[ale] [Fwd: Account Verification]

Bob Toxen bob at verysecurelinux.com
Fri Oct 3 21:39:36 EDT 2003 

1. Email is NOT secure.
2. Do not trust it.
3. Reread rules #1 & #2.

Assuming that your client system has not been compromised and the server
has not been compromised, neither is Windows, and you've both installed
the SSL patch that came out this week, you can trust HTTPS (SSL-encrypted
HTTP).  This is why any competend online merchant uses only HTTPS to handle
any confidential data.

Never give your social security number or birthday to ANYONE except
legitimate gov'ment types or banks (in person).  Put black electrical
tape over your month and day of birth on your drivers license.

Never respond to any browsing request or phone call from anyone claiming
to be a bank, merchant, etc. needing personal information unless you
initiated the contact to a KNOWN GOOD URL or phone number.  This is a
common and effective fraud (scam).

On Thu, Oct 02, 2003 at 09:56:47PM -0400, James P. Kinney III wrote:
...
> > it asks you for your:

> > ebay id/password
> > credit card information
> > social security #
> > bank checking info (routing/account)
> > drivers license #
...
> > https://scgi.ebay.com/saw-cgi/eBayISAPI.dll?V erifyInform ation
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    This is the text that your browser shows, that appears legitimate

> > <http://scgi.ebay.com:Saw-cgi@69.49.246.84/saw-cgi/eBayISAPI.dll/?VerifyInformation>
                                  ^^^^^^^^^^^^
                                  ^^^^^^^^^^^^
This is the server that you are giving your identity info to.
A reverse DNS lookup does not even identify a authority for this IP.  It's
a well-hidden hacker site.

Even putting the cursor over this causes it to appear to be legitimite,
showing scgi.ebay.com...

And what of Lazarus, I mean, /scgi.ebay.com:Saw-cgi at .  Well that is the
account and password that would be supplied if this was a non-anonymous
FTP login.

Cute, isn't it?

Bob Toxen
bob at verysecurelinux.com               [Please use for email to me]
http://www.verysecurelinux.com        [Network&Linux/Unix security consulting]
http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.

"Microsoft: Unsafe at any clock speed!"
   -- Bob Toxen 10/03/2002

More information about the Ale mailing list