| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 10 Jun 2011 00:20:18 +0300 From: nix@...roxylists.com To: "Aaron Turner" <synfinatic@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: NiX API > On Thu, Jun 9, 2011 at 11:02 AM, <nix@...roxylists.com> wrote: >>> On Thu, Jun 9, 2011 at 9:49 AM, <nix@...roxylists.com> wrote: >>> >>>> You're a legit user --> Why in earth you would like to use a proxy or >>>> or >>>> anonymizer to do the purchase? >>>> >>>> Why I would do so and purchase unless I have something to hide? You >>>> have >>>> the option block or allow hosting provider ranges, of course. >>> >>> The most common reason would be I'm trying to buy something while at >>> work and my company has deployed a URL filtering product which blocks >>> the website completely. >>> >>> If you can't come up with a few more legit reasons then you really have >>> no >>> clue. >>> >> >> You really don't seem to understand how advanced protection this API >> provides. Please read carefully everything after the banner at >> http://nixapi.com/ >> >> I don't know how URL filtering products are related to this API >> protection. > > Step 1: User wants to visit a website to buy something while at work. > > Step 2: Company where that user works blocks access to the website > because it's against company policy using a webfilter > > Step 3: User uses a tor or other proxy to avoid corporate webfilter to > visit that website > > Step 4: User gets blocked by your service when they go to buy because > they're using a proxy > > Step 5: Frustrated user buys same/similar product from another seller > who is not using your service and original website looses a sale. > > Clear now? > Yes. That's the flipside of the coin. However though, any merchant that accepts purchases from user's behind proxies or other anonymizer's is taking a siginificant risk. According to my knowledge and experience, if this proxy happends to be in PayPal's database or this IP-address differs too much from your regular login history, their automation will revert the payment usually some hours after or during the next day. Guess what will happend to that merchant? They are frustrated while answering unauthorized paypal claims. If this purchase was done using a stolen credit card, PayPal will charge this merchant for outrageous fees !! If this purchase was made using illegally someone's paypal account, they will still charge this merchant for their revenue percentage!! So in other hand, it's you merchant who will suffer and get all horshit for that fraudulent purchase. Paypal will always win and earn profits from this purchase! This happened to us about 50 times in 2.5 months period. Needless to say, im still mad as hell. We lost several hundreds of bucks to those paypal 'reversal fees' + wasted significant amount of our precious times while answering to those disputes. The API resolved all issues. There has been few legit customers who wondered why they could not login using the proxy, I said, remove the proxy and try again and then do purchase. They did. A fraudulent user never bother for this, they will leave your site alone. > -- > Aaron Turner > http://synfin.net/ Twitter: @synfinatic > http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & > Windows > Those who would give up essential Liberty, to purchase a little temporary > Safety, deserve neither Liberty nor Safety. > -- Benjamin Franklin > "carpe diem quam minimum credula postero" > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists