funsec mailing list archives

Re: Phishing Defense a Key Factor in eBay-VeriSign Deal

From: "Dr. Neal Krawetz" <hf () hackerfactor com>
Date: Wed, 12 Oct 2005 05:27:56 -0600 (MDT)

I cannot help to think that the eBay-VeriSign deal is going to
be really *bad* for the Internet in general.

eBay and PayPal has a long history of being non-responsive to
customer issues.
I'm sure Richard Smith can pull up news quotes faster than me :-)
Some of the basic issues are:

  - eBay doesn't help customers with account or services issues.

  - eBay doesn't help customers recover stolen accounts.
    (They recommend making a new account.)

  - PayPal won't use "stop payment" for unauthorized transfers.

  - eBay and PayPal went over a year with a known cookie exploit for
    hijacking accounts.  It's hard to say that they take security seriously.

  - Contact points for eBay and PayPal used to be virtually impossible to
    find.  And there were NO phone numbers.
    I guess you can say that one good thing has come from phishing:
    PayPal now lists phone numbers for help on their web site and
    in the WHOIS entry -- but they are international calls for people
    outside the USA.  (Yes, eBay is still a black hole.)

And I'm sure there are more issues...

Now, considering that VeriSign is a gTLD provider (generic Top Level Domain,
for those non-DNS folks) and manages all .COM and .NET domains...
Imagine the horror of a domain hijacking!
You won't be able to call a 24/7 support center, and their email reply
(three days later) says, "We're sorry, you're going to need to register
a new domain.  Via PayPal."

I can also envision a strong push for a ".paypal" and ".ebay" gTLD.
Hmmm... "www.bankone.paypal"!

I wonder if we can petition ICANN to yank the .COM and .NET from
VeriSign and assign it to someone like GoDaddy.  (At least I have had
good experiences with GoDaddy -- they are responsive.)

                                        -Neal
--
Neal Krawetz, Ph.D.
Hacker Factor Solutions
http://www.hackerfactor.com/

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Phishing Defense a Key Factor in eBay-VeriSign Deal Fergie (Paul Ferguson) (Oct 11)
- <Possible follow-ups>
- Re: Phishing Defense a Key Factor in eBay-VeriSign Deal Dr. Neal Krawetz (Oct 12)
  - Re: Re: Phishing Defense a Key Factor in eBay-VeriSign Deal Florian Weimer (Oct 12)
    - Re: Re: Phishing Defense a Key Factor in eBay-VeriSign Deal Mark P. Fister (Oct 12)
  - Re: Re: Phishing Defense a Key Factor in eBay-VeriSign Deal Mark P. Fister (Oct 12)