Re: A funny (but real) story for XMAS

[Ron DuFresne <dufresne () winternet com>]

None of this should be surprising, especially in the US where rivacy
issues are not well understood, nor is there great concern at present in
regards to it.  When data bases of corporate giants can be hacked and
disclose private info of millions, and little fiallout follows, and even
governement entities can be struck the same way and again, little fallout
results, one small companies problems with private infomantion security
will not generate much backlash either.  Perhaps change will come when
those tasked with HIPPA regs are audited or get hacked and disclose their
information, perhaps...<shrug>

Thanks,

Ron DuFresne

On Mon, 15 Dec 2003, Tri Huynh wrote:

> Hi list,
>
> One day when I checked my email, I received many emails from a company named
> wickedservers.com (which is belong to another company called IOport
> Technologies, LLC).
> Here is one of their emails :
>
>
> " Your e-mail has been received. A ticketnumber has been created. Would you
> like
>  to correspond about this matter, please always use this ticketnumber in
> your subject field: [ts #26205]
>
> -------------------------------------------------------------------------
> If you have a problem with your server, please make sure you have specified
> the following
> information in your e-mail:
>
> - Server IP and port
> - FTP Username
> - Detailed information about the problem
>
> Without the first two, we cannot solve the issue. Please send the
> information in an email with subject [ts #26205].
>
> -------------------------------------------------------------------------
> If you have a problem, make sure you have tried the following:
>
> - server restart. This can be done via a RCON QUIT, or a ADMIN QUIT for most
> games. Correctly
> configured servers will return within 30 seconds.
>
> YOU CAN ALSO RESTART BY GOING TO HTTP://<SERVERIP>:20000
> LOGIN WITH FTP USER AND PASS
>
> - check the server logs when these are available (server.log or ucc.log).
> Information in these
> files can be valuable to solve a problem.
> - checked the forums at http://forum.gameservers.net. Most questions are
> already solved by others......blah blah blah"
>
> It looks like somebody using my email to register their service because I
> didn't register
> or even known such a service (I always have myself to be the victim so I can
> investigate
> cybercrime easily). By looking at the email, I could tell that the bad guy
> also generated a
> customer support request. I decided to go to the company website to contact
> their
> staff. One the website, they also supports "live help" under the form of
> chatting.
> And here is our conversation:
>
> ** You are now speaking with Gunner, Support. **
> Gunner : Hello
> trihuynh : hi
> trihuynh : my email is trihuynh () zeeup com
> trihuynh : and today i start receiving email form you guys
> trihuynh : but i don't know anything or register anything with your service
> trihuynh : i want to know what is going on
> Gunner : That was an e-mail glitch that is now corrected. Thank you for the
> notification.
> trihuynh : ????
> trihuynh : how comes my email receive your info ?
> trihuynh : is somebody using my personal info to register here ?
> Gunner : that I do not know
> trihuynh : can you check who is registered with the email:
> trihuynh () zeeup com
> Gunner : I don't have that information, sorry
> trihuynh : so what i should do now ?
> trihuynh : somebody uses my email to register here
> Gunner : The e-mail problem you mentioned was corrected.
> trihuynh : but...how can you guys have my emails ?
> Gunner : you will no longer get e-mails
> Gunner : that I do not know
> trihuynh : how can you do not know ?
> Gunner : Our mail server was compromised
> Gunner : and is now fixed
> Gunner : problem is gone
> Gunner : thank you
> trihuynh : i still don't understand though
> trihuynh : how can you have my email
> Gunner : that's go, all you need to know is it is now fixed
> Gunner : That's ok**
> trihuynh : what is the company address ?
> Gunner : it's on our website
>
> Your party has left this session. <---- He quits chatting with me
>
> It looks like this comapany doesn't give a damn about information
> privacy, and there is also a possibility that they are
> the spammers too. If you guys have have any info about this
> company, please contact trihuynh () zeeup com and i love
> to gather more evidences about their privacy malpractices.
>
> Trihuynh
> Sentryunion
>
> "Join www.osvdb.org to make a better non-corporated vulnerability database
> since
> CERT sucks ! "
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html