure that eBay remains a safe and vibrant online marketplace.
Regards,
Marcel eBay SafeHarbor Investigations Team ______________________________ eBay Inc. The World's Online Marketplace®
Important: eBay will not ask you for sensitive personal information (such as your password, credit card and bank account numbers, Social Security numbers, etc.) in an email. Learn more account protection
tips
at:
http://pages.ebay.com/help/confidence/isgw-account-theft-reporting.html
For our latest announcements, please check:
http://www2.ebay.com/aw/announce.shtml _____________________________________________
In order to better serve you, we'd occasionally like to request feedback on our service. If you would rather not participate, please click on the link below and send us an email with the word "REMOVE" in the subject line. If that does not work, please send an email to the email address below. Your request will be processed within 5 days.
mailto:cssremove@ebay.com
Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
On Monday, February 28, 2005, 1:14:52 AM, Nick Askew wrote:
If you had wanted to "get their attention" you would have been better off creating a web site that looks just like of theirs and harvests log in information. Naturally you would not have done anything with this information but it would have made them realise that they are being dumb about security.
At this point eBay seems aware of the problem with open redirectors, and they are reportedly working on solutions.
Jeff C. -- "If it appears in hams, then don't list it."
Actually, I think the email was pointless.
You're attacking a customer support rep who likely isn't in any way capable of helping you with this problem. I really don't know how you'll get the attention of the appropriate staff at ebay, but you're obviously not talking to the right people. I'd be surprised if this support rep had a escalation path/procedure to contact ebay security staff.
You need to talk to the right people - you're completely wasting your time explaining this to some help desk jockey.
John Delisle, CISA Senior Network Analyst, Network and Security Team Information Systems & Technology Management Dept. Ceridian Canada Ltd 600 - 125 Garry St Winnipeg, MB R3C 3P2 204-975-5909
"Nick Askew" Nick@askew.nl Sent by: discuss-bounces@lists.surbl.org 02/28/2005 03:14 AM Please respond to SURBL Discussion list discuss@lists.surbl.org
To "SURBL Discussion list" discuss@lists.surbl.org cc
Subject Re: [SURBL-Discuss] Re: SP91011 your recent report to eBay's Trust and Safety Department (KMM157050156V37604L0KM)
Kevin,
If you had wanted to "get their attention" you would have been better off creating a web site that looks just like of theirs and harvests log in information. Naturally you would not have done anything with this information but it would have made them realise that they are being dumb about security.
The way forward could perhaps be to wait for the first spammer/phisher to use their URL and then place it on the black list in the way we always used to to with otherwise innocent open relays. I realise that e-bay are not spammers and are just being naive but in the same way open relay operators
were being naive.
Your comments comparing Europeans to child pornographers are, frankly, insulting. I'm not sure where you thought you got your information from about the age of consent but it certainly isn't based on fact.
Nick
Protect your domain from use by spammers. Set up an SPF record, read more about it here http://spf.pobox.com/.
-----Original Message----- From: "Kevin A. McGrail" kmcgrail@pccc.com To: "eBay Customer Support" rswebhelp@ebay.com Cc: SURBL Discussion list discuss@lists.surbl.org Date: Sat, 26 Feb 2005 12:41:55 -0500 Subject: [SURBL-Discuss] Re: SP91011 your recent report to eBay's Trust and Safety Department (KMM157050156V37604L0KM)
Dear eBay:
Wow, your form letter has changed my mind. Your security is perfect. Your commitment to security is stellar. Running an open redirector is a great idea. Sorry I didn't see the light earlier.
However, on a new topic, I was shocked and dismayed that eBay is allowing and assumingly SUPPORTING pornography to be distributed through your website. Does this include child pornography or is that only in Europe and places where the age of consent for pornography is under 18?
Please advise based on the following link from eBay --WARNING: The following pages contains naked photos: http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=RedirectToDomain& DomainUrl=%68%74%74%70%3A%2F%2F%77%77%77%2E%70%65%6E%74%68%6F%75%73%65% 2E%63%6F%6D%2F
What is the meaning of this? eBay is facilitating porn now?
OK, now that I have your attention maybe this extreme last resort will ACTUALLY get you to forward this to someone at your company with an understanding of phishing and security that is slightly higher than the Trust and Safety department?
If not, I give up and wish you well in your support of the child pornography industry that your company is facilitating by turning a blind eye to glaring security issues.
