Home |
Search |
Today's Posts |
#1
|
|||
|
|||
Ebay Scam
I am naturally suspicious of Ebay ads that require you to register to bid.
One such ad I think I had killed today had a user who had 177 positive transactions or so, and the guy said he was selling a Tube U47 for a $4000 buy it now! Wow! And "Only used twice" he said by email - hmmm. It was strange that all the username's previous transactions were for toys and dolls, not pro audio. Also the user was registered in the US but this guy wanted a wire transfer to him in Greece (he would send the mic and when I got the shipping number, I should wire him the money.) This just smelled pretty bad to me, so I talked to ebay. Well, apparently some users don't put the proper protections in place on their accounts, and then scammers get into their accounts and change the addresses etc to run their game on others using the other person's ebay identity. As of now that ad is pulled from ebay, apparently this was the case here. So be careful all. Will Miho NY Music & TV Audio Guy Off the Morning Show! & sleepin' In... / Fox News "The large print giveth and the small print taketh away..." Tom Waits |
#2
|
|||
|
|||
Ebay Scam
|
#3
|
|||
|
|||
Ebay Scam
Hey Will, I had an interesting experience, which I documented in an Mp3
called "Gear Pimp Theater" I think you might get a laugh or two. It's lees trhan a meg so..........up 2 U! Let me know, Tom "WillStG" wrote in message ... I am naturally suspicious of Ebay ads that require you to register to bid. One such ad I think I had killed today had a user who had 177 positive transactions or so, and the guy said he was selling a Tube U47 for a $4000 buy it now! Wow! And "Only used twice" he said by email - hmmm. It was strange that all the username's previous transactions were for toys and dolls, not pro audio. Also the user was registered in the US but this guy wanted a wire transfer to him in Greece (he would send the mic and when I got the shipping number, I should wire him the money.) This just smelled pretty bad to me, so I talked to ebay. Well, apparently some users don't put the proper protections in place on their accounts, and then scammers get into their accounts and change the addresses etc to run their game on others using the other person's ebay identity. As of now that ad is pulled from ebay, apparently this was the case here. So be careful all. Will Miho NY Music & TV Audio Guy Off the Morning Show! & sleepin' In... / Fox News "The large print giveth and the small print taketh away..." Tom Waits |
#4
|
|||
|
|||
Ebay Scam
Tommy B wrote:
Hey Will, I had an interesting experience, which I documented in an Mp3 called "Gear Pimp Theater" I think you might get a laugh or two. It's lees trhan a meg so..........up 2 U! Let me know, Tom Hey Tommy, i would be interested in hearing it, if you want to email it to me, or tell me where I can download it. Thanks, eric |
#5
|
|||
|
|||
Ebay Scam
Will Miho wrote:
Well, apparently some users don't put the proper protections in place on their accounts, and then scammers get into their accounts and change the addresses etc to run their game on others using the other person's ebay identity. That happened to me about a year ago--someone obtained my eBay password and hijacked my account. They put two Apple computers up for sale with all the fanciest, most expensive listing options you can have. The $200+ listing fees would have gone onto my credit card, and the bad customer feedback (assuming that the guy would simply have kept the payment and shipped no goods) would have gone onto my account. [begin digression] Or maybe it was like a certain old friend we have on this newsgroup who almost never makes a sale via the legitimate auction process--for which he would have to pay a percentage to eBay. He sets his asking price so high that mostly no one ever bids. Of course if some sucker is willing to pay his ridiculous asking prices, he makes a tidy profit. But mostly people contact him to make deals behind eBay's back. When that happens, the eBay feedback system offers the buyer no protection, of course. The trick for an out-and-out criminal using this technique is that the different would-be buyers can't tell that the others exist. One ad can bring in any number of people willing to send you their money in search of a bargain on some coveted item. (The moral of that story is simple: never contact a seller you don't know to try to arrange a "side deal." If people could only resist doing that, this whole type of fraud would dry up overnight.) [end digression] I detected the breach the next morning, and eBay set things right again within a day--but I no longer use that account name and password, I can assure you! My stepson had an identity theft incident last year as well, which cost him a great deal of time and anxiety and nearly ruined his credit rating. [and now a second digression, but informative rather than speculative] A few summers ago I worked as a programmer for a Web portal that required people to register with user names and passwords. Any number of us there had access to the password and personal information of everyone who had ever registered. Had we wished to, with that information we could have hacked many people's other on-line