Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: NANOG: users

EBAY and AMAZON

 

 

First page Previous page 1 2 Next page Last page  View All NANOG users RSS feed   Index | Next | Previous | View Threaded


ralph.brandt at pateam

Jun 11, 2012, 10:27 AM

Post #1 of 31 (2161 views)
Permalink
EBAY and AMAZON

I have received bogus emails from both of the above on Friday.

These look like I bought something that in both cases I did not buy.
The EBAY was a golf club for $887 and the Amazon was a novel for $82,
far more than I would have spent on either.

I think I looked at the novel on Amazon and I remember the golf club
came up on a search with something else on Ebay.

How this information could get to someone spoofing is a little
disconcerting.

I have changed EBAY and Paypal Passwords as instructed.


Ralph Brandt
Communications Engineer
HP Enterprise Services
Telephone +1 717.506.0802
FAX +1 717.506.4358
Email Ralph.Brandt [at] pateam
5095 Ritter Rd
Mechanicsburg PA 17055


nick at flhsi

Jun 11, 2012, 11:05 AM

Post #2 of 31 (2098 views)
Permalink
re: EBAY and AMAZON [In reply to]

I think it might just be coincidence. I've gotten about 10 of them and
haven't been to ebay or amazon in months.
Most of them have been for >60 dollar books.

Nick Olsen
Network Operations (855) FLSPEED x106

----------------------------------------
From: "Brandt, Ralph" <ralph.brandt [at] pateam>
Sent: Monday, June 11, 2012 1:28 PM
To: nanog [at] nanog
Subject: EBAY and AMAZON

I have received bogus emails from both of the above on Friday.

These look like I bought something that in both cases I did not buy.
The EBAY was a golf club for $887 and the Amazon was a novel for $82,
far more than I would have spent on either.

I think I looked at the novel on Amazon and I remember the golf club
came up on a search with something else on Ebay.

How this information could get to someone spoofing is a little
disconcerting.

I have changed EBAY and Paypal Passwords as instructed.

Ralph Brandt
Communications Engineer
HP Enterprise Services
Telephone +1 717.506.0802
FAX +1 717.506.4358
Email Ralph.Brandt [at] pateam
5095 Ritter Rd
Mechanicsburg PA 17055


scott.brim at gmail

Jun 11, 2012, 11:07 AM

Post #3 of 31 (2106 views)
Permalink
Re: EBAY and AMAZON [In reply to]

I think it's a troll, trying to shock you into clicking on something.

On Mon, Jun 11, 2012 at 2:05 PM, Nick Olsen <nick [at] flhsi> wrote:

> I think it might just be coincidence. I've gotten about 10 of them and
> haven't been to ebay or amazon in months.
> Most of them have been for >60 dollar books.
>
> Nick Olsen
> Network Operations (855) FLSPEED x106
>
> ----------------------------------------
> From: "Brandt, Ralph" <ralph.brandt [at] pateam>
> Sent: Monday, June 11, 2012 1:28 PM
> To: nanog [at] nanog
> Subject: EBAY and AMAZON
>
> I have received bogus emails from both of the above on Friday.
>
> These look like I bought something that in both cases I did not buy.
> The EBAY was a golf club for $887 and the Amazon was a novel for $82,
> far more than I would have spent on either.
>
> I think I looked at the novel on Amazon and I remember the golf club
> came up on a search with something else on Ebay.
>
> How this information could get to someone spoofing is a little
> disconcerting.
>
> I have changed EBAY and Paypal Passwords as instructed.
>
> Ralph Brandt
> Communications Engineer
> HP Enterprise Services
> Telephone +1 717.506.0802
> FAX +1 717.506.4358
> Email Ralph.Brandt [at] pateam
> 5095 Ritter Rd
> Mechanicsburg PA 17055
>
>
>


james.cutler at consultant

Jun 11, 2012, 11:22 AM

Post #4 of 31 (2108 views)
Permalink
Re: EBAY and AMAZON [In reply to]

Examination of the raw messages confirms phishing messages. Visible URLS do not match effective URLs.

On Jun 11, 2012, at 2:07 PM, Scott Brim wrote:

> I think it's a troll, trying to shock you into clicking on something.

James R. Cutler
james.cutler [at] consultant

-top posted by OS X Mail


sparctacus at gmail

Jun 11, 2012, 11:37 AM

Post #5 of 31 (2100 views)
Permalink
Re: EBAY and AMAZON [In reply to]

Yup. They hope that the message contents are a coincidence and scare
you into seeing (i.e. clicking on..) what's it's about.

This happened to me a few years ago where I changed my ebay password,
and about 30 minutes later got a phishing email that my password
change failed. So I clicked the link and re-did it. As soon as I
clicked on the submit button I noticed that the URl I was forwarded to
was to some server in Russia. /facepalm.

I went and sheepishly changed my ebay password AGAIN that very moment,
with a bit of awe towards the clever con I had fallen into. Luckily I
noticed. But how many others didn't?

