Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

OT; IP address?

2 views
Skip to first unread message

The Medway Handyman

unread,
Nov 23, 2009, 3:08:50 PM11/23/09
to
Some scumbag has tried to change my E Bay account details.

I have the IP address and the ISP host numbers, how do I find who it is, and
to whom do I report them?


--
Dave - The Medway Handyman
www.medwayhandyman.co.uk


Tim W

unread,
Nov 23, 2009, 3:18:36 PM11/23/09
to
The Medway Handyman <davi...@nospamblueyonder.co.uk>
wibbled on Monday 23 November 2009 20:08

> Some scumbag has tried to change my E Bay account details.
>
> I have the IP address and the ISP host numbers, how do I find who it is,
> and to whom do I report them?
>
>

whois IPADDRESS

(that's a unix/linux command - may or may not exist on Windows)

or

http://www.dnsstuff.com/

Stick it in the IP box down the bottom right. It may not do any good - you
might just get a large block range owned by AOL or somesuch. But if you get
a University, chances of administering a bollocking is much better.

--
Tim Watts

This space intentionally left blank...

Ash

unread,
Nov 23, 2009, 3:20:56 PM11/23/09
to

"The Medway Handyman" <davi...@nospamblueyonder.co.uk> wrote in message
news:mZBOm.7984$Ym4....@text.news.virginmedia.com...

> Some scumbag has tried to change my E Bay account details.
>
> I have the IP address and the ISP host numbers, how do I find who it is,
> and to whom do I report them?
>


Erm ... eBay ?


The Medway Handyman

unread,
Nov 23, 2009, 3:35:09 PM11/23/09
to

TBH they don't seem to give a sh*t.

BTDT - diddn't get a tee shirt.

Ash

unread,
Nov 23, 2009, 3:49:36 PM11/23/09
to
>> Erm ... eBay ?
>
> TBH they don't seem to give a sh*t.
>
> BTDT - diddn't get a tee shirt.
>

Strange .. they've always been really helpful when I've needed to contact
them ... have you tried contacting them via
http://pages.ebay.co.uk/help/account/securing-account.html ?


Andrew Gabriel

unread,
Nov 23, 2009, 4:01:33 PM11/23/09
to
In article <1mCOm.7991$Ym4...@text.news.virginmedia.com>,

"The Medway Handyman" <davi...@nospamblueyonder.co.uk> writes:
> Ash wrote:
>> "The Medway Handyman" <davi...@nospamblueyonder.co.uk> wrote in
>> message news:mZBOm.7984$Ym4....@text.news.virginmedia.com...
>>> Some scumbag has tried to change my E Bay account details.
>>>
>>> I have the IP address and the ISP host numbers, how do I find who it
>>> is, and to whom do I report them?
>>>
>>
>>
>> Erm ... eBay ?
>
> TBH they don't seem to give a sh*t.

Frankly, if they didn't give a shit, no one else will either.
Don't waste your time any further.

--
Andrew Gabriel
[email address is not usable -- followup in the newsgroup]

Ash

unread,
Nov 23, 2009, 4:06:05 PM11/23/09
to
>> Erm ... eBay ?
>
> TBH they don't seem to give a sh*t.
>
> BTDT - diddn't get a tee shirt.
>

Have you tried the Directgov website for help, advice and reporting Identity
Theft?

http://www.direct.gov.uk/en/MoneyTaxAndBenefits/ManagingMoney/KeepingYourMoneySecure/DG_10035798


fred

unread,
Nov 23, 2009, 4:33:06 PM11/23/09
to
In article <1mCOm.7991$Ym4...@text.news.virginmedia.com>, The Medway
Handyman <davi...@nospamblueyonder.co.uk> writes
>Ash wrote:
>> "The Medway Handyman" <davi...@nospamblueyonder.co.uk> wrote in
>> message news:mZBOm.7984$Ym4....@text.news.virginmedia.com...
>>> Some scumbag has tried to change my E Bay account details.
>>>
>>> I have the IP address and the ISP host numbers, how do I find who it
>>> is, and to whom do I report them?
>>>
>>
>>
>> Erm ... eBay ?
>
>TBH they don't seem to give a sh*t.
>
>BTDT - diddn't get a tee shirt.
>
Their ISP is really the only one who can make their life difficult and a
well worded complaint should, depending on the ISP, give the guy a
fright at least.