accounts and done a lot of damage. I have gotten to the point where I no longer am willing to set up new on-line accounts, because to do so I would either have to use a password that's the same as one that I'm already using elsewhere, or else keep a list somewhere of all my accounts and separate passwords for each one. I figure that this is how someone was able to guess my eBay password, since it was a word that otherwise, you'd have to know me rather well to guess that I might be using it--but I was using it for several other on-line accounts that I had, too. [attempt at a rational conclusion] To my surprise, I actually think that Microsoft has the right idea with their "Passport" system: Web authentication should be a Web service in which each user has to set up and maintain only one account, rather than registering individually with each place where we want to do business. |
#6
|
|||
|
|||
Ebay Scam
|
#7
|
|||
|
|||
Ebay Scam
There are more than a few scammers out there. Look out for people trying to say
they are selling Crane Song stuff. Serial #s can be checked through Crane Song themselves. The standard MO seems to be to set up an Ebay account with no previous sales or feedback then make up some story about why that is, then close the auction early and email bidders after the fact to try to get them to send money orders. I am amazed at the temerity of these people. I guess its a numbers game. The more people you contact the better your chances are of findiung someone gullible enought to fall for it. Gary WillStG wrote: I am naturally suspicious of Ebay ads that require you to register to bid. One such ad I think I had killed today had a user who had 177 positive transactions or so, and the guy said he was selling a Tube U47 for a $4000 buy it now! Wow! And "Only used twice" he said by email - hmmm. It was strange that all the username's previous transactions were for toys and dolls, not pro audio. Also the user was registered in the US but this guy wanted a wire transfer to him in Greece (he would send the mic and when I got the shipping number, I should wire him the money.) This just smelled pretty bad to me, so I talked to ebay. Well, apparently some users don't put the proper protections in place on their accounts, and then scammers get into their accounts and change the addresses etc to run their game on others using the other person's ebay identity. As of now that ad is pulled from ebay, apparently this was the case here. So be careful all. Will Miho NY Music & TV Audio Guy Off the Morning Show! & sleepin' In... / Fox News "The large print giveth and the small print taketh away..." Tom Waits |
#8
|
|||
|
|||
Ebay Scam
Request the s/n or better yet don't buy unless there is a picture of the s/n
on the unit... helps to avoid stolen property. Also avoid people with free email addresses, a paid email address at least the provider has a billing address. And as mentioned by others see if they have feedback for similar items in the past.. Rgds: Eric |
#9
|
|||
|
|||
Ebay Scam
David Satz wrote:
That happened to me about a year ago--someone obtained my eBay password and hijacked my account. Well, if they don't have a https:// prefix on the page you enter your password in, then you might as well post in in an ad in the NY Times, because it will be readable to anyone that happen to have a sniffer running on the path of the internet-transmission. A few summers ago I worked as a programmer for a Web portal that required people to register with user names and passwords. Any number of us there had access to the password and personal information of everyone who had ever registered. Had we wished to, with that information we could have hacked many people's other on-line accounts and done a lot of damage. One of the nicer aspects of the windows way of doing things is that passwords are by design not humanly readable. I didn't say that cracking tools do not exist, but it is not "at a glance". To my surprise, I actually think that Microsoft has the right idea with their "Passport" system: Web authentication should be a Web service in which each user has to set up and maintain only one account, rather than registering individually with each place where we want to do business. It is less bad than having systems transmitting and storing passwords in clear text, strangly *ix systems I know of on the internet seem to favour that. Kind regards Peter Larsen -- ************************************************** *********** * My site is at: http://www.muyiovatki.dk * ************************************************** *********** |
#11
|
|||
|
|||
Ebay Scam
|
#12
|
|||
|
|||
Ebay Scam
In article znr1071098942k@trad, Mike Rivers wrote:
