lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Thu, 9 Jun 2011 23:49:00 +0200
From: Haxxor Security <h@...r.se>
To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: NiX API

This must be a sales-person, since it took 3 emails to tell us it's a proxy
blacklist.
And to use a phrase as "NiX API is effectily blocking 85% of all open
proxies 24/7/365 fully
automatically".
I would like to see a manualy operated proxy-blacklist that only works 6 h a
day in july.


2011/6/9 Thor (Hammer of God) <thor@...merofgod.com>

> > Yes. That's the flipside of the coin. However though, any merchant that
> > accepts purchases from user's behind proxies or other anonymizer's is
> > taking a siginificant risk.
>
> Says who other than you?  I use a proxy all the time and have never made a
> fraudulent purchase attempt.  It is nobody's business where I am.  Just
> because you think proxied connections are bad doesn't mean they are.  Your
> "majority of fraud is committed from a proxy" is just some opinion.  How
> about some proof of that?
>
> Besides, you will *never* be able to find out where my proxies are or add
> me to your database.  If I decided to commit fraud, your system would never
> catch me.  You have no way of determining how much fraud it committed from
> other sources, because you don't (and can't) know.
>
> > This happened to us about 50 times in 2.5 months period. Needless to say,
> > im still mad as hell. We lost several hundreds of bucks to those paypal
> > 'reversal fees' + wasted significant amount of our precious times while
> > answering to those disputes.
>
> Ah.  So, one attempt per day or so during that period is what you are
> basing your opinions on?  Depending on what one is selling, all it would
> take is one false positive to screw over the person using your API.  It just
> isn't a good idea.
>
> > The API resolved all issues. There has been few legit customers who
> > wondered why they could not login using the proxy, I said, remove the
> > proxy and try again and then do purchase. They did. A fraudulent user
> > never bother for this, they will leave your site alone.
>
> Nor do you know if a legitimate use would do it.  If I went to buy
> something from you and you assumed I was fraudulent and blocked the
> transaction, I wouldn't even bother telling you - I'd go buy from someone
> else.   The fact that you think the API resolved the issues doesn't prove
> anything.  It just proves that you THINK it did, but you don't know.  I may
> have stopped 1 bad transaction a day, but stopped 10 good ones.  You just
> don't know.  Your main bitch seems to be about a company charging you to use
> their risk management service.   If you don't like PayPal's agreement, then
> don't use them.
>
> You seem to be getting awfully wound up over a "free" tool.  It's free.
>  What do you care what people think?  Or is this just a "get my name in
> links" so that you can try to sell it later?  All my tools are free, and
> I've gotten plenty of "why should I use your tool" emails to which I reply
> "I have absolutely no investment in you using it or not.  If it provides
> value for someone, there it is.  Otherwise, go shit in your hat."
>
> You should wait until you are selling it before you give your sales pitch.
>
> >
> > > --
> > > Aaron Turner
> > > http://synfin.net/         Twitter: @synfinatic
> > > http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix
> &
> > > Windows
> > > Those who would give up essential Liberty, to purchase a little
> temporary
> > > Safety, deserve neither Liberty nor Safety.
> > >     -- Benjamin Franklin
> > > "carpe diem quam minimum credula postero"
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> > >
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