Are you sure of your information on the IP address and do you have the
time of the attempt from some verifiable source?
--
fred
BBC3, ITV2/3/4, channels going to the DOGs

Andy Champ

unread,
Nov 23, 2009, 4:50:25 PM11/23/09
to
The Medway Handyman wrote:
> Some scumbag has tried to change my E Bay account details.
>
> I have the IP address and the ISP host numbers, how do I find who it is, and
> to whom do I report them?
>
>
Start here

http://www.geektools.com/whois.php

If address in China stop.

Andy

gazz

unread,
Nov 23, 2009, 5:06:29 PM11/23/09
to
"Andy Champ" <no....@nospam.invalid> wrote in message
news:8dWdnQgwnPc_npbW...@eclipse.net.uk...

> The Medway Handyman wrote:
>> Some scumbag has tried to change my E Bay account details.
>>
>> I have the IP address and the ISP host numbers, how do I find who it is,
>> and to whom do I report them?

as others have said, if it's a spotty teenager at his mummys house having a
go at hacking whilst reloading for another wanking session over laura croft,
not much can be done really, if he's serious about hacking he'll have munged
his ip addy, be on someone elses wifi connection, or an isp that dosent give
a feck about complaints.

if he's a student doing it from uni, or work, then you can get him,

i had a problem years ago when an exGF decided to spam a forum i had on my
personal website, she added a few death threats for good measure, a quick
search from the logs showed the ip addy to be from the university she worked
at, it even resolved it to the department she worked in so i knew it was
her, i managed to get the phone numbers for the it tutor and everything from
the whois data.,

i posted that info on my forum, and apparantly a few of my friends decided
to phone the uni up and complain, a few sent letters of complaint about how
she was abusing and wasting the uni's resources and so on.

week later i got a message from her begging me to remove the info, as she
was going to loose her job if one more complaint came in about her, she left
me alone after that thank feck.

The Medway Handyman

unread,
Nov 23, 2009, 5:20:24 PM11/23/09
to

Tried that & http://www.geektools.com/whois.php

Trouble is, too much information, most of which I don't understand.

Would it be wise/acceptable to post the numbers here?

Andy Burns

unread,
Nov 23, 2009, 5:24:38 PM11/23/09
to
On 23/11/09 20:18, Tim W wrote:

> The Medway Handyman<davi...@nospamblueyonder.co.uk>
> wibbled on Monday 23 November 2009 20:08
>

>> I have the IP address and the ISP host numbers, how do I find who it is,
>> and to whom do I report them?
>
> whois IPADDRESS
>
> (that's a unix/linux command - may or may not exist on Windows)

It doesn't ... so instead feed the IP address into <http://who.is/>
but (directed to TMH) don't necessarily expect to trace a person from an
IP address.

fred

unread,
Nov 23, 2009, 5:31:59 PM11/23/09
to
In article <IUDOm.8032$Ym4....@text.news.virginmedia.com>, The Medway
Handyman <davi...@nospamblueyonder.co.uk> writes
>

>Tried that & http://www.geektools.com/whois.php
>
>Trouble is, too much information, most of which I don't understand.
>
>Would it be wise/acceptable to post the numbers here?
>
Yes, post all you have and the source of the information, it's useless
without knowing where it came from and how reliable it is.

R.Clarke

unread,
Nov 23, 2009, 5:49:41 PM11/23/09
to

"gazz" <s...@m.con> wrote in message news:hef11i$2ch$1...@news.eternal-september.org...