Just how prevalent is this? Where is the "path" and how easy is it for someone to connect a sniffer? I suppose someone could go to the neighborhood telephone box down the street, go along the pairs with a lineman's handset until he finds a modem carrier, bridge a modem across the line, and sniff away. Or someone at the ISP could sniff a line coming into the great computer in the sky. But really, what's my chances of being "sniffed", as opposed to some dishonest person working in what should be a trusted environment going where he's not suppoed to go and reading data? If you're on a dialup line, and you trust your ISP (and I assure you that the people at many ISPs are not trustworthy) and you trust the MSP that your ISP gets service from, and the MSP they talk to to get to the ISP at the other end, you're fine. Kevin Mitnick posting the credit card numbers of all the Netcom users to Usenet is probably a good indication of the state of security at a lot of large ISPs, even today. If you're on a cable modem or a wireless connection, though, anyone in the neighborhood could be snooping in. --scott -- "C'est un Nagra. C'est suisse, et tres, tres precis." |
#13
|
|||
|
|||
Ebay Scam
Scott Dorsey wrote:
In article znr1071098942k@trad, Mike Rivers wrote: Just how prevalent is this? Where is the "path" and how easy is it for someone to connect a sniffer? I suppose someone could go to the neighborhood telephone box down the street, go along the pairs with a lineman's handset until he finds a modem carrier, bridge a modem across the line, and sniff away. Or someone at the ISP could sniff a line coming into the great computer in the sky. But really, what's my chances of being "sniffed", as opposed to some dishonest person working in what should be a trusted environment going where he's not suppoed to go and reading data? If you're on a dialup line, and you trust your ISP (and I assure you that the people at many ISPs are not trustworthy) and you trust the MSP that your ISP gets service from, and the MSP they talk to to get to the ISP at the other end, you're fine. If you're on a cable modem or a wireless connection, though, anyone in the neighborhood could be snooping in. Anyone who puts a credit card number into an unsecured web form or email is asking for trouble. But if you're using a secure webpage, you're pretty safe - your ISP won't be able to read it, and neither will your neighbors. The data is encrypted at the browser and stays encrypted until it reaches the server at the other end. You should of course activate encryption on your WiFi devices as well. And remember also that standard email is not encrypted, so never send a password or credit card number via email. |
#14
|
|||
|
|||
Ebay Scam
"Peter Larsen" wrote in message
... One of the nicer aspects of the windows way of doing things is that passwords are by design not humanly readable. I didn't say that cracking tools do not exist, but it is not "at a glance". I assume you're talking about digital signature technology, and yes, it should be a one time setup for everyone and, in fact, in this country has been passed by congress as being a viable technology to use for contracts and purchases, etc. Basically public key but the problem has always been who is going to be the top of the key distribution system. Here, I worked for two years with the Social Security Administration on developing 1024 bit public keys that eventually would be tied into a national ID type of situation, primarily because all American citizens need Social Security numbers in order to properly get paid for work. Somehow, after all that the United States Postal Service ended up with the project and I haven't heard squat about it in about 8 years now. That's one of the reasons, after my children left home, that I decided to get back into music, and recording specifically. At least with music projects I get to see an end to the project. With these long term government contracts I'd work on something for two to five years and then move to another contract, never seeing what actually got implemented. Not very satisfying in my view. Of course, here in the states, there's a ton of very rich and influential people who don't want cash to ever be phased out (for whatever purposes only cash could be used), so establishing a national ID, to which so many things like banking could be keyed, is probably not going to get off the ground for another presidential term or two. Surprising since Bush has pushed so hard for countries all over the world to be able to halt banking for terrorists, but then again, probably that's why terrorists use diamonds anyway. Personally I can see the advantages on a public key national ID, but I have to admit I just don't like the idea. Whatever CAN be abused WILL be abused. -- Roger W. Norman SirMusic Studio RAP FAQ and Purchase your copy of the Fifth of RAP CD set at www.recaudiopro.net. See how far $20 really goes. David Satz wrote: That happened to me about a year ago--someone obtained my eBay password and hijacked my account. Well, if they don't have a https:// prefix on the page you enter your password in, then you might as well post in in an ad in the NY Times, because it will be readable to anyone that happen to have a sniffer running on the path of the internet-transmission. A few summers ago I worked as a programmer for a Web portal that required people to register with user names and passwords. Any number of us there had access to the password and personal information of everyone who had ever registered. Had we wished to, with that information we could have hacked many people's other on-line accounts and done a lot of damage. To my surprise, I actually think that Microsoft has the right idea with their "Passport" system: Web authentication should be a Web service in which each user has to set up and maintain only one account, rather than registering individually with each place where we want to do business. It is less bad than having systems transmitting and storing passwords in clear text, strangly *ix systems I know of on the internet seem to favour that. Kind regards Peter Larsen -- ************************************************** *********** * My site is at: http://www.muyiovatki.dk * ************************************************** *********** |