Sincerely, Kevin A. McGrail
----- Original Message ----- From: "eBay Customer Support" rswebhelp@ebay.com To: "Kevin A. McGrail" kmcgrail@pccc.com Sent: Saturday, February 26, 2005 12:06 PM Subject: RE: SP91011 your recent report to eBay's Trust and Safety Department (KMM157050156V37604L0KM)
Hello,
Thank you for writing back.
I truly apologize if you felt we were not concerned about the email
you
received. We are aware of the potential for fraud that these emails pose.
Let me assure you that we do work actively and aggressively in partnership with many agencies, ISP's, and law enforcement groups to investigate these fraudulent entities. Please keep in mind that eBay
is
a public company and not associated with any legislative or police entity. We rely on the same agencies you do to pursue these
fraudulent
activities. We are very much concerned about our member's safety, but
we
cannot control the actions of those intent on committing fraud.
If you have already received a spoofed email once, your email address has already been harvested. Sadly, you may continue to receive
spoofed
emails for some time as these groups migrate from ISP to ISP setting
up
fraudulent sites or sending fraudulent emails.
We advise you to be very cautious of all email messages that ask you
to
submit information such as your credit card number or your email password. eBay (and most other Internet companies) will never ask you for sensitive personal information such as passwords, bank account or credit card numbers, Personal Identification Numbers (PINs), or
Social
Security numbers in an email. If you ever need to provide information
to
eBay please open a new Web browser, type www.ebay.com, and click on
the
"site map" link located at the top the page to access the eBay page
you
need.
To keep your eBay experience safe, we have set up a new tutorial
about
Spoof Emails to educate our members spotting a fake email. To check
it
out, please click on the help link located at the top of all eBay
page.
Once the help window appears, click on the link to eBay's Security Center. From the Security Center you will find a variety of safety related links. On the right hand side you will see a link to "Protect yourself from spoof emails".
Help > Security Center > Protect yourself from spoof emails
Once again, thank you for alerting us to the spoof email you
received.
Your vigilance helps us ensure that eBay remains a safe and vibrant online marketplace.
Regards,
Marcel eBay SafeHarbor Investigations Team ______________________________ eBay Inc. The World's Online Marketplace®
Important: eBay will not ask you for sensitive personal information (such as your password, credit card and bank account numbers, Social Security numbers, etc.) in an email. Learn more account protection
tips
at:
http://pages.ebay.com/help/confidence/isgw-account-theft-reporting.html
For our latest announcements, please check:
http://www2.ebay.com/aw/announce.shtml _____________________________________________
In order to better serve you, we'd occasionally like to request feedback on our service. If you would rather not participate, please click on the link below and send us an email with the word "REMOVE" in the subject line. If that does not work, please send an email to the email address below. Your request will be processed within 5 days.
mailto:cssremove@ebay.com
Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
_______________________________________________ Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
On Monday, February 28, 2005, 6:54:52 AM, John Delisle wrote:
You need to talk to the right people - you're completely wasting your time explaining this to some help desk jockey.
FWIW I'm told that appropriate people have been spoken with and the problem is being addressed.
Jeff C. -- "If it appears in hams, then don't list it."
John:
You need to talk to the right people - you're completely wasting your time explaining this to some help desk jockey.
Trust me, I tried. If you know how to get to "the right people", let me know. I'd rather not waste my time or theirs either.
In my defense, we see 4 main phishing targets: Suntrust, WAMU, Citibank & eBay. Out of those 4, which one is running a known open redirector that has materialized in spam?
Regards, KAM
This URL made eweek
Here's what their newsletter said about it.
News: Hacked eBay Redirect Becomes Phishing Tool http://ct.enews.eweek.com/rd/cts?d=186-1727-2-79-274444-194573-0-0-0-1 Online auctioneer eBay, a prime target for phishing schemes, has been used as an unwitting accomplice. A flaw in eBay's server configuration paves the way for spoofing attacks when a specially crafted URL, which is a valid eBay link, is used to redirect users to a malicious Web site. Read about it here. http://ct.enews.eweek.com/rd/cts?d=186-1727-2-79-274444-194573-0-0-0-1
-Doc
Kevin A. McGrail wrote:
Dear eBay:
Wow, your form letter has changed my mind. Your security is perfect. Your commitment to security is stellar. Running an open redirector is a great idea. Sorry I didn't see the light earlier.