-B

On Mon, Jun 11, 2012 at 11:07 AM, Scott Brim <scott.brim [at] gmail> wrote:
> I think it's a troll, trying to shock you into clicking on something.
>
> On Mon, Jun 11, 2012 at 2:05 PM, Nick Olsen <nick [at] flhsi> wrote:
>
>> I think it might just be coincidence. I've gotten about 10 of them and
>> haven't been to ebay or amazon in months.
>> Most of them have been for >60 dollar books.
>>
>> Nick Olsen
>> Network Operations (855) FLSPEED  x106
>>
>> ----------------------------------------
>>  From: "Brandt, Ralph" <ralph.brandt [at] pateam>
>> Sent: Monday, June 11, 2012 1:28 PM
>> To: nanog [at] nanog
>> Subject: EBAY and AMAZON
>>
>> I have received bogus emails from both of the above on Friday.
>>
>> These look like I bought something that in both cases I did not buy.
>> The EBAY was a golf club for $887 and the Amazon was a novel for $82,
>> far more than I would have spent on either.
>>
>> I think I looked at the novel on Amazon and I remember the golf club
>> came up on a search with something else on Ebay.
>>
>> How this information could get to someone spoofing is a little
>> disconcerting.
>>
>> I have changed EBAY and Paypal Passwords as instructed.
>>
>> Ralph Brandt
>> Communications Engineer
>> HP Enterprise Services
>> Telephone +1 717.506.0802
>> FAX +1 717.506.4358
>> Email Ralph.Brandt [at] pateam
>> 5095 Ritter Rd
>> Mechanicsburg PA 17055
>>
>>
>>


bkain1 at ford

Jun 11, 2012, 11:39 AM

Post #6 of 31 (2099 views)
Permalink
RE: EBAY and AMAZON [In reply to]

I have gotten them from "amazon" stating "order number X was cancelled and please click on the below file for more information". Because I order so much on amazon, I almost thought it was real and clicked on it but then went to the amazon site and looked at "my open orders". It always pays to goto the site, not believe email.


-----Original Message-----
From: Nick Olsen [mailto:nick [at] flhsi]
Sent: Monday, June 11, 2012 2:06 PM
To: Brandt, Ralph; nanog [at] nanog
Subject: re: EBAY and AMAZON

I think it might just be coincidence. I've gotten about 10 of them and
haven't been to ebay or amazon in months.
Most of them have been for >60 dollar books.

Nick Olsen
Network Operations (855) FLSPEED x106

----------------------------------------
From: "Brandt, Ralph" <ralph.brandt [at] pateam>
Sent: Monday, June 11, 2012 1:28 PM
To: nanog [at] nanog
Subject: EBAY and AMAZON

I have received bogus emails from both of the above on Friday.

These look like I bought something that in both cases I did not buy.
The EBAY was a golf club for $887 and the Amazon was a novel for $82,
far more than I would have spent on either.

I think I looked at the novel on Amazon and I remember the golf club
came up on a search with something else on Ebay.

How this information could get to someone spoofing is a little
disconcerting.

I have changed EBAY and Paypal Passwords as instructed.

Ralph Brandt
Communications Engineer
HP Enterprise Services
Telephone +1 717.506.0802
FAX +1 717.506.4358
Email Ralph.Brandt [at] pateam
5095 Ritter Rd
Mechanicsburg PA 17055


goemon at anime

Jun 11, 2012, 12:39 PM

Post #7 of 31 (2092 views)
Permalink
Re: EBAY and AMAZON [In reply to]

Sometimes I wonder how many nanog'ers would fall for a phishing email sent
to this DL. I suspect the number is more than 0.

-Dan

On Mon, 11 Jun 2012, Bryan Irvine wrote:

> Yup. They hope that the message contents are a coincidence and scare
> you into seeing (i.e. clicking on..) what's it's about.
>
> This happened to me a few years ago where I changed my ebay password,
> and about 30 minutes later got a phishing email that my password
> change failed. So I clicked the link and re-did it. As soon as I
> clicked on the submit button I noticed that the URl I was forwarded to
> was to some server in Russia. /facepalm.
>
> I went and sheepishly changed my ebay password AGAIN that very moment,
> with a bit of awe towards the clever con I had fallen into. Luckily I
> noticed. But how many others didn't?
>
> -B
>
> On Mon, Jun 11, 2012 at 11:07 AM, Scott Brim <scott.brim [at] gmail> wrote:
>> I think it's a troll, trying to shock you into clicking on something.
>>
>> On Mon, Jun 11, 2012 at 2:05 PM, Nick Olsen <nick [at] flhsi> wrote:
>>
>>> I think it might just be coincidence. I've gotten about 10 of them and
>>> haven't been to ebay or amazon in months.
>>> Most of them have been for >60 dollar books.
>>>
>>> Nick Olsen
>>> Network Operations (855) FLSPEED  x106
>>>
>>> ----------------------------------------
>>>  From: "Brandt, Ralph" <ralph.brandt [at] pateam>
>>> Sent: Monday, June 11, 2012 1:28 PM
>>> To: nanog [at] nanog
>>> Subject: EBAY and AMAZON
>>>
>>> I have received bogus emails from both of the above on Friday.
>>>
>>> These look like I bought something that in both cases I did not buy.
>>> The EBAY was a golf club for $887 and the Amazon was a novel for $82,
>>> far more than I would have spent on either.
>>>
>>> I think I looked at the novel on Amazon and I remember the golf club
>>> came up on a search with something else on Ebay.
>>>
>>> How this information could get to someone spoofing is a little
>>> disconcerting.
>>>
>>> I have changed EBAY and Paypal Passwords as instructed.
>>>
>>> Ralph Brandt
>>> Communications Engineer
>>> HP Enterprise Services
>>> Telephone +1 717.506.0802
>>> FAX +1 717.506.4358
>>> Email Ralph.Brandt [at] pateam
>>> 5095 Ritter Rd
>>> Mechanicsburg PA 17055
>>>
>>>
>>>
>
>


