funsec mailing list archives
Re: Phishing Defense a Key Factor in eBay-VeriSign Deal
From: "Dr. Neal Krawetz" <hf () hackerfactor com>
Date: Wed, 12 Oct 2005 05:27:56 -0600 (MDT)
I cannot help to think that the eBay-VeriSign deal is going to be really *bad* for the Internet in general. eBay and PayPal has a long history of being non-responsive to customer issues. I'm sure Richard Smith can pull up news quotes faster than me :-) Some of the basic issues are: - eBay doesn't help customers with account or services issues. - eBay doesn't help customers recover stolen accounts. (They recommend making a new account.) - PayPal won't use "stop payment" for unauthorized transfers. - eBay and PayPal went over a year with a known cookie exploit for hijacking accounts. It's hard to say that they take security seriously. - Contact points for eBay and PayPal used to be virtually impossible to find. And there were NO phone numbers. I guess you can say that one good thing has come from phishing: PayPal now lists phone numbers for help on their web site and in the WHOIS entry -- but they are international calls for people outside the USA. (Yes, eBay is still a black hole.) And I'm sure there are more issues... Now, considering that VeriSign is a gTLD provider (generic Top Level Domain, for those non-DNS folks) and manages all .COM and .NET domains... Imagine the horror of a domain hijacking! You won't be able to call a 24/7 support center, and their email reply (three days later) says, "We're sorry, you're going to need to register a new domain. Via PayPal." I can also envision a strong push for a ".paypal" and ".ebay" gTLD. Hmmm... "www.bankone.paypal"! I wonder if we can petition ICANN to yank the .COM and .NET from VeriSign and assign it to someone like GoDaddy. (At least I have had good experiences with GoDaddy -- they are responsive.) -Neal -- Neal Krawetz, Ph.D. Hacker Factor Solutions http://www.hackerfactor.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Phishing Defense a Key Factor in eBay-VeriSign Deal Fergie (Paul Ferguson) (Oct 11)
- <Possible follow-ups>
- Re: Phishing Defense a Key Factor in eBay-VeriSign Deal Dr. Neal Krawetz (Oct 12)
- Re: Re: Phishing Defense a Key Factor in eBay-VeriSign Deal Florian Weimer (Oct 12)
- Re: Re: Phishing Defense a Key Factor in eBay-VeriSign Deal Mark P. Fister (Oct 12)
- Re: Re: Phishing Defense a Key Factor in eBay-VeriSign Deal Mark P. Fister (Oct 12)
- Re: Re: Phishing Defense a Key Factor in eBay-VeriSign Deal Florian Weimer (Oct 12)