[Maybe spam 71%] Re: [SURBL-Discuss] Re: SP91011 your recent report to eBay's Trustand Safety Department (KMM157050156V37604L0KM)

Nick Askew Nick at askew.nl
Mon Feb 28 16:36:54 CET 2005


John,

My understanding of the problem is this. They have an open redirector within 
their domain that will redirect you wherever you want. We are not placing 
that URL in a black list because it's neither spam nor phishing. But suppose 
I set up a very convincing fake e-bay site and send a bunch of convincing 
e-bay type mails to people telling them of the great new auctions now in 
progress and conveniently provide a link (as e-bay do from time to time). 
This link goes via their redirector to the fake site where the user name and 
password are captured.

If they are being really convincing they even redirect you to the correct 
page having grabbed your identity so you have no idea anything has gone 
wrong.

Of course they don't have to use this against e-bay. They could attack 
anyone and as long as we don't block the redirector they can get away with 
it. I'd suggest blocking the redirector immediately and let e-bay ask to be 
unblocked but that is a bit harsh given that they have apparently stated 
they are working on a fix.

Nick

Protect your domain from use by spammers. Set up an SPF record, read more 
about it here http://spf.pobox.com/.

-----Original Message-----
From: John_Delisle at ceridian.ca
To: SURBL Discussion list <discuss at lists.surbl.org>
Cc: "SURBL Discussion list" <discuss at lists.surbl.org>, 
discuss-bounces at lists.surbl.org
Date: Mon, 28 Feb 2005 08:58:38 -0600
Subject: Re: [Maybe spam 71%] Re: [SURBL-Discuss] Re: SP91011 your recent 
report to eBay's   Trustand   Safety Department (KMM157050156V37604L0KM)

> Your comment re security hole is not accurate.  It in no way is a
> security 
> concern for them.  How can this possibly impact, in terms of their 
> security?
> 
> Don't get me wrong - this is obnoxious and should be stopped, but it's
> not 
> a security problem for them.  If anything, it's a marketing problem. 
> Spammers will include the ebay domain and brand in their spam.  Maybe 
> you'd have better luck contacting their marketing staff in addition to 
> their security people.  That's if you can get through the impenetrable 
> wall of outsourced support reps...
> 
> John Delisle, CISA
> Senior Network Analyst, Network and Security Team
> Information Systems & Technology Management Dept.
> Ceridian Canada Ltd
> 600 - 125 Garry St
> Winnipeg, MB
> R3C 3P2
> 204-975-5909
> 
> 
> 
> 
> "Kevin A. McGrail" <kmcgrail at pccc.com> 
> Sent by: discuss-bounces at lists.surbl.org
> 02/28/2005 08:40 AM
> Please respond to
> SURBL Discussion list <discuss at lists.surbl.org>
> 
> 
> To
> "SURBL Discussion list" <discuss at lists.surbl.org>
> cc
> 
> Subject
> [Maybe spam 71%] Re: [SURBL-Discuss] Re: SP91011 your recent report to 
> eBay's  Trustand        Safety Department (KMM157050156V37604L0KM)
> 
> 
> 
> 
> 
> 
> > > your website.  Does this include child pornography or is that only
> in
> > > Europe and places where the age of consent for pornography is under
> 18?
> >
> > I don't know why you wrote this, but I don't know where in Europe 
> "consent
> for
> > pornography is under 18".
> 
> Jose,
> 
> I hope you know that I really don't a) believe that Europe is a haven
> for
> child porn or b) that eBay promotes it.  I encoded the URL myself to
> prove
> the point to eBay that this is a huge gaping security hole.
> I was making ludicrous statements for the purpose of getting eBay's
> attention and not to be factual.
> 
> Sorry for any unintended offense!
> 
> Regards,
> KAM
> 
> _______________________________________________
> Discuss mailing list
> Discuss at lists.surbl.org
> http://lists.surbl.org/mailman/listinfo/discuss
> 
> 
> _______________________________________________
> Discuss mailing list
> Discuss at lists.surbl.org
> http://lists.surbl.org/mailman/listinfo/discuss




More information about the Discuss mailing list