| LED Digest 1912: Phishing with Paypal, also Home Servers |
|
|
|
================================================== The LED Digest Moderated Discussion List "Effective Online Advertising, Since 1997" pair Networks: The LED's Web Host Hosting and Domain Reg. from a Trusted Leader pair.com for Hosting | pairNIC.com for Domains ================================================== List Moderator: Published by: Adam Audette LED Digest adam,led-digest.com http://www.led-digest.com ............................................... December 22, 2004 Issue #1912 ............................................... .....IN THIS DIGEST..... ==== CONTINUING ================= --== Dynamic DNS? ==-- ~ Scott Marino "...the first thing I would look to hack would be the amatuer web hoster running a server in their home." ~ John Smart "This is...not practical for true server usage." --== The Challenge-Response Approach ==-- ~ Lanell Grant "We replaced [our email links] with small graphics..." --== The PayPal vs Merchant Accounts Debate ==-- ~ Peter D'Aprix "...if members of PayPal get an email with the following message, be advised not to click on the link..." ~ Kenny Lau "...you don't need a credit card to operate a PayPal account..." ==== BILLBOARD =================== --== Browser Wars ==-- ~ Mark Roberts --== Theft of Copywritten Material ==-- ~ Derek Andrews ===== CONTINUING ================================= From: Scott Marino Subject: Dynamic DNS > Network Solutions has partnered with No-IP.com to > offer Dynamic DNS a service that allows you to run your > own Web or e-mail server using your cable or DSL > connection - no matter when your IP address changes. - Brett Swooshman, LED 1910 You can get shared hosting plans for $5 or less a month. With that you get: 1) Monitoring to make sure it is up and running 2) Critical security updates and patches 3) Fast reponse times for delivering web pages 4) NO HEADACHES When you run your own server, you expose that computer to the entire internet and all the hackers and spammers that are out there. If I was a hacker, the first thing I would look to hack would be the amatuer web hoster running a server in their home. They would be the easiest prey. How many millions of e-mails a day could a spammer send over a cable / DSL connection on a hacked home server.... For $5 per month, I'd never take that risk. Just my $0.02. Regards, Scott Marino www.webundies.com ------- new post - same topic -------- From: John Smart Subject: Dynamic DNS This is great for personal and development usage, but not practical for true server usage. The problems are: 1. Speed. Ok, so you can get data in at 3Mbps. Your outgoing is probably only 512 Mbps. when people are coming to you, that means the fastest they can get data is 512 - if 2 people are accessing it then you can halve that - add to that the requests you are sending to web sites, your e-Mail - soon we are crawling. 2. Stability. Home networks are not the most stable of products. Home network switches cost a lot less than professional grade switches - this is not because the professional ones look better! 3. Caching. If you are at Grandma's, trying to show the latest pics of the kiddies, and you cannot access because of a cached IP address, you know what to do to get through it - refresh a couple of times, wake your browser up, then get where you want to be. Are you going to put those instructions on your index.html page? This is a great technology, it has a lot of uses but it is a technology that hasn't truly arrived yet. We use it a lot for development and home workers - and I deal with a company in the UK who use it very heavily with a home-working network of programmers and developers - it is excellent for that, but that appears to be it's limit at this time. John Smart, Technical Director InternetDesign.com - A Human Touch in a Digital World" ------- new post - new topic -------- From: Lanell Grant Subject: Challenge response > The only way to block spam 100% is to > use a challenge-response system - Scott Wang, LED 1906 Hello LED'ers, About two years ago on several web sites we removed the Email address from any on-server code, HTML, script, what have you... We replaced this with several small graphics which are displayed here and there just as the "code" had been before. The graphics plainly show the Email address... A visitor must now manually enter this address rather than simply "click" to open a writing window. The Email address is kept simple as, "info" or "sales", with the thought that this must be remembered or noted and then entered. The results have been a dramatic reduction in junk Email and about a 10% reduction in Email with questions, etc. We can detect no sales loss. In fact, we had some of our best sales periods following this change about 6 or 8 months. I should add that over 50% of sales are made by phone with the number taken from the web site. There are always lots of questions and selling for most sales. This technique presents no ridges to the consumer. We discovered that at least a few think something is wrong with their computer. We had a big grin when we heard that for the first time... We now have almost no junk mail from these sites... I have concluded that junk Emailers can not read... :) Lanell Grant ------- new post - new topic ------- From: Peter D'Aprix Subject: E-bay and PayPal > If you use Paypal, the customer pays Paypal using their > credit card, then the Consumer Credit Act no longer applies. > Many credit card companies consider Paypal to be an agent > under Section 75 of the act and thus they are not liable for > non delivery. - Richard Stubbings, LED 1910 I have been reading with particular interest the various takes on PayPal. I just put up my Hasselblad collection for sale using e-Bay for the first time. I did not have to actually sign up to become a member with Paypal, if I am reading the acres of instructions correctly, until a sale transaction actually takes place so I did become a member at the time of creating my e-Bay listing. That did not stop a fraudulent email arriving asking me to click on a link that took me to a web page asking for all my financial information (credit cards, account numbers, user name and passwords etc) since there appeared to be some errors on my membership account. Fortunately I had had my morning cup of java and my brain was at least working on two cylinders or I might have sleep walked my way to the submit button. When I opened the PayPal home page in a different browser just to check, the fraudulent web page suddenly disappeared from my first browser and was replaced with an announcement posted on a different site called SmartRedirect.com by CySpot Media saying: paypalupdates.home-page.org has been disabled This Account Has Been Disconnected 404 - NOT FOUND E-Bay had a pretty good security information page which addressed this issue if the fake calls for