Actually, I think the stupid part would be Dell, making it just password. Let's say that I know Dell resets it to password. I send a thing off on a Friday and get your password reset. I now know your ID and your password and you probably don't even know it was changed until Monday. So I have a weekend to dick around with your account. I go in and change the e-mail address associated with it and you are pretty much gone and I 0wn j00. :) Imagine if it was your bank account instead. Dell ought to be making it some randomly generated password that you cut and paste and change immediately. My 2 cents. JayW >>> "Rob Shein" <shotenat_private> 05/31/03 10:27AM >>> I think what you have here is that someone tried to get your password, but failed...kind of silly of them, really, since they would obviously have mailed the password to your email address. Going to that link and typing in the password the email provides wouldn't get the attacker anything (if they had sent the email in the first place) because you'll just use the password they gave you. > -----Original Message----- > From: houyachiat_private [mailto:houyachiat_private] > Sent: Friday, May 30, 2003 12:46 PM > To: incidentsat_private > Subject: Dubious e-mail: [Fwd: Dell.com (Password Request)] > > > I received the inline e-mail from what claims to be DELL Online > service. A Quick SAMSPADE search shows that smtp9.us.dell.com > has an ip > of 143.166.148.136 and is registered to DELL Computers. I > have an uneasy > feeling about this and my call to DELL went unanswered. I spoke to > customer service asking to speak to someone who can look into > this but I > was sent back to the belly of the phone system and was given the > runaround. This is could be somebody trolling for passwords > by spamming > anyone, or someone who got hold of a DELL customer listing and is > fishing for passwords. Idid not want to check the link below from my > workstation for that would amount to a partial verification of the > e-mail address. By the time I got to check it via sampsade it > gave a 404 > error. > > Any thoughts of a recourse of action here if any at all. > > Thanks > > Hamid Ouyachi > > -------- Original Message -------- > From: - Thu May 29 12:58:30 2003 > X-UIDL: 19lede2U83Nl3rE0 > X-Mozilla-Status: 0001 > X-Mozilla-Status2: 00000000 > Status: U > Return-Path: <listmasterat_private> > Received: from saltmine.radix.net ([207.192.128.40]) by > bissell.mail.mindspring.net (Earthlink Mail Service) with ESMTP id > 19lede2U83Nl3rE0 for <houyachiat_private>; Wed, 28 May 2003 > 23:36:20 -0400 (EDT) > Received: from mail1.radix.net (mail1.radix.net [207.192.128.31]) by > saltmine.radix.net (8.12.2/8.12.2) with ESMTP id h4T3aI1o028383 for > <houyachiat_private>; Wed, 28 May 2003 23:36:19 -0400 (EDT) > Received: from smtp9.us.dell.com (smtp9.us.dell.com > [143.166.148.136]) > by mail1.radix.net (8.12.2/8.12.2) with ESMTP id h4T3aHps024172 for > <houyachiat_private>; Wed, 28 May 2003 23:36:17 -0400 (EDT) > Received: from AUSOLADPERFT05 > (ausoladperft05.development.online.dell.com [10.32.4.239]) by > smtp9.us.dell.com (8.12.9/8.12.7) with SMTP id h4T3WDq5006521 for > <houyachiat_private>; Wed, 28 May 2003 22:32:13 -0500 > From: listmasterat_private > thread-index: AcMlk2Ne/6yJtEMaQGGgaVv1s0P3qg== > Thread-Topic: Dell.com (Password Request) > To: <houyachiat_private> > Subject: Dell.com (Password Request) > Date: Wed, 28 May 2003 22:35:45 -0500 > Message-ID: > <096001c32593$635e98f0$ef04200aat_private> > MIME-Version: 1.0 > Content-Type: multipart/alternative; > boundary="----=_NextPart_000_0961_01C32569.7A8890F0" > X-Mailer: Microsoft CDO for Windows 2000 > Content-Class: urn:content-classes:message > Importance: normal > Priority: normal > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0 > X-Scanned-By: MIMEDefang 2.31 > > > > We recently received a request to e-mail your password to you. Your > Dell.com My Account password is 'password'. You may use the > following URL > http://membership.dell.com/dellportal/signin.aspx?c=us&l=en&s= gen <http://membership.dell.com/dellportal/signin.aspx?s=gen> to return to your account page. We look forward to providing continued world class support for your computing needs. Dell Online http://www.dell.com <Dell.Storm.UI.Atoms.SimpleLink> ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Mon Jun 02 2003 - 15:37:17 PDT