> "Andy Champ" <no....@nospam.invalid> wrote in message
> news:8dWdnQgwnPc_npbW...@eclipse.net.uk...
>
> i had a problem years ago when an exGF decided to spam a forum i had on my
> personal website, she added a few death threats for good measure, a quick
> search from the logs showed the ip addy to be from the university she worked
> at, it even resolved it to the department she worked in so i knew it was
> her, i managed to get the phone numbers for the it tutor and everything from
> the whois data.,
>
> i posted that info on my forum, and apparantly a few of my friends decided
> to phone the uni up and complain, a few sent letters of complaint about how
> she was abusing and wasting the uni's resources and so on.


That was very big of you. Getting all your friends to write letters to your
ex-girl friend's employer in an effort to get her sacked. Just because she
said some nasty things about you on some web-forum or another.

If it wasn't for the fact that it's all a great big lie.

For your information sunshine, people in the real world such as employers don't
take a blind bit of notice of letters, or emails, or phone calls from what are
quite obviously, internet loonies trying to get even. They all go straight in the
bin.

While the fact that you seriously expect to be belived is even more laughable.

Robin

R.Clarke

unread,
Nov 23, 2009, 5:49:47 PM11/23/09
to

"Ash" <B...@bobsworld.co.uk> wrote in message
news:KeydncJXe9sDc5fW...@eclipse.net.uk...

Presumably eBay will already know as it was they who will have
supplied the OP with the IP and ISP info. By way of checking
whether the change of details actually came from him, or not.


Robin

>
>


Jules

unread,
Nov 23, 2009, 5:49:38 PM11/23/09
to
On Mon, 23 Nov 2009 22:06:29 +0000, gazz wrote:

> "Andy Champ" <no....@nospam.invalid> wrote in message
> news:8dWdnQgwnPc_npbW...@eclipse.net.uk...
>> The Medway Handyman wrote:
>>> Some scumbag has tried to change my E Bay account details.
>>>
>>> I have the IP address and the ISP host numbers, how do I find who it is,
>>> and to whom do I report them?
>
> as others have said, if it's a spotty teenager at his mummys house having a
> go at hacking whilst reloading for another wanking session over laura croft,
> not much can be done really

One would hope she gets a bath once in a while, poor girl.

> or an isp that dosent give a feck about complaints.

My money's on that one. OP might be able to get the name of the ISP which
owns the IP, but they'll probably do feck-all about it, if only because
they're probably drowning in complaints.


The Medway Handyman

unread,
Nov 23, 2009, 6:05:38 PM11/23/09
to
fred wrote:
> In article <IUDOm.8032$Ym4....@text.news.virginmedia.com>, The Medway
> Handyman <davi...@nospamblueyonder.co.uk> writes
>>
>> Tried that & http://www.geektools.com/whois.php
>>
>> Trouble is, too much information, most of which I don't understand.
>>
>> Would it be wise/acceptable to post the numbers here?
>>
> Yes, post all you have and the source of the information, it's useless
> without knowing where it came from and how reliable it is.

OK. I recieved a message from E Bay about a password change confirmation:-

"The password change request was made from:

a.. IP address: 77.96.243.253
b.. ISP host: 10.11.64.246 "

I subsequently discovered various address's, (inc Pay Pal) had been changed
to Dorset, Dublin, New York & Nigeria!

Tim W

unread,
Nov 23, 2009, 6:11:11 PM11/23/09
to
The Medway Handyman <davi...@nospamblueyonder.co.uk>
wibbled on Monday 23 November 2009 22:20

Yes, or email me at t...@doc.ic.ac.uk (home email in tatters this week,
rebuilding firewalls and routers and stuff since the move)

Harry Bloomfield

unread,
Nov 23, 2009, 6:13:14 PM11/23/09
to
The Medway Handyman expressed precisely :

Dave,

Can I ask have you at anytime clicked on a link in an email seeing to
have come from ebay or paypal and the page it has loaded has seemed to
look like the ebay login page?