However, on a new topic, I was shocked and dismayed that eBay is allowing and assumingly SUPPORTING pornography to be distributed through your website. Does this include child pornography or is that only in Europe and places where the age of consent for pornography is under 18?
Please advise based on the following link from eBay --WARNING: The following pages contains naked photos: http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=RedirectToDomain&D...
What is the meaning of this? eBay is facilitating porn now?
OK, now that I have your attention maybe this extreme last resort will ACTUALLY get you to forward this to someone at your company with an understanding of phishing and security that is slightly higher than the Trust and Safety department?
If not, I give up and wish you well in your support of the child pornography industry that your company is facilitating by turning a blind eye to glaring security issues.
Sincerely, Kevin A. McGrail
----- Original Message ----- From: "eBay Customer Support" rswebhelp@ebay.com To: "Kevin A. McGrail" kmcgrail@pccc.com Sent: Saturday, February 26, 2005 12:06 PM Subject: RE: SP91011 your recent report to eBay's Trust and Safety Department (KMM157050156V37604L0KM)
Hello,
Thank you for writing back.
I truly apologize if you felt we were not concerned about the email you received. We are aware of the potential for fraud that these emails pose.
Let me assure you that we do work actively and aggressively in partnership with many agencies, ISP's, and law enforcement groups to investigate these fraudulent entities. Please keep in mind that eBay is a public company and not associated with any legislative or police entity. We rely on the same agencies you do to pursue these fraudulent activities. We are very much concerned about our member's safety, but we cannot control the actions of those intent on committing fraud.
If you have already received a spoofed email once, your email address has already been harvested. Sadly, you may continue to receive spoofed emails for some time as these groups migrate from ISP to ISP setting up fraudulent sites or sending fraudulent emails.
We advise you to be very cautious of all email messages that ask you to submit information such as your credit card number or your email password. eBay (and most other Internet companies) will never ask you for sensitive personal information such as passwords, bank account or credit card numbers, Personal Identification Numbers (PINs), or Social Security numbers in an email. If you ever need to provide information to eBay please open a new Web browser, type www.ebay.com, and click on the "site map" link located at the top the page to access the eBay page you need.
To keep your eBay experience safe, we have set up a new tutorial about Spoof Emails to educate our members spotting a fake email. To check it out, please click on the help link located at the top of all eBay page. Once the help window appears, click on the link to eBay's Security Center. From the Security Center you will find a variety of safety related links. On the right hand side you will see a link to "Protect yourself from spoof emails".
Help > Security Center > Protect yourself from spoof emails
Once again, thank you for alerting us to the spoof email you received. Your vigilance helps us ensure that eBay remains a safe and vibrant online marketplace.
Regards,
Marcel eBay SafeHarbor Investigations Team ______________________________ eBay Inc. The World's Online Marketplace®
Important: eBay will not ask you for sensitive personal information (such as your password, credit card and bank account numbers, Social Security numbers, etc.) in an email. Learn more account protection tips at:
http://pages.ebay.com/help/confidence/isgw-account-theft-reporting.html
For our latest announcements, please check:
http://www2.ebay.com/aw/announce.shtml _____________________________________________
In order to better serve you, we'd occasionally like to request feedback on our service. If you would rather not participate, please click on the link below and send us an email with the word "REMOVE" in the subject line. If that does not work, please send an email to the email address below. Your request will be processed within 5 days.
mailto:cssremove@ebay.com
Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
Hi!
Here's what their newsletter said about it.
News: Hacked eBay Redirect Becomes Phishing Tool http://ct.enews.eweek.com/rd/cts?d=186-1727-2-79-274444-194573-0-0-0-1 Online auctioneer eBay, a prime target for phishing schemes, has been used as an unwitting accomplice. A flaw in eBay's server configuration paves the way for spoofing attacks when a specially crafted URL, which is a valid eBay link, is used to redirect users to a malicious Web site. Read about it here. http://ct.enews.eweek.com/rd/cts?d=186-1727-2-79-274444-194573-0-0-0-1
Perhaps Cnet could also close theirs, we have seen a load of com.com crap redirects the last days.
Bye, Raymond.
On Friday, March 4, 2005, 11:46:10 AM, Raymond Dijkxhoorn wrote:
Perhaps Cnet could also close theirs, we have seen a load of com.com crap redirects the last days.
Hmm, can you post some (munged or URI) examples and let us all contact them about it?
Jeff C. -- "If it appears in hams, then don't list it."
