[Dshield] Email and Websites Impersonating eBay

Johannes Ullrich jullrich at euclidian.com
Sun Oct 19 02:00:18 GMT 2003


> Good point, just started a check and you can't find much more then that
> in the following link, apart from the information from whois.
> https://services.choicepoint.net/servlet/com.kx.was.servlets.CPUGBNclient?3723424648

yes. and if you look at the certificate for
'https://services.choicepoint.net', you will see that it just refers
back to itself ;-)

> 
> Suppose it depends on how much confidence users have got in Equifax
> checking process.

The check isn't great, but ok. If you ask for a certificate with
Equifax ("Globaltrust"), you have to provide an email address within
the domain that is listed in whois, or a standard address like
'ssladmin at domain'. They have an automated system call a phone number you
provide (I think it has to be a landline).



-- 
--------------------------------------------------------------
Johannes Ullrich                     jullrich at euclidian.com
pgp key: http://johannes.homepc.org/PGPKEYS
--------------------------------------------------------------
   "We regret to inform you that we do not enable any of the 
    security functions within the routers that we install."
         support at covad.net
--------------------------------------------------------------





More information about the list mailing list