blake at pfankuch

Jun 11, 2012, 1:51 PM

Post #8 of 31 (2096 views)
Permalink
RE: EBAY and AMAZON [In reply to]

I have a spam pit email address which I monitor for trends to have a little bit of jump on the possible things users might touch at work. I started seeing the amazon, ebay and paypal ones a few weeks back. The other one I have started to see a lot of is the "Free or cheaper home phone service through magic jack" ones. Again as expected they link to some .ru domain and look just like the normal sign up page. Also my handy dandy virtual machine was instantly owned with malware just by loading the page. The VM runs Windows 7 as a non administrative user, UAC cranked up and IE9. Something like 10 installed apps showed up including "Adobe Flash Player Latest."

The other cool one I have been seeing is along the lines of "How to better utilize your office phone system" or "New Business Phone systems" with supposed links to "popular new phone system trends". This one is rather crafty as it has an embedded image which is a nice weblink to an infected jpg. So you click show picture in outlook, or in your browser and you get another installed piece of nastyware.

-----Original Message-----
From: Kain, Rebecca (.) [mailto:bkain1 [at] ford]
Sent: Monday, June 11, 2012 12:40 PM
To: nick [at] flhsi; Brandt, Ralph; nanog [at] nanog
Subject: RE: EBAY and AMAZON

I have gotten them from "amazon" stating "order number X was cancelled and please click on the below file for more information". Because I order so much on amazon, I almost thought it was real and clicked on it but then went to the amazon site and looked at "my open orders". It always pays to goto the site, not believe email.


-----Original Message-----
From: Nick Olsen [mailto:nick [at] flhsi]
Sent: Monday, June 11, 2012 2:06 PM
To: Brandt, Ralph; nanog [at] nanog
Subject: re: EBAY and AMAZON

I think it might just be coincidence. I've gotten about 10 of them and haven't been to ebay or amazon in months.
Most of them have been for >60 dollar books.

Nick Olsen
Network Operations (855) FLSPEED x106

----------------------------------------
From: "Brandt, Ralph" <ralph.brandt [at] pateam>
Sent: Monday, June 11, 2012 1:28 PM
To: nanog [at] nanog
Subject: EBAY and AMAZON

I have received bogus emails from both of the above on Friday.

These look like I bought something that in both cases I did not buy.
The EBAY was a golf club for $887 and the Amazon was a novel for $82, far more than I would have spent on either.

I think I looked at the novel on Amazon and I remember the golf club came up on a search with something else on Ebay.

How this information could get to someone spoofing is a little disconcerting.

I have changed EBAY and Paypal Passwords as instructed.

Ralph Brandt
Communications Engineer
HP Enterprise Services
Telephone +1 717.506.0802
FAX +1 717.506.4358
Email Ralph.Brandt [at] pateam
5095 Ritter Rd
Mechanicsburg PA 17055


henry at AegisInfoSys

Jun 11, 2012, 2:11 PM

Post #9 of 31 (2090 views)
Permalink
Re: EBAY and AMAZON [In reply to]

On Mon, Jun 11, 2012 at 13:27:58PM -0400, Brandt, Ralph wrote:
> I have received bogus emails from both of the above on Friday.
>
> These look like I bought something that in both cases I did not buy.
> The EBAY was a golf club for $887 and the Amazon was a novel for $82,
> far more than I would have spent on either.

Did the SMTP headers show the emails as coming from them?

--
Henry Yen Aegis Information Systems, Inc.
Senior Systems Programmer Hicksville, New York


jrhett at netconsonance

Jun 11, 2012, 3:28 PM

Post #10 of 31 (2086 views)
Permalink
Re: EBAY and AMAZON [In reply to]

I'm still trying to figure out how to put golf clubs or even spam into my router configuration.

Perhaps you intended this for a different list?