In other words what is known as a phishing email?

--
Regards,
Harry (M1BYT) (L)
http://www.ukradioamateur.co.uk


Tim W

unread,
Nov 23, 2009, 6:19:07 PM11/23/09
to
The Medway Handyman <davi...@nospamblueyonder.co.uk>
wibbled on Monday 23 November 2009 23:05


> "The password change request was made from:
>
> a.. IP address: 77.96.243.253

This is the bit from whois that matters:

role: Telewest Broadband IP Network Services
address: Genesis Business Park
address: Albert Drive
address: Woking
address: Surrey UK
address: GU21 5RW
e-mail: ri...@telewest.net
remarks: To report abuse:
remarks: file an online case @
http://netreport.virginmedia.com/netreport

Summary - it's a TeleWest broadband customer and you can post an abuse
report at http://netreport.virginmedia.com/netreport

Though, I'd be surprised if they did anything.
I suspect, unless the police get involved, they only deal with the same
customer generating a mountain of complaints.

> b.. ISP host: 10.11.64.246 "
>

That's no use here - IP's beginning with 10.x.x.x, 192.168.x.x and (losely
but not strictly accurate) 172.16.x.x are private ranges that can never
legitimately appear on the public internet, so I'm guessing it's an
internal IP in TeleWest or ebay.



> I subsequently discovered various address's, (inc Pay Pal) had been
> changed to Dorset, Dublin, New York & Nigeria!
>

No surprise on teh last entry. Have you lost any dosh? More imprtantly, do
you have control of your ebay and paypal accounts again and have you set
new, hard, passwords?

Cheers

Tim

Tim W

unread,
Nov 23, 2009, 6:21:53 PM11/23/09
to
Andy Burns <usenet....@adslpipe.co.uk>
wibbled on Monday 23 November 2009 22:24

> On 23/11/09 20:18, Tim W wrote:
>
>> The Medway Handyman<davi...@nospamblueyonder.co.uk>
>> wibbled on Monday 23 November 2009 20:08
>>
>>> I have the IP address and the ISP host numbers, how do I find who it is,
>>> and to whom do I report them?
>>
>> whois IPADDRESS
>>
>> (that's a unix/linux command - may or may not exist on Windows)
>
> It doesn't ... so instead feed the IP address into <http://who.is/>

You can tell how often I boot Windows these days!

> but (directed to TMH) don't necessarily expect to trace a person from an
> IP address.

Indeed. I do have my own IPv4 block so you could trace me, for example. But
most customers get random IPs from their ISP, and the random IP can change
over time. In practice, given an IP and an accurate date/time, the ISP can
determine who it might be (subject to whether their local end net allows IP
spoofing or not).

The Medway Handyman

unread,
Nov 23, 2009, 6:23:10 PM11/23/09
to

Hard to tell Harry, I might well have done even though I'm of a suspicious
nature.

I get so many e mails from E Bay & Pay Pal I simply don't know which to
trust. As a result I rarely use either.

The Medway Handyman

unread,
Nov 23, 2009, 6:24:55 PM11/23/09
to

Thanks Tim. No dosh lost, all re set with passwords & questions Derren
Brown couldn't crack.

fred

unread,
Nov 23, 2009, 6:47:10 PM11/23/09
to
In article <hef59c$84t$1...@news.eternal-september.org>, Tim W
<t...@dionic.net> writes

>The Medway Handyman <davi...@nospamblueyonder.co.uk>
> wibbled on Monday 23 November 2009 23:05
>
>
>> "The password change request was made from:
>>
>> a.. IP address: 77.96.243.253
>
>This is the bit from whois that matters:
>
>role: Telewest Broadband IP Network Services
>address: Genesis Business Park
>address: Albert Drive
>address: Woking
>address: Surrey UK
>address: GU21 5RW
>e-mail: ri...@telewest.net
>remarks: To report abuse:
>remarks: file an online case @
>http://netreport.virginmedia.com/netreport
>
>Summary - it's a TeleWest broadband customer and you can post an abuse
>report at http://netreport.virginmedia.com/netreport
>
>Though, I'd be surprised if they did anything.
>I suspect, unless the police get involved, they only deal with the same
>customer generating a mountain of complaints.
>
If you don't complain then you can't expect things to get any better.
Similarly, if you don't report a crime then you can't expect it to be
resolved.