#15
|
|||
|
|||
Ebay Scam
"Mike Rivers" wrote in message
news:znr1071098942k@trad... Just how prevalent is this? Where is the "path" and how easy is it for someone to connect a sniffer? That depends, Mike. For instance, there's a big push towards wireless networks because mom doesn't want new wires running through the house for a network. The problem is that anyone can sit outside on the street in their car and peruse your network, so running a sniffer on personal networks isn't that hard. In fact, there has been at least one news show here in DC where a network guru was driving down Constitution avenue and being able to get into government networks from his car. This was particularly discouraging for me because I designed the one network (1989) I saw him get in on, which was at the IRS. Now just how far he could get in, it's hard to tell, but I can tell you that it's extremely easy to read a network from a sniffer, and all you have to do is have access to that network to unobtrusively run one. Emails are in the clear until they hit a mail server, and a lot of times, even after that (talking about network mail servers, not ISP mail servers). Secured networks have secure email, but in order to translate email to outside systems via SMTP it has to be in the clear. -- Roger W. Norman SirMusic Studio RAP FAQ and Purchase your copy of the Fifth of RAP CD set at www.recaudiopro.net. See how far $20 really goes. In article writes: Well, if they don't have a https:// prefix on the page you enter your password in, then you might as well post in in an ad in the NY Times, because it will be readable to anyone that happen to have a sniffer running on the path of the internet-transmission. I suppose someone could go to the neighborhood telephone box down the street, go along the pairs with a lineman's handset until he finds a modem carrier, bridge a modem across the line, and sniff away. Or someone at the ISP could sniff a line coming into the great computer in the sky. But really, what's my chances of being "sniffed", as opposed to some dishonest person working in what should be a trusted environment going where he's not suppoed to go and reading data? -- I'm really Mike Rivers ) However, until the spam goes away or Hell freezes over, lots of IP addresses are blocked from this system. If you e-mail me and it bounces, use your secret decoder ring and reach me he double-m-eleven-double-zero at yahoo |
#16
|
|||
|
|||
Ebay Scam
|
#17
|
|||
|
|||
Ebay Scam
Mike Rivers wrote:
In article writes: That depends, Mike. For instance, there's a big push towards wireless networks because mom doesn't want new wires running through the house for a network. The problem is that anyone can sit outside on the street in their car and peruse your network, so running a sniffer on personal networks isn't that hard. True, and we read about these people in the Business section of the newspaper about once a month these days. But how many really are there? The answer is usually "enough so that you should be worried" but I'd like to know real numbers. How many have been caught? And what happens to them when they are caught? Also, what's the probability that someone will be sitting in my driveway with a laptop computer, recording my wireless network, at the exact moment that I'm typing a credit card number? As I pointed out the other day, that's an easy problem to avoid. The WiFi protocol supports both 64-bit and 128-bit encryption. All you have to do is to turn it on. You could be sitting in my driveway right now, but you wouldn't be able to see what I'm typing. |
#18
|
|||
|
|||
Ebay Scam
Peter Larsen wrote:
Well, if they don't have a https:// prefix on the page you enter your password in, then you might as well post in in an ad in the NY Times, because it will be readable to anyone that happen to have a sniffer running on the path of the internet-transmission. Can I just check one detail about this with you? I really don't see why it matters whether SSL (the "Secure Sockets Layer" protocol indicated by https: in a URL) is being used on the page that contains a form. If anyone is sniffing that page on its way in to my browser, all that they can see will be the empty controls. Instead, I think it is important is that the URL to which the information will be posted (usually via the submit button) begins with https://, no? Then the browser will encrypt your personal data so that it can't be read by a third party. The problem is, normally if you're about to type information into a form, you can't see what that target address for the "submit" button will be unless you read and parse the HTML source code for the page. Am I right? I think so. --best regards |
#19
|
|||
|
|||
Ebay Scam
ospam (WillStG) wrote in message ...