Jeff Chan wrote:
On Friday, March 4, 2005, 11:46:10 AM, Raymond Dijkxhoorn wrote:
Perhaps Cnet could also close theirs, we have seen a load of com.com crap redirects the last days.
Hmm, can you post some (munged or URI) examples and let us all contact them about it?
got LOTS like these to give away.
<a href=http://dw.com. com/redir?tag=besides_away&destUrl=zmop%2e%67%6fw%65s%74%61%6ed%67e%746%39%2e%63%6f%6D target=_blank><font size=5 color=1C1CFF><u><b>0rdeer meds at Discouunt here changed</font></b></u></a>
h2h
Alex
Hi!
Perhaps Cnet could also close theirs, we have seen a load of com.com crap redirects the last days.
Hmm, can you post some (munged or URI) examples and let us all contact them about it?
got LOTS like these to give away.
<a href=http://dw.com. com/redir?tag=besides_away&destUrl=zmop%2e%67%6fw%65s%74%61%6ed%67e%746%39%2e%63%6f%6D target=_blank><font size=5 color=1C1CFF><u><b>0rdeer meds at Discouunt here changed</font></b></u></a>
And their abuse doesnt even respond, so perhaps someone with clue is reading along ;)
Bye, Raymond.
On Friday, March 4, 2005, 12:43:34 PM, Raymond Dijkxhoorn wrote:
Hi!
Perhaps Cnet could also close theirs, we have seen a load of com.com crap redirects the last days.
Hmm, can you post some (munged or URI) examples and let us all contact them about it?
got LOTS like these to give away.
<a href=http://dw.com. com/redir?tag=besides_away&destUrl=zmop%2e%67%6fw%65s%74%61%6ed%67e%746%39%2e%63%6f%6D target=_blank><font size=5 color=1C1CFF><u><b>0rdeer meds at Discouunt here changed</font></b></u></a>
And their abuse doesnt even respond, so perhaps someone with clue is reading along ;)
Please post some example and we'll try to reach cnet.
Cheers,
Jeff C. -- "If it appears in hams, then don't list it."
Hi!
<a href=http://dw.com. com/redir?tag=besides_away&destUrl=zmop%2e%67%6fw%65s%74%61%6ed%67e%746%39%2e%63%6f%6D target=_blank><font size=5 color=1C1CFF><u><b>0rdeer meds at Discouunt here changed</font></b></u></a>
And their abuse doesnt even respond, so perhaps someone with clue is reading along ;)
Please post some example and we'll try to reach cnet.
Look above there is a example ;) Alex could you zip up the rest also?
Bye, Raymond.
Jeff Chan wrote:
On Friday, March 4, 2005, 12:43:34 PM, Raymond Dijkxhoorn wrote:
Hi!
Perhaps Cnet could also close theirs, we have seen a load of com.com crap redirects the last days.
Hmm, can you post some (munged or URI) examples and let us all contact them about it?
got LOTS like these to give away.
<a href=http://dw.com. com/redir?tag=besides_away&destUrl=zmop%2e%67%6fw%65s%74%61%6ed%67e%746%39%2e%63%6f%6D target=_blank><font size=5 color=1C1CFF><u><b>0rdeer meds at Discouunt here changed</font></b></u></a>
And their abuse doesnt even respond, so perhaps someone with clue is reading along ;)
Please post some example and we'll try to reach cnet.
<a href=http://dw.com.com/redir?tag=say_understand&destUrl=dfdat%2e%74he%6E%6C%6... target=_blank><font size=5 color=1C1CFF><u><b>0rdeer meds at Disscount here describe</font></b></u></a><br><br>
<a href=http://dw.com.com/redir?tag=happen_benefit&destUrl=rrypb%2ego%77e%73t%61... target=_blank><font size=5 color=1C1CFF><u><b>0rdeer meds at Discouunt here slow</font></b></u></a><br><br>
<a href=http://dw.com.com/redir?tag=writing_hurrying&destUrl=onsql%2ego%77%65sta... target=_blank><font size=5 color=1C1CFF><u><b>0rdeer meds at Discouunt here luck</font></b></u></a><br><br>
<a href=http://dw.com.com/redir?tag=pay_master&destUrl=lbyc%2e%6f%72%64e%72l%65g... target=_blank><font size=5 color=1C1CFF><u><b>0rdeer meds at Disscount here how</font></b></u></a><br><br>
If you need more..... let me know. got a few hundred spams using that pattern
h2h
Alex