On Jun 11, 2012, at 10:27 AM, Brandt, Ralph wrote:
> I have received bogus emails from both of the above on Friday.
>
> These look like I bought something that in both cases I did not buy.
> The EBAY was a golf club for $887 and the Amazon was a novel for $82,
> far more than I would have spent on either.
>
> I think I looked at the novel on Amazon and I remember the golf club
> came up on a search with something else on Ebay.
>
> How this information could get to someone spoofing is a little
> disconcerting.
>
> I have changed EBAY and Paypal Passwords as instructed.
>
>
> Ralph Brandt
> Communications Engineer
> HP Enterprise Services
> Telephone +1 717.506.0802
> FAX +1 717.506.4358
> Email Ralph.Brandt [at] pateam
> 5095 Ritter Rd
> Mechanicsburg PA 17055
>
>

--
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.


jesler at sourcefire

Jun 11, 2012, 3:43 PM

Post #11 of 31 (2088 views)
Permalink
Re: EBAY and AMAZON [In reply to]

These are exploit kit teasers.

Black hole exploit kit specifically. I wouldn't click on any of the links in there.

Anyone who would like to send me copies of these, I'll take.

--
Joel Esler

On Jun 11, 2012, at 4:51 PM, Blake Pfankuch <blake [at] pfankuch> wrote:

> I have a spam pit email address which I monitor for trends to have a little bit of jump on the possible things users might touch at work. I started seeing the amazon, ebay and paypal ones a few weeks back. The other one I have started to see a lot of is the "Free or cheaper home phone service through magic jack" ones. Again as expected they link to some .ru domain and look just like the normal sign up page. Also my handy dandy virtual machine was instantly owned with malware just by loading the page. The VM runs Windows 7 as a non administrative user, UAC cranked up and IE9. Something like 10 installed apps showed up including "Adobe Flash Player Latest."
>
> The other cool one I have been seeing is along the lines of "How to better utilize your office phone system" or "New Business Phone systems" with supposed links to "popular new phone system trends". This one is rather crafty as it has an embedded image which is a nice weblink to an infected jpg. So you click show picture in outlook, or in your browser and you get another installed piece of nastyware.
>
> -----Original Message-----
> From: Kain, Rebecca (.) [mailto:bkain1 [at] ford]
> Sent: Monday, June 11, 2012 12:40 PM
> To: nick [at] flhsi; Brandt, Ralph; nanog [at] nanog
> Subject: RE: EBAY and AMAZON
>
> I have gotten them from "amazon" stating "order number X was cancelled and please click on the below file for more information". Because I order so much on amazon, I almost thought it was real and clicked on it but then went to the amazon site and looked at "my open orders". It always pays to goto the site, not believe email.
>
>
> -----Original Message-----
> From: Nick Olsen [mailto:nick [at] flhsi]
> Sent: Monday, June 11, 2012 2:06 PM
> To: Brandt, Ralph; nanog [at] nanog
> Subject: re: EBAY and AMAZON
>
> I think it might just be coincidence. I've gotten about 10 of them and haven't been to ebay or amazon in months.
> Most of them have been for >60 dollar books.
>
> Nick Olsen
> Network Operations (855) FLSPEED x106
>
> ----------------------------------------
> From: "Brandt, Ralph" <ralph.brandt [at] pateam>
> Sent: Monday, June 11, 2012 1:28 PM
> To: nanog [at] nanog
> Subject: EBAY and AMAZON
>
> I have received bogus emails from both of the above on Friday.
>
> These look like I bought something that in both cases I did not buy.
> The EBAY was a golf club for $887 and the Amazon was a novel for $82, far more than I would have spent on either.
>
> I think I looked at the novel on Amazon and I remember the golf club came up on a search with something else on Ebay.
>
> How this information could get to someone spoofing is a little disconcerting.
>
> I have changed EBAY and Paypal Passwords as instructed.
>
> Ralph Brandt
> Communications Engineer
> HP Enterprise Services
> Telephone +1 717.506.0802
> FAX +1 717.506.4358
> Email Ralph.Brandt [at] pateam
> 5095 Ritter Rd
> Mechanicsburg PA 17055
>
>
>
>


kmedcalf at dessus

Jun 11, 2012, 5:35 PM

Post #12 of 31 (2088 views)
Permalink
RE: EBAY and AMAZON [In reply to]

Security Settings in the Trust Center:
"Read as Plain Text"
"Even Signed Messages as Plain Text"
"Never Download Images"
"Require Confirmation when Forwarding or Replying will Download Anything at all"

Disable the AutoInfect options:
"Turn off the Preview"
"Turn off the Reading Pain"

You will never fall for a phishing scam or other malicious e-mail message ever again. I could never quite understand how anyone could get "phished" by e-mail since I have never ever seen a "phishing" or other malicious message that was not obviously so, even when I don't have me spectacles on!

And for everyone who sends you a web-page-by-email, tear them a new a**hole. If they do not mend their ways, get rid of em. Banish them to bh0 where they belong. If routing them to bh0 doesn't work, then at least send their drivel to /dev/nul.

