Full Disclosure mailing list archives
SPAM, credit card numbers, what would you do?
From: ted klugman <tedklugman () yahoo com>
Date: Tue, 14 Oct 2003 09:48:40 -0700 (PDT)
So I get a piece of SPAM that advertises a "how to make money on eBay" book. For kicks, I go to the website (hosted in Asia, of course) (Aside -- the website includes a gimmick where if you "buy by midnight on (today's date), save 50%". Change the date on your PC, and the offer gets extended to THAT day) I check out the order form, which a) isn't secured with SSL, and b) submits the information to a different website. So I go there to muck around and see what there is (again, hosted in Asia) Lo and behold, I look at the root of said website, and I get a directory listing: submit.php orders.txt And as you can probably guess, orders.txt contains -- ORDERS. Names, addresses, phone numbers, and CREDIT CARD NUMBERS. Dozens of them. So I got to thinking... what should I do here? a) Nothing. It's not my problem. b) Notify the provider who hosts the submission page c) Send e-mails to all the morons who tried to buy this "product" (their e-mail addresses are readily available, next to their credit card numbers), letting them know that they are morons and this is why they shouldn't buy products advertised in SPAM. d) Something else I chose option a. What would you do? (What would Brian Boitano do?) __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- SPAM, credit card numbers, what would you do? ted klugman (Oct 14)
- Re: SPAM, credit card numbers, what would you do? Jonathan A. Zdziarski (Oct 14)
- Re: SPAM, credit card numbers, what would you do? Cael Abal (Oct 14)
- RE: SPAM, credit card numbers, what would you do? Poof (Oct 14)
- RE: SPAM, credit card numbers, what would you do? Curt Purdy (Oct 14)
- RE: SPAM, credit card numbers, what would you do? Jonathan A. Zdziarski (Oct 14)
- RE: SPAM, credit card numbers, what would you do? madsaxon (Oct 14)
- Re: SPAM, credit card numbers, what would you do? Jeremiah Cornelius (Oct 14)
- Re: SPAM, credit card numbers, what would you do? Jeremiah Cornelius (Oct 14)
- RE: SPAM, credit card numbers, what would you do? Poof (Oct 14)
- Re: SPAM, credit card numbers, what would you do? Ron DuFresne (Oct 14)
- Re: SPAM, credit card numbers, what would you do? Jeremiah Cornelius (Oct 14)