information had supposedly come from e-Bay. But unless I signed up as a member with PayPal, even though this fake email was purportedly coming from them had nothing. Nothing that is until I found a telephone number that cost me long distance charges and after 3 minutes of sales pitch the mentioned fraudulent emails and gave an email address to send information to PayPal to about it ( This email address is being protected from spam bots, you need Javascript enabled to view it ) So if members of PayPal or even non-members get an email with the following message (below), be advised not to click on the link and respond. PayPay says they never send out emails requesting more information and if they send out emails at all, it is always to the email address they have on your account and they write you by name. ----------------------- "Dear Member "We Here at PayPal, are sorry to inform you that we are having problem's with the billing information on your account. We would appreciate it if you would go to our website and fill out the proper information that we need to keep you as an PayPal member. "Please Update your account information by visiting our updates web site below. http://paypalupdates.home-page.org Steve Johnson. Billing Updates Center Account Updates Team." ----------------------- Since PayPal obviously knows of this fraud that is aimed not just at their members, I am surprized that they do not address the issue clearly up front on their site. E-Bay does a pretty good job in comparison. I would be interested to know if anyone else has had this same experience. I have received similar emails supposedly from CitiBank but I have no account at CitiBank so it was obvious immediately it was a trawl for identity theft. But to receive one of these emails within 48 hours of setting up a listing with the combined forces of e-Bay and PayPal (a pretty good joint venture for the mass of small sellers out there it seems) one wonders where the information came from to trigger the email. The email address used was not the one connected to e-Bay. With all the discussion of functionality of the mass of options for e-commerce that has filled the pages of this publication, the issues of security, financial security, identity theft, must rise above all other considerations I would think, even, Lord knows, spam! PayPay states that there is a growing trend not to pay with credit cards but to issue a bank wire directly to them for payment. Could it be that there is a genuine fear of the insecurity of the internet, despite promises of security and encryption, out there! If it spreads, this could certainly cut into the e-commerce world. I would really like to know what those with much more experience in this out there think. Peter D'Aprix Visual Communications http://peterdaprix.com peter, peterdaprix.com ------- new post - same topic -------- From: Kenny Lau Subject: PayPal vs other The best feature of PayPal is that you can make a payment WITHOUT divulging your credit card number, and you actually don't need a credit card to operate a PayPal account if you have a bank account which PayPal accepts. Each payment sent or received is confirmed via instant email to BOTH the payer and the payee and this is where the beauty of PayPal lies - Any unauthorized charges will be instantly recognized. I have had no problems whatsoever in paying and receiving funds with PayPal over the past years, whereas I am contesting several unauthorized charges by the same merchant (which I never knew) over a span of one year, and still this unauthorized charging is still continuing. The credit card company is VERY slow in processing complaints. Kenny Lau www.ecopurewater.com ==== BILLBOARD =================================== From: Mark Roberts Subject: Browser wars > It is simply irresponsible for anyone, including Microsoft, > to knowingly create HTML rendering code that does not enforce > the standard. If they think the standard is too strict, they should > work with the industry to modify the standard -- not simply ignore > it. - Bob Cavanagh, LED 1911 Amen!!!!! One of the questions I repeatedly get when teaching my ecommerce class is in relation to users reluctance to give CC info over the internet... even via secure server. I usually end my response with "....yes and these same people will go out to dinner and, without question, had their cc over to a 16 year old busboy who disappears with it for up to 10 minuets, and they never question it". go figure. Same principle works here. If Microsoft and other vendors came out with different versions of VB interpreters where code would work with one and not the other, people would be totally outraged. Yet with browser and HTML code... it doesn't seem to matter with these same people. What would happen if these same people moved into a new home and the outlets were configured differently and they had to replace all their applicances just to get them to work? Would that be ok? What would you do if you purchased a new Music CD only to find that it required you to purchase a different type of player just to listen to it? I refuse to be held hostage by people like Microsoft, just because they want to do things their way. I will write code that is industry standard. Believe me, if everyone did that and it stopped working in MS Browser, everyone would eventually stop using their browser and they would be forced to conform or get out of the business. But, alas, no. We will continue to jump through whatever hoops necessary so as not to anger Microsoft. After all, they rule. Mark Roberts Roberts Computing Systems http://www.robertscomputing.com ------- new post - new topic ------- From: Derek Andrews Subject: Copy theft I recently became aware of a site that blatantly copies text from websites. Weblinka.com passes itself off as a web directory, using basic data from DMOZ, so if you have a DMOZ listing you are probably listed here too. Clicking on listings takes you to a page of information which includes a 'text preview' of a substantial chunk of the home page of each site. This may be of some use to the visitor, but in my opinion it is just a means of creating a huge website on which to carry Adsense adverts and makybe make a few bucks. I am undecided whether to do anything about this. It is probably not going to hurt my business, but I don't see why anyone should derive Adsense revenue from my copyrighted material. Is it just me, or does anyone else think this is an unacceptable practice? Derek Andrews, woodturner http://www.seafoamwoodturning.com ------------------------------------------------------- The LED Digest is sponsored by pair Networks: pair.com for Hosting | pairNIC.com for Domains Copyright 1995-2004 Adam Audette. All Rights Reserved. ----------------------------------------------------------------- "Today is your day! Your mountain is waiting. So... get on your way." - Dr. Seuss |
