lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20031014164840.58949.qmail@web40311.mail.yahoo.com>
From: tedklugman at yahoo.com (ted klugman)
Subject: SPAM, credit card numbers, what would you do?

So I get a piece of SPAM that advertises a "how to
make money on eBay" book. For kicks, I go to the
website (hosted in Asia, of course)

(Aside -- the website includes a gimmick where if you
"buy by midnight on (today's date), save 50%". Change
the date on your PC, and the offer gets extended to
THAT day)

I check out the order form, which a) isn't secured
with SSL, and b) submits the information to a
different website. So I go there to muck around and
see what there is (again, hosted in Asia)

Lo and behold, I look at the root of said website, and
I get a directory listing:

submit.php
orders.txt

And as you can probably guess, orders.txt contains --
ORDERS. Names, addresses, phone numbers, and CREDIT
CARD NUMBERS. Dozens of them.

So I got to thinking... what should I do here?

a) Nothing. It's not my problem.
b) Notify the provider who hosts the submission page
c) Send e-mails to all the morons who tried to buy
this "product" (their e-mail addresses are readily
available, next to their credit card numbers), letting
them know that they are morons and this is why they
shouldn't buy products advertised in SPAM.
d) Something else

I chose option a.

What would you do?

(What would Brian Boitano do?)

__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