---
() ascii ribbon campaign against html e-mail
/\ www.asciiribbon.org


> -----Original Message-----
> From: Blake Pfankuch [mailto:blake [at] pfankuch]
> Sent: Monday, 11 June, 2012 14:51
> To: Kain, Rebecca (.); nick [at] flhsi; Brandt, Ralph; nanog [at] nanog
> Subject: RE: EBAY and AMAZON
>
> I have a spam pit email address which I monitor for trends to have a little
> bit of jump on the possible things users might touch at work. I started
> seeing the amazon, ebay and paypal ones a few weeks back. The other one I
> have started to see a lot of is the "Free or cheaper home phone service
> through magic jack" ones. Again as expected they link to some .ru domain and
> look just like the normal sign up page. Also my handy dandy virtual machine
> was instantly owned with malware just by loading the page. The VM runs
> Windows 7 as a non administrative user, UAC cranked up and IE9. Something
> like 10 installed apps showed up including "Adobe Flash Player Latest."
>
> The other cool one I have been seeing is along the lines of "How to better
> utilize your office phone system" or "New Business Phone systems" with
> supposed links to "popular new phone system trends". This one is rather
> crafty as it has an embedded image which is a nice weblink to an infected
> jpg. So you click show picture in outlook, or in your browser and you get
> another installed piece of nastyware.
>
> -----Original Message-----
> From: Kain, Rebecca (.) [mailto:bkain1 [at] ford]
> Sent: Monday, June 11, 2012 12:40 PM
> To: nick [at] flhsi; Brandt, Ralph; nanog [at] nanog
> Subject: RE: EBAY and AMAZON
>
> I have gotten them from "amazon" stating "order number X was cancelled and
> please click on the below file for more information". Because I order so
> much on amazon, I almost thought it was real and clicked on it but then went
> to the amazon site and looked at "my open orders". It always pays to goto
> the site, not believe email.
>
>
> -----Original Message-----
> From: Nick Olsen [mailto:nick [at] flhsi]
> Sent: Monday, June 11, 2012 2:06 PM
> To: Brandt, Ralph; nanog [at] nanog
> Subject: re: EBAY and AMAZON
>
> I think it might just be coincidence. I've gotten about 10 of them and
> haven't been to ebay or amazon in months.
> Most of them have been for >60 dollar books.
>
> Nick Olsen
> Network Operations (855) FLSPEED x106
>
> ----------------------------------------
> From: "Brandt, Ralph" <ralph.brandt [at] pateam>
> Sent: Monday, June 11, 2012 1:28 PM
> To: nanog [at] nanog
> Subject: EBAY and AMAZON
>
> I have received bogus emails from both of the above on Friday.
>
> These look like I bought something that in both cases I did not buy.
> The EBAY was a golf club for $887 and the Amazon was a novel for $82, far
> more than I would have spent on either.
>
> I think I looked at the novel on Amazon and I remember the golf club came up
> on a search with something else on Ebay.
>
> How this information could get to someone spoofing is a little disconcerting.
>
> I have changed EBAY and Paypal Passwords as instructed.
>
> Ralph Brandt
> Communications Engineer
> HP Enterprise Services
> Telephone +1 717.506.0802
> FAX +1 717.506.4358
> Email Ralph.Brandt [at] pateam
> 5095 Ritter Rd
> Mechanicsburg PA 17055
>
>
>


hmurray at megapathdsl

Jun 11, 2012, 8:31 PM

Post #13 of 31 (2079 views)
Permalink
RE: EBAY and AMAZON [In reply to]

[.Snip good collection of security setting suggestions. Does anybody have
others or a URL?]

> I could never quite understand how anyone could get "phished" by e-mail
> since I have never ever seen a "phishing" or other malicious message that
> was not obviously so, even when I don't have me spectacles on!

Your imagination needs serious recalibration.

You are a geek, not a naive, dumb, or unfortunately, typical user.

Windows security sucks.

Most users will pick convenience over security. What fraction of users
(customers) would be happy with your suggested settings?

Phishers are smart. They are willing to work for high value targets.

Google for >spear phishing<. After you have read a few of those, google for >
spear phishing RSA<.

From the comments section of an Arstechnica article on the RSA event:
>> So why do any workplace computers in sensitive environments
>> have Flash in the first place?
> Because the training materials are no doubt flash based.

:)

If you are interested in security, the whole comments section may be worth
scanning.

My probably naive view is that this type of problem could easily be solved by
having the serious work done on a special class of well locked down machines
and making a pool of more open systems available for checking mail or
facebook or whatever.

I've heard stories of people filling USB slots with epoxy so idiots can't
insert thumb drives found in the parking lot or brought from home. I forget
the context.


--
These are my opinions. I hate spam.


kmedcalf at dessus

Jun 11, 2012, 10:08 PM

Post #14 of 31 (2082 views)
Permalink
RE: EBAY and AMAZON [In reply to]

> Windows security sucks.

The real problem with Windows is that there exist folks who believe that it is, or can be, secured. They believe the six-colour glossy, the Gartner Reports, and other (manufacturers') propaganda. As a consequence they do not act in a fashion which will keep them safe.

> Most users will pick convenience over security. What fraction of users
> (customers) would be happy with your suggested settings?

More than you might think -- still a minority however. There's not 2.437 pounds yet.

