-------- Original Message -------- Subject: Reminder - SSL Certificate for *.startcom.org expires in 10 Days Date: Sun, 21 Dec 2008 23:59:39 GMT From: Certstar <supp...@certstar.com>
Reply-To: supp...@certstar.com To: webmas...@startcom.org
Dear Webmaster,
*** Expire Notice for SSL Certificate issued to *.startcom.org ***
Your SSL certificate will expire in 10 Days! It is important that you purchase a new certificate to ensure that the security of your website or application is maintained. If you are not the webmaster please forward this message to the appropriate person in your organization.
Current Certificate: Cert Type.: Standard SSL (or similar) Valid from: 2008-01-01 Expires...: 2008-12-31 Hostname..: *.startcom.org
This email is sent as courtesy reminding you to replace your SSL certificate before it expires and does not indicate customer relationship. Replacing/renewal services for certificates are offered by a multiple providers we do however you will trust Certstar for your certificate needs.
If you require support or would like to discuss your options with a sales representative, please use the contact details below.
We respect that not all Internet users appreciate our reminders and ask you to reply to this is email with the word "remove" in the subject (leave message body intact) to be taken off our reminder list. This email was sent to you by Cerstar ApS a security firm providing secure socket layer related services in more than 180 countries.
> Has anybody an idea how to prevent those spam and scam attempts? I > already contacted Godaddy with an abuse complaint. What else?
Apparently this site is connected to Comodo. I went all the way and paid for a certificate in order to find out who is responsible for this scam. I'm contacting the reps from Comodo, contacted Paypal which they also use for payment processing, Entrust which issued their site certificate, Godaddy which sold the domain.
> On 12/22/2008 02:09 AM, Eddy Nigg: >> Has anybody an idea how to prevent those spam and scam attempts? I >> already contacted Godaddy with an abuse complaint. What else?
> Apparently this site is connected to Comodo. I went all the way and > paid for a certificate in order to find out who is responsible for > this scam. I'm contacting the reps from Comodo, contacted Paypal > which they also use for payment processing, Entrust which issued > their site certificate, Godaddy which sold the domain.
Eddy,
Can you provide us a little more background here as to what you just experienced?
>> On 12/22/2008 02:09 AM, Eddy Nigg: >>> Has anybody an idea how to prevent those spam and scam attempts? I >>> already contacted Godaddy with an abuse complaint. What else?
>> Apparently this site is connected to Comodo. I went all the way and >> paid for a certificate in order to find out who is responsible for >> this scam. I'm contacting the reps from Comodo, contacted Paypal which >> they also use for payment processing, Entrust which issued their site >> certificate, Godaddy which sold the domain.
> Eddy,
> Can you provide us a little more background here as to what you just > experienced?
I received today the email which I forwarded to the list. Apparently they operate a robot scanning for secured sites and send a "reminder" message prior to expiration of the certificate, pretending and resembling our own messages which we send out to our own legitimate users and customers.
The email is clearly an attempt to trick our customers and that of others believing that they have to renew their certificate (which I received exactly 10 days before expiration of the installed certificate) and by clicking at the link. The name certstart.com resembles that of our own sites cert.startcom.org and startssl.com.
Once using the link, the site lists the domain name and pretended further to renew the SSL certificate for domain startcom.org.
I tried to find out who is behind this scam, but nowhere is the CA listed. The site itself is secured by an Equifax certificate. So I went all the way through, registered * and ordered one of their certs for our domain, paid via Paypal and received a shiny certificate for 45 US$ from Comodo. I retained all evidences of the emails, screen shots, Paypal payments, certificates, etc.
I contacted all parties involved including my contact at Comodo. I also had contact with the operator of this site himself and requested immediate cessation of all activities including the web site itself.
* During "Renewal" the site requests "New username", further giving the impression as if one already had previously a username.
On Sun, Dec 21, 2008 at 6:43 PM, Eddy Nigg <eddy_n...@startcom.org> wrote: > On 12/22/2008 04:15 AM, Gen Kanai: >> Eddy,
>> Can you provide us a little more background here as to what you just >> experienced?
> I tried to find out who is behind this scam, but nowhere is the CA listed. > The site itself is secured by an Equifax certificate. So I went all the way > through, registered * and ordered one of their certs for our domain, paid > via Paypal and received a shiny certificate for 45 US$ from Comodo. I > retained all evidences of the emails, screen shots, Paypal payments, > certificates, etc.
> I contacted all parties involved including my contact at Comodo. I also had > contact with the operator of this site himself and requested immediate > cessation of all activities including the web site itself.
Why does it matter? We've already seen that the former CEO of the Mozilla Corporation won't remove anything from the cert store, even if there are valid complaints against the CA's business or trust.
> On Sun, Dec 21, 2008 at 6:43 PM, Eddy Nigg<eddy_n...@startcom.org> wrote: >> On 12/22/2008 04:15 AM, Gen Kanai: >>> Eddy,
>>> Can you provide us a little more background here as to what you just >>> experienced?
>> I tried to find out who is behind this scam, but nowhere is the CA listed. >> The site itself is secured by an Equifax certificate. So I went all the way >> through, registered * and ordered one of their certs for our domain, paid >> via Paypal and received a shiny certificate for 45 US$ from Comodo. I >> retained all evidences of the emails, screen shots, Paypal payments, >> certificates, etc.
>> I contacted all parties involved including my contact at Comodo. I also had >> contact with the operator of this site himself and requested immediate >> cessation of all activities including the web site itself.
> Why does it matter? We've already seen that the former CEO of the > Mozilla Corporation won't remove anything from the cert store, even if > there are valid complaints against the CA's business or trust.
Not sure if this is a reason to disable a root, but it's certainly illegal business practice. Hopefully we can settle this with Comodo directly in appropriate manner.
> Not sure if this is a reason to disable a root, but it's certainly > illegal business practice. Hopefully we can settle this with Comodo > directly in appropriate manner.
Seems like the business is in Denmark, and claims Danish law and courts. Which law are you claiming is breached? Just curious...
> On 22/12/08 04:16, Eddy Nigg wrote: >> Not sure if this is a reason to disable a root, but it's certainly >> illegal business practice. Hopefully we can settle this with Comodo >> directly in appropriate manner.
> Seems like the business is in Denmark, and claims Danish law and courts. > Which law are you claiming is breached? Just curious...
Unfortunately I can't comment any further on this matter what legal issues concerns...
