lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <013b01c3c3a7$e8abbdf0$329f8018@youru10ixi0anw>
From: trihuynh at zeeup.com (Tri Huynh)
Subject: A funny  (but real) story for XMAS

Hi list,

One day when I checked my email, I received many emails from a company named
wickedservers.com (which is belong to another company called IOport
Technologies, LLC).
Here is one of their emails :


" Your e-mail has been received. A ticketnumber has been created. Would you
like
 to correspond about this matter, please always use this ticketnumber in
your subject field: [ts #26205]

-------------------------------------------------------------------------
If you have a problem with your server, please make sure you have specified
the following
information in your e-mail:

- Server IP and port
- FTP Username
- Detailed information about the problem

Without the first two, we cannot solve the issue. Please send the
information in an email with subject [ts #26205].

-------------------------------------------------------------------------
If you have a problem, make sure you have tried the following:

- server restart. This can be done via a RCON QUIT, or a ADMIN QUIT for most
games. Correctly
configured servers will return within 30 seconds.

YOU CAN ALSO RESTART BY GOING TO HTTP://<SERVERIP>:20000
LOGIN WITH FTP USER AND PASS

- check the server logs when these are available (server.log or ucc.log).
Information in these
files can be valuable to solve a problem.
- checked the forums at http://forum.gameservers.net. Most questions are
already solved by others......blah blah blah"

It looks like somebody using my email to register their service because I
didn't register
or even known such a service (I always have myself to be the victim so I can
investigate
cybercrime easily). By looking at the email, I could tell that the bad guy
also generated a
customer support request. I decided to go to the company website to contact
their
staff. One the website, they also supports "live help" under the form of
chatting.
And here is our conversation:

** You are now speaking with Gunner, Support. **
Gunner : Hello
trihuynh : hi
trihuynh : my email is trihuynh@...up.com
trihuynh : and today i start receiving email form you guys
trihuynh : but i don't know anything or register anything with your service
trihuynh : i want to know what is going on
Gunner : That was an e-mail glitch that is now corrected. Thank you for the
notification.
trihuynh : ????
trihuynh : how comes my email receive your info ?
trihuynh : is somebody using my personal info to register here ?
Gunner : that I do not know
trihuynh : can you check who is registered with the email:
trihuynh@...up.com
Gunner : I don't have that information, sorry
trihuynh : so what i should do now ?
trihuynh : somebody uses my email to register here
Gunner : The e-mail problem you mentioned was corrected.
trihuynh : but...how can you guys have my emails ?
Gunner : you will no longer get e-mails
Gunner : that I do not know
trihuynh : how can you do not know ?
Gunner : Our mail server was compromised
Gunner : and is now fixed
Gunner : problem is gone
Gunner : thank you
trihuynh : i still don't understand though
trihuynh : how can you have my email
Gunner : that's go, all you need to know is it is now fixed
Gunner : That's ok**
trihuynh : what is the company address ?
Gunner : it's on our website

Your party has left this session. <---- He quits chatting with me

It looks like this comapany doesn't give a damn about information
privacy, and there is also a possibility that they are
the spammers too. If you guys have have any info about this
company, please contact trihuynh@...up.com and i love
to gather more evidences about their privacy malpractices.

Trihuynh
Sentryunion

"Join www.osvdb.org to make a better non-corporated vulnerability database
since
CERT sucks ! "



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