> My probably naive view is that this type of problem could easily be solved by
> having the serious work done on a special class of well locked down machines
> and making a pool of more open systems available for checking mail or
> facebook or whatever.

You would be surprised at the number of Fortune 500 companies that lock-down their policies into deliberately insecure settings, and refuse to permit more secure settings. I can't quite figure this out, except to observe that there is a very severe shortage of security clue in the world and an appalling over-abundance of ignorance and stupidity.

> I've heard stories of people filling USB slots with epoxy so idiots can't
> insert thumb drives found in the parking lot or brought from home. I forget
> the context.

This is, unfortunately, a typical reaction which arises from a failure to carry out proper root-cause analysis. The root cause of the issue is not "thumb drives", "baby fingernail drives", or whatever removable media type. The root cause is the propensity of Windows to engage in "magical" behaviour -- to put executable "data" everywhere and then to execute that "data", magically. And a failure to provide a "Magic Off" setting that actually works. Actually, there is -- it is called the power switch. Seriously though most of the magic can be turned off or bypassed, if you want to.

Companies that engage in such behaviour are signing their own "all our base are belong to you" death warrants. Rather that voting with their wallets and insisting on correction of the root-cause of the problem, they instead continue to pour money down the crapper investing in never-ending supplies of draino and roto-rooters while at the same time continuing to financially reward the paper-towel flushers so they can buy and flush yet more clogging crap which requires yet more draino and roto-rooters. Shampoo, Lather, Rinse, Repeat. (Looking up the effects of adding those instructions to shampoo by Proctor & Gamble on their sales and profits is left as an exercize for the reader).

Security does not require buying more draino and roto-rooters. It just requires that you not do stupid things inimical to security. Stop flushing paper towels down the toilet and you don't need draino and roto-rooters, nor will you need hazmat gear to clean the oozing excrement off the floor. Of course, it might be wise to keep a bottle of draino, a roto-rooter, and some hazmat gear on hand just in case -- but to concentrate on the symptoms rather than the underlying cause is just plain stupidity. Deliberately encouraging and financing those working to ensure the toilet is always plugged up and the crap is always running in the halls is sheer lunacy. Unfortunately, the lunatics are in charge of the asylum, and they have chosen the outcome they shall suffer.

Now, back to our regularly scheduled programming, already in progress ...

---
() ascii ribbon campaign against html e-mail
/\ www.asciiribbon.org


rsk at gsp

Jun 12, 2012, 4:35 AM

Post #15 of 31 (2074 views)
Permalink
Re: EBAY and AMAZON [In reply to]

On Mon, Jun 11, 2012 at 06:39:44PM +0000, Kain, Rebecca (.) wrote:
> It always pays to goto the site, not believe email.

1. This is why (particularly when dealing with older and/or non-technical
people who are incredibly easy to scam) I recommend (a) bookmarking
their critical sites, such as banks, and (b) training them to never,
ever, EVER use anything but those bookmarks to get to those sites.

2. Of course, many of those same critical sites have been ardently
training their customers to be phish victims by their appallingly
stupid insistence on HTML markup in email, which is why (1) is necessary.

---rsk


jamie at photon

Jun 12, 2012, 4:44 AM

Post #16 of 31 (2081 views)
Permalink
RE: EBAY and AMAZON [In reply to]

Apologies for lack of attribution beyond the first level, but the previous poster removed that.

> From: Keith Medcalf [mailto:kmedcalf [at] dessus]
>
> > Windows security sucks.
>
> The real problem with Windows is that there exist folks who believe
> that it is, or can be, secured. They believe the six-colour glossy,
> the Gartner Reports, and other (manufacturers') propaganda. As a
> consequence they do not act in a fashion which will keep them safe.

While MS may be a favorite whipping boy, let's not pretend that if the dominant OS were Apple or some flavor of *nix, things would be any better. Those OS's are no more secure than a Windows box once you plug a few hundred million people into their consoles.

Jamie


mysidia at gmail

Jun 12, 2012, 5:20 AM

Post #17 of 31 (2071 views)
Permalink
Re: EBAY and AMAZON [In reply to]

On 6/12/12, Keith Medcalf <kmedcalf [at] dessus> wrote:
>> Windows security sucks.
>
> The real problem with Windows is that there exist folks who believe that it
> is, or can be, secured. They believe the six-colour glossy, the Gartner
[snip]

Well, they are right. Windows can be secured.
The problem is it It won't be secured in practice. Because that's too hard,
and truly securing Windows will be rejected by the user, because many
applications used in practice are not implemented securely on the platform.

Users of Windows endpoints require functions such as Web Browsers, Flash,
their favorite Office applications, PDF Viewers, and remote share access.

>You would be surprised at the number of Fortune 500 companies that lock-down their >policies into deliberately insecure settings, and refuse to permit more secure settings.
>..

This is because, while you would expect IT to understand the
importance of security. "Lock Down" has a perception of security
attached to it.

In practice, "Lock-Down Policies" and standardization have nothing
positive to do with security, but IT convenience, and reducing
support costs, by attempting to enforce a standardized endpoint
experience.

