RE: CRIME Ubid Hacked...?

From: Kuo, Jimmy (Jimmy_Kuo@private)
Date: Fri Sep 13 2002 - 13:42:34 PDT

  • Next message: alan: "Re: CRIME Ubid Hacked...?"

    This is a very old trick that's been done on AOL for ages, prompting AOL to
    issue the statement that they would NEVER, EVER do such a thing online.
    
    Jimmy
    
    -----Original Message-----
    From: Crispin Cowan [mailto:crispin@private]
    Sent: Friday, September 13, 2002 1:33 PM
    To: Seth Arnold
    Cc: 'Owner-Crime'
    Subject: Re: CRIME Ubid Hacked...?
    
    
    Seth Arnold wrote:
    
    >On Fri, Sep 13, 2002 at 10:30:53AM -0700, Robert Johnston wrote:
    >  
    >
    >>I suspect some credit card information has been compromised as well.
    >>    
    >>
    >I suspect someone simply forged the email to appear as if it came from
    >uBid. That takes absolutely no effort.
    >
    I had a similar experience 2 days ago, when I got e-mail that claimed to 
    be from Paypal. It said that Paypal had experienced a system failure, 
    and I should log in and update my personal information. It had a helpful 
    piece of advice that I should never give my password to anyone but 
    Paypal. And it provided a helpful link for me to log in.
    
    The catch: the TEXT for the link said it pointed to "paypal.com" but the 
    underlying link actually pointed to "paypalsys.com", a Trojan web site 
    set up to collect user-ID/password info from unsuspecting Paypal users.
    
    As Seth points out, absolutely no compromise of Paypal servers is 
    necessary to deploy this scam. All that is required is for a user to 
    click on a link in an e-mail without thinking about it very much.
    
    Crispin
    
    -- 
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX                      http://wirex.com/~crispin/
    Security Hardened Linux Distribution:       http://immunix.org
    Available for purchase: http://wirex.com/Products/Immunix/purchase.html
    



    This archive was generated by hypermail 2b30 : Fri Sep 13 2002 - 14:15:21 PDT