A system on the Paypal.com domain is hosting an IRC server. Historically, IRC servers have had security issues, and they continue to be high-profile targets. I am not sure if these servers are being intentionally run by a Paypal.com administrator, or if they have been set up by crackers to use Paypal.com’s bandwidth. The IRC server was recently introduced to an IRC network, EnterTheGame (http://www.enterthegame.com), as ca.enterthegame.com: [user@box ~]$ nslookup ca.enterthegame.com Name: irc.enterthegame.com Addresses: 209.131.67.21, 216.136.154.43, 209.131.67.20 Aliases: ca.enterthegame.com [user@box ~]$ nslookup 216.136.154.43 Name: node-216-136-154-43.networks.paypal.com Address: 216.136.154.43 Aliases: 43.154.136.216.in-addr.arpa [user@box ~]$ nc node-216-136-154-43.networks.paypal.com 6667 :Ca.EnterTheGame.Com NOTICE AUTH :*** Looking up your hostname... :Ca.EnterTheGame.Com NOTICE AUTH :*** Checking Ident :Ca.EnterTheGame.Com NOTICE AUTH :*** Found your hostname :Ca.EnterTheGame.Com NOTICE AUTH :*** No Ident response I’m not sure if this server is being intentionally hosted, or if it’s the work of crackers who have obtained access to a Paypal.com system. If the server is being intentionally hosted, the Paypal administrators are knowingly subjecting their customers and investors to additional security risks. Moreover, being part of an IRC network may subject Paypal.com to the actions of the IRC users, which may include allowing or promoting the distribution of illegal software. If Paypal is not intentionally hosting the server, it is safe to assume that they have been cracked and customer data (names, credit cards, and more), as well as Paypal and Ebay’s internal network, is at risk of compromise. Contact information for EnterTheGame, which was obtained from http://www.enterthegame.com, are the email addresses infoat_private, pressat_private, and supportat_private Inquiring emails to Paypal.com were not answered after 48 hours. Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sat Jan 25 2003 - 08:16:28 PST