They can lead to less security if done without extra security review.
Hopefully they also include a backup/imaging system to recover,
when the lock-down policy makes it break, however.



> This is, unfortunately, a typical reaction which arises from a failure to
> carry out proper root-cause analysis. The root cause of the issue is not
> "thumb drives", "baby fingernail drives", or whatever removable media type.

The windows shell is to blame, but you can provide an alternate shell
that doesn't do that "magical executable code insertion" stuff
and disable Explorer.

--
-JH


wayne at staff

Jun 12, 2012, 9:33 AM

Post #18 of 31 (2069 views)
Permalink
Re: EBAY and AMAZON [In reply to]

On Tue, Jun 12, 2012 at 11:44:44AM +0000, Jamie Bowden wrote:
>
> While MS may be a favorite whipping boy, let's not pretend that if the dominant OS were Apple or some flavor of *nix, things would be any better.

There is an inherent advantage for anything based upon *BSD. It
was developed in an evironment where in order to continue to operate
it was required to defend itself against many users who wished to
exploit the O/S. Windows, being designed for a single-user environment,
made a number of design decisions which directly conflict with
security.

Having spoken to MS security about this, there is no interest on
their part in disturbing the "user experience" in exchange for
drastic security improvements. Rather, they continue to gradually
evolve their existing model to increase security which, in fact,
has been improved, however slowly.

It is important to understand that there is nothing inherent in the
Windows experience which prohibits security. Rather, it is a
deliberate design choice on the part of MS.


jamie at photon

Jun 12, 2012, 10:19 AM

Post #19 of 31 (2070 views)
Permalink
RE: EBAY and AMAZON [In reply to]

> From: Michael R. Wayne [mailto:wayne [at] staff]


> On Tue, Jun 12, 2012 at 11:44:44AM +0000, Jamie Bowden wrote:

> > While MS may be a favorite whipping boy, let's not pretend that if
> > the dominant OS were Apple or some flavor of *nix, things would be any
> > better.

> There is an inherent advantage for anything based upon *BSD. It
> was developed in an evironment where in order to continue to operate
> it was required to defend itself against many users who wished to
> exploit the O/S. Windows, being designed for a single-user environment,
> made a number of design decisions which directly conflict with
> security.

I've been running FBSD since 1994, so I'm well aware of the development model, thanks. The *BSDs and Linux have all had their share of holes in them and more still continue to be found. The only thing saving them is lack of market share. Apple's increasing market share is a nice demonstration of this at work.

As far as securing Windows, it can be done, and done well, but it requires policy enforcement at the hardware and personnel level, and that doesn't change no matter what OS you're running. I have hardened Windows systems, and they are no more of a pain the ass to use than the hardened *nix systems. When DSS is done with them, all OS's suck to use.

Jamie


lanning at lanning

Jun 12, 2012, 1:16 PM

Post #20 of 31 (2071 views)
Permalink
Re: EBAY and AMAZON [In reply to]

Not too long ago I received 3 phone calls, with a strong Indian
accent and broken english, claiming to be a computer support
firm that has noticed virus activities on my Windows computer.

First time I told them I don't have any Windows machines. They
then hung up.

The second time, I asked them what IP they saw this from. They
didn't know. Then they hung up.

The third time, I told them I had 15 machines, and asked which
one. They hung up again.

The calls came from different Los Angeles area codes, but had
to be VoIP.

On 06/11/12 13:51, Blake Pfankuch wrote:
> I have a spam pit email address which I monitor for trends to have
> a little bit of jump on the possible things users might touch at
> work. I started seeing the amazon, ebay and paypal ones a few
> weeks back. The other one I have started to see a lot of is the
> "Free or cheaper home phone service through magic jack" ones.
> Again as expected they link to some .ru domain and look just like
> the normal sign up page. Also my handy dandy virtual machine was
> instantly owned with malware just by loading the page. The VM
> runs Windows 7 as a non administrative user, UAC cranked up and
> IE9. Something like 10 installed apps showed up including
> "Adobe Flash Player Latest."
>
> The other cool one I have been seeing is along the lines of
> "How to better utilize your office phone system" or
> "New Business Phone systems" with supposed links to
> "popular new phone system trends". This one is rather crafty
> as it has an embedded image which is a nice weblink to an
> infected jpg. So you click show picture in outlook, or in your
> browser and you get another installed piece of nastyware.
>

--
Mr. Flibble
King of the Potato People


gary.buhrmaster at gmail

Jun 12, 2012, 3:53 PM

Post #21 of 31 (2062 views)
Permalink
Re: EBAY and AMAZON [In reply to]

On Tue, Jun 12, 2012 at 4:33 PM, Michael R. Wayne <wayne [at] staff> wrote:
...
> It is important to understand that there is nothing inherent in the
> Windows experience which prohibits security. Rather, it is a
> deliberate design choice on the part of MS.

