Re: yahoo id hacker - order from is hacker safe!

["Dr. Neal Krawetz" <hf () hackerfactor com>]

On Mon Jun  4 15:00:49 2007, John LaCour wrote:
> It's good to know when you want to give your credit card info to a web
> site that hacks yahoo ids for you, you can trust their security
> because they're certified 'Hacker Safe'.
>
>
> Hacker Safe web order form:
>
> http://secure.yahooidhacker.com/
>
>
> It looks like the misappropriated the HackerSafe image from another web site.
>
>
> -John

Ok -- that is pretty funny.
Too bad they didn't fake the hyperlink that should be there.

For example:
http://www.sportsauthority.com/home/index.jsp really uses the hacker safe
service.  Their "Hacker Safe" icon has a link to:
  https://www.scanalert.com/RatingVerify?ref=www.thesportsauthority.com
Now you know they are at least validated by ScanAlert.

Or perhaps the company should be "Scam Alert"?
If you put in an unauthenticated URL, they don't tell you it is a fraud!
The validation link:
  https://www.scanalert.com/RatingVerify?ref=secure.yahooidhacker.com
just redirects to the scanalert.com homepage.  Nothing tells you it is not
verifiable!

Either way... the folks at yahoidhacker.com could have done a much better
job faking their authentication links.  They could have at least used a
hyperlink to scanalert since the redirect doesn't expose them as risky.
I give them a 'B' for humor, but a 'C-' for completeness.
(And I give ScanAlert a "D+" for actually alerting people.  If the site is
valid, then they tell you.  If the site is not valid, then they don't.)

                                        -Neal
--
Neal Krawetz, Ph.D.
Hacker Factor Solutions
http://www.hackerfactor.com/
Author of "Introduction to Network Security" (Charles River Media, 2006)
and "Hacking Ubuntu" (Wiley, 2007)

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.