[SURBL-Discuss] Re: SP91011 your recent report to eBay's Trust and Safety Department (KMM157050156V37604L0KM)

Doc Schneider maddoc at maddoc.net
Fri Mar 4 18:56:36 CET 2005

This URL made eweek

Here's what their newsletter said about it.

 > ------------------------------------------------------------------------
 > News: Hacked eBay Redirect Becomes Phishing Tool
 > <http://ct.enews.eweek.com/rd/cts?d=186-1727-2-79-274444-194573-0-0-0-1>
 > Online auctioneer eBay, a prime target for phishing schemes, has been
 > used as an unwitting accomplice. A flaw in eBay's server configuration
 > paves the way for spoofing attacks when a specially crafted URL, which
 > is a valid eBay link, is used to redirect users to a malicious Web site.
 > Read about it here.
 > <http://ct.enews.eweek.com/rd/cts?d=186-1727-2-79-274444-194573-0-0-0-1>


Kevin A. McGrail wrote:
> Dear eBay:
> Wow, your form letter has changed my mind.  Your security is perfect.  
> Your commitment to security is stellar.  Running an open redirector is a 
> great idea.  Sorry I didn't see the light earlier.
> However, on a new topic, I was shocked and dismayed that eBay is 
> allowing and assumingly SUPPORTING pornography to be distributed through 
> your website.  Does this include child pornography or is that only in 
> Europe and places where the age of consent for pornography is under 18?
> Please advise based on the following link from eBay --WARNING: The 
> following pages contains naked photos:
> http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=RedirectToDomain&DomainUrl=%68%74%74%70%3A%2F%2F%77%77%77%2E%70%65%6E%74%68%6F%75%73%65%2E%63%6F%6D%2F 
> What is the meaning of this?  eBay is facilitating porn now?
> OK, now that I have your attention maybe this extreme last resort will 
> ACTUALLY get you to forward this to someone at your company with an 
> understanding of phishing and security that is slightly higher than the 
> Trust and Safety department?
> If not, I give up and wish you well in your support of the child 
> pornography industry that your company is facilitating by turning a 
> blind eye to glaring security issues.
> Sincerely,
> Kevin A. McGrail
> ----- Original Message ----- From: "eBay Customer Support" 
> <rswebhelp at ebay.com>
> To: "Kevin A. McGrail" <kmcgrail at pccc.com>
> Sent: Saturday, February 26, 2005 12:06 PM
> Subject: RE: SP91011 your recent report to eBay's Trust and Safety 
> Department (KMM157050156V37604L0KM)
>> Hello,
>> Thank you for writing back.
>> I truly apologize if you felt we were not concerned about the email you
>> received. We are aware of the potential for fraud that these emails
>> pose.
>> Let me assure you that we do work actively and aggressively in
>> partnership with many agencies, ISP's, and law enforcement groups to
>> investigate these fraudulent entities. Please keep in mind that eBay is
>> a public company and not associated with any legislative or police
>> entity. We rely on the same agencies you do to pursue these fraudulent
>> activities. We are very much concerned about our member's safety, but we
>> cannot control the actions of those intent on committing fraud.
>> If you have already received a spoofed email once, your email address
>> has already been harvested. Sadly, you may continue to receive spoofed
>> emails for some time as these groups migrate from ISP to ISP setting up
>> fraudulent sites or sending fraudulent emails.
>> We advise you to be very cautious of all email messages that ask you to
>> submit information such as your credit card number or your email
>> password. eBay (and most other Internet companies) will never ask you
>> for sensitive personal information such as passwords, bank account or
>> credit card numbers, Personal Identification Numbers (PINs), or Social
>> Security numbers in an email. If you ever need to provide information to
>> eBay please open a new Web browser, type www.ebay.com, and click on the
>> "site map" link located at the top the page to access the eBay page you
>> need.
>> To keep your eBay experience safe, we have set up a new tutorial about
>> Spoof Emails to educate our members spotting a fake email. To check it
>> out, please click on the help link located at the top of all eBay page.
>> Once the help window appears, click on the link to eBay's Security
>> Center. From the Security Center you will find a variety of safety
>> related links. On the right hand side you will see a link to "Protect
>> yourself from spoof emails".
>> Help > Security Center > Protect yourself from spoof emails
>> Once again, thank you for alerting us to the spoof email you received.
>> Your vigilance helps us ensure that eBay remains a safe and vibrant
>> online marketplace.
>> Regards,
>> Marcel
>> eBay SafeHarbor
>> Investigations Team
>> ______________________________
>> eBay Inc.
>> The World's Online Marketplace®
>> *******************************************
>> Important: eBay will not ask you for sensitive personal information
>> (such as your password, credit card and bank account numbers, Social
>> Security numbers, etc.) in an email. Learn more account protection tips
>> at:
>> http://pages.ebay.com/help/confidence/isgw-account-theft-reporting.html
>> _____________________________________________
>> For our latest announcements, please check:
>> http://www2.ebay.com/aw/announce.shtml
>> _____________________________________________
>> In order to better serve you, we'd occasionally like to
>> request feedback on our service. If you would rather
>> not participate, please click on the link below and send
>> us an email with the word "REMOVE" in the subject line.
>> If that does not work, please send an email to the
>> email address below. Your request will be processed
>> within 5 days.
>> mailto:cssremove at ebay.com
>> *******************************************
> _______________________________________________
> Discuss mailing list
> Discuss at lists.surbl.org
> http://lists.surbl.org/mailman/listinfo/discuss

More information about the Discuss mailing list