[Dshield] Email and Websites Impersonating eBay

Al Reust areust at comcast.net
Sat Oct 18 18:03:30 GMT 2003

Hello All

In answer, most should know the way to accomplish verifying the 
Certificate. When in Doubt go LOOK! Very Carefully!  Scroll down. HEHEHE

At 12:52 PM 10/18/2003 -0400, you wrote:

>yes. they are all to common (with varying sophistication).
>if you receive such an email, or hear about a site like this,
>contact 'spoof at ebay.com'. They will send their attack lawyers
>after them.
>Unfortunately, there is not that much that can be done about these
>sites. They frequently use 'auto pilot' hosting companies in hard
>to reach countries. I wouldn't be surprised if many of the systems
>that host these pages are hacked.
>Overall, the best thing to do is user education. But this is also
>the hard part. Its not always easy to spot these fake sites. They
>frequently use 'obfuscated' host names and sometimes they even
>manage to use SSL. When was the last time you checked the content
>of an SSL certificated. (yes, it is ... but SSL isn't of much help
>to find out)
>Overall, the best 'tip' is probably to avoid clicking on any URL if you
>intend to enter personal information. Rather type the URL yourself (e.g.
>'http:/www.ebay.com' ) and follow links from that site :-/
>hehe... little challange:
>how do you know that 'https://secure.dshield.org' is actually associated
>with 'DShield.org', myself or the SANS Institute?

If you open the "HTTPS" web site, and if it does not present the 
certificate for approval (your settings in IE or something else LOL) then 
you have an option.

 From the File - PullDown menu, Select "Properties" It should present you 
with a dialog box that shows the connection and other details, one of which 
is the Server Name is "secure.dshield.org"

If you click on the "Certificate Button"

It will then present the Certificate for Inspection or installation.

It shows that, the Certificate was issued by Equifax and registered to 
"secure.dshield.org" so the machine (FQDN) matches. So then the next part 
of the puzzle would be to figure out Who the Equifax Secure Certificate 
Authority People are..




>On Sat, 2003-10-18 at 08:18, Parreira Juan Manuel wrote:
> > These requests often include links to Web pages that will request a sign in
> > and submit information.
> >
> >
> >
> >
> > ______________________________________________________________________
> > _______________________________________________
> > list mailing list
> > list at dshield.org
> > To change your subscription options (or unsubscribe), see: 
> http://www.dshield.org/mailman/listinfo/list
>Johannes Ullrich                     jullrich at euclidian.com
>pgp key: http://johannes.homepc.org/PGPKEYS
>    "We regret to inform you that we do not enable any of the
>     security functions within the routers that we install."
>          support at covad.net
>list mailing list
>list at dshield.org
>To change your subscription options (or unsubscribe), see: 

More information about the list mailing list