Windows. A strange game. The only winning move is not to play.
How about a nice game of FreeBSD?


rsk at gsp

Jun 13, 2012, 4:55 AM

Post #22 of 31 (2057 views)
Permalink
Re: EBAY and AMAZON [In reply to]

On Tue, Jun 12, 2012 at 11:44:44AM +0000, Jamie Bowden wrote:
> While MS may be a favorite whipping boy, let's not pretend that if the
> dominant OS were Apple or some flavor of *nix, things would be any better.

I've heard this argument many times, and I reject it this time as I
have before.

If popularity were the measure of relative OS security, then we would
expect to see infection rates proportional to deployment rates: thus if
operating systems A, B and C respectively accounted for 85%, 10%, and 5%
of deployments, we should see those numbers reflected in infection rates.

But we don't. For example, passive OS fingerprinting of about a decade's
worth of spam-spewing botnets indicates that they are running Windows to
at least six 9's, quite possibly more -- which is a markedly higher
fraction than we would expect if this hypotheis were true.

Windows is not attacked because it's the most popular. Windows is
attacked because it's the weakest. (And yes, if it instantly disappeared --
oh happy day! -- the next-most-weakest would take its place, but at least
we would have incrementally improved the state of security.)

---rsk


astrodog at gmx

Jun 13, 2012, 5:17 AM

Post #23 of 31 (2058 views)
Permalink
Re: EBAY and AMAZON [In reply to]

(Sorry for the top post. Mail client is being obnoxious.)


Why? The prevalence of malware for a given OS is going to, generally, be a matter of most return for least work.
If you're writing malware to steal credit card numbers, say, you're much better served writing it for Windows than you are OSX or Linux,
even if it were slightly more difficult to do, because that will get you the largest number of card numbers, simply because more people use
Windows. It's generally safe to assume that malware writers want to target as many machines as possible, thus they will focus on Windows, reg
ardless of the relative ease or difficulty of the other platforms.

There is no reason to believe that the platform distribution of malware would have a linear relationship with general usage rates or ease of
exploitation, given the motivations and methods involved.

--- Harrison
----- Original Message -----
From: Rich Kulawiec
Sent: 06/13/12 06:55 AM
To: nanog [at] nanog
Subject: Re: EBAY and AMAZON

On Tue, Jun 12, 2012 at 11:44:44AM +0000, Jamie Bowden wrote: > While MS may be a favorite whipping boy, let's not pretend that if the > dominant OS were Apple or some flavor of *nix, things would be any better. I've heard this argument many times, and I reject it this time as I have before. If popularity were the measure of relative OS security, then we would expect to see infection rates proportional to deployment rates: thus if operating systems A, B and C respectively accounted for 85%, 10%, and 5% of deployments, we should see those numbers reflected in infection rates.


dougb at dougbarton

Jun 13, 2012, 6:17 AM

Post #24 of 31 (2062 views)
Permalink
Re: EBAY and AMAZON [In reply to]

On 06/13/2012 04:55 AM, Rich Kulawiec wrote:
> But we don't. For example, passive OS fingerprinting of about a decade's
> worth of spam-spewing botnets indicates that they are running Windows to
> at least six 9's, quite possibly more -- which is a markedly higher
> fraction than we would expect if this hypotheis were true.
>
> Windows is not attacked because it's the most popular. Windows is
> attacked because it's the weakest.

Mostly right, except that it is really a weighted average of factors
including installed base (read, popularity), likely success of the
infection, likelihood of the infection being successfully detected by
the user, likelihood of the infection being removable, overall utility
of the system to the spammer once it is infected ... I'm probably
forgetting a few things.

But your basic point, it's not just about the popularity, is sound. The
cautionary tale is that merely improving one of those factors isn't
going to get the job done.

Doug


bzs at world

Jun 13, 2012, 10:36 AM

Post #25 of 31 (2056 views)
Permalink
Re: EBAY and AMAZON [In reply to]

On June 12, 2012 at 12:33 wayne [at] staff (Michael R. Wayne) wrote:
> On Tue, Jun 12, 2012 at 11:44:44AM +0000, Jamie Bowden wrote:
> >
> > While MS may be a favorite whipping boy, let's not pretend that if the dominant OS were Apple or some flavor of *nix, things would be any better.

That assumes the security architectures of all these OS's is similar
which is simply not true.

There have been security flaws in Microsoft OS's which led to the
spread of malware which would have been almost impossible on any
unix-like operating system.

One of the biggest problems was creating the first and often only user
on MS systems with administrator privileges allowing any piece of
software they ran to do anything on the system.

Even Microsoft recognized this to be a huge flaw beginning with Vista,
no need to be more catholic than the pope.

The problem at this point is that even with improvements in newer
Windows systems there are probably on the order of a billion systems
out there, attached to the net, and still running these deeply flawed
OS's which can be taken over by just clicking on the wrong mail
message.

--
-Barry Shein

The World | bzs [at] TheWorld | http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD | Dial-Up: US, PR, Canada
Software Tool & Die | Public Access Internet | SINCE 1989 *oo*

First page Previous page 1 2 Next page Last page  View All NANOG users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.