I am naturally suspicious of Ebay ads that require you to register to bid. One such ad I think I had killed today had a user who had 177 positive transactions or so, and the guy said he was selling a Tube U47 for a $4000 buy it now! Wow! And "Only used twice" he said by email - hmmm. It was strange that all the username's previous transactions were for toys and dolls, not pro audio. Also the user was registered in the US but this guy wanted a wire transfer to him in Greece (he would send the mic and when I got the shipping number, I should wire him the money.) This just smelled pretty bad to me, so I talked to ebay. Well, apparently some users don't put the proper protections in place on their accounts, and then scammers get into their accounts and change the addresses etc to run their game on others using the other person's ebay identity. As of now that ad is pulled from ebay, apparently this was the case here. So be careful all. Will Miho NY Music & TV Audio Guy Off the Morning Show! & sleepin' In... / Fox News "The large print giveth and the small print taketh away..." Tom Waits There's always a couple of fake Neves for sale. http://cgi.ebay.com/ws/eBayISAPI.dll...tegory=23 785 http://cgi.ebay.com/ws/eBayISAPI.dll...tegory=23 785 I guess that they must actually make money. Somebody really thinks that they're buying a 20x4 Neve 80 series for $13K from Singapore. |
#20
|
|||
|
|||
Ebay Scam
Mike Rivers wrote:
Well, if they don't have a https:// prefix on the page you enter your password in, then you might as well post in in an ad in the NY Times, because it will be readable to anyone that happen to have a sniffer running on the path of the internet-transmission. Just how prevalent is this? I don't loose sleep over this issue, but you might like to read up on http://www.grc.com. Where is the "path" The datapath goes from you to your ISP to the "information highway backbone". Simplified said it is possible to capture a copy of the traffic at every relay point. and how easy is it for someone to connect a sniffer? Ya can't catch fish if ya aint at the river. across the line, and sniff away. Or someone at the ISP could sniff a line coming into the great computer in the sky. Yes. But really, what's my chances of being "sniffed" The risk of a lil' fish in a large school, i. e. very small. The risk of someone looking for pairs of user id's and passwords without correlating them to any sender is somewhat larger. It is malpractice nowadays to configure a service that requires logon without also protecting the logon sequence via encryption. as opposed to some dishonest person working in what should be a trusted environment going where he's not suppoed to go and reading data? It is very bad system design to have a list of passwords that can be read as clear text. This at least is something that Microsoft did get right. And while we are at it, all email - yes all - is likely to be stored in logfiles on every single server it passes through for some years, possibly archived in backups. I'm really Mike Rivers ) Kind regards Peter Larsen -- ************************************************** *********** * My site is at: http://www.muyiovatki.dk * ************************************************** *********** |
#21
|
|||
|
|||
Ebay Scam
"Roger W. Norman" wrote:
"Peter Larsen" wrote in message ... One of the nicer aspects of the windows way of doing things is that passwords are by design not humanly readable. I didn't say that cracking tools do not exist, but it is not "at a glance". I assume you're talking about digital signature technology, No, I simply state the fact that windows does not store passwords in a form that is humanly readable by an operator. Cracking tools exist that can crack just about anything, but at least it is not simple. The unrelated comments were quite interesting, thanks. Roger W. Norman Kind regards Peter Larsen -- ************************************************** *********** * My site is at: http://www.muyiovatki.dk * ************************************************** *********** |
#22
|
|||
|
|||
Ebay Scam
David Satz wrote:
Instead, I think it is important is that the URL to which the information will be posted (usually via the submit button) begins with https://, no? Then the browser will encrypt your personal data so that it can't be read by a third party. Yes. And generally - yahoo does this very smoothly - the logon is via a secure site and once you are logged on, then it is back to cleartext. To read email that is transmitted as cleartext anyway it is OK. Am I right? I think so. You are. --best regards Kind regards Peter Larsen -- ************************************************** *********** * My site is at: http://www.muyiovatki.dk * ************************************************** *********** |
Reply |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Forum | |||
Ebay Scam Alert | Pro Audio | |||
EBay thief reveals tricks of the trade | Pro Audio | |||
Yet another eBay scam? Stolen ID? | Pro Audio | |||
studio-plus scam on eBay | Pro Audio |