Keep it short, keep it sweet, keep it factual and you'd be surprised how
positively abuse departments respond.

Report the IP address and report the date and time of the attempt as the
time of the notification of the change email.

Bob Eager

unread,
Nov 23, 2009, 6:54:12 PM11/23/09
to
On Mon, 23 Nov 2009 23:19:07 +0000, Tim W wrote:

> That's no use here - IP's beginning with 10.x.x.x, 192.168.x.x and
> (losely but not strictly accurate) 172.16.x.x are private ranges that
> can never legitimately appear on the public internet, so I'm guessing
> it's an internal IP in TeleWest or ebay.

Purely as a matter of interest...why the rider on the 172.16.x.x range?
--
Use the BIG mirror service in the UK:
http://www.mirrorservice.org

Tim W

unread,
Nov 23, 2009, 7:06:08 PM11/23/09
to
Bob Eager <rd...@spamcop.net>
wibbled on Monday 23 November 2009 23:54

> On Mon, 23 Nov 2009 23:19:07 +0000, Tim W wrote:
>
>> That's no use here - IP's beginning with 10.x.x.x, 192.168.x.x and
>> (losely but not strictly accurate) 172.16.x.x are private ranges that
>> can never legitimately appear on the public internet, so I'm guessing
>> it's an internal IP in TeleWest or ebay.
>
> Purely as a matter of interest...why the rider on the 172.16.x.x range?

Only because it's a /12 so it should be 172.16-31.x.x. That's one range I
can never remember, other than I use 172.16.0.x as a local route between my
ADSL router and the firewall box. I had to Wikipedia it just to answer
you(!)

I like 10/8 - simple, short, large, easy to remember, so I tend to use that
for my internal net. I don't like 192.168.x.x because that tends to be the
default for all manner of widgets when they have their firmware/config
reset (despite DHCP).

I'm hopeless with memorising numbers - I'm going to have brainfailure when I
eventually configure my IPv6 block into everything... Due to Andrews and
Arnold being very helpful with my house move WRT to DSL, I seem to have a
merged collection of 3 IPv4 blocks, misc single addresses and two IPv6
blocks all routed to my line here.

Just sorting that out so I can relinquish the redundant ones...

OT: I like the new Shorewall firewall and it's ability to cross compile a
script. I used to run Shorewall on my OpenWRT router but it took >10minutes
to cope with a reload. The new one compiles happily on my laptop and the
resultant script needs no stuff other than iptables and friends and runs in
a few seconds :)

Mark

unread,
Nov 23, 2009, 7:10:23 PM11/23/09
to
The Medway Handyman wrote:

> fred wrote:
>> In article <IUDOm.8032$Ym4....@text.news.virginmedia.com>, The Medway
>> Handyman <davi...@nospamblueyonder.co.uk> writes
>>>
>>> Tried that & http://www.geektools.com/whois.php
>>>
>>> Trouble is, too much information, most of which I don't understand.
>>>
>>> Would it be wise/acceptable to post the numbers here?
>>>
>> Yes, post all you have and the source of the information, it's useless
>> without knowing where it came from and how reliable it is.
>
> OK. I recieved a message from E Bay about a password change
> confirmation:-
>
> "The password change request was made from:
>
> a.. IP address: 77.96.243.253
> b.. ISP host: 10.11.64.246 "
>

which resolves to a Virginmedia Gillingham UBR
so as a guess your Windows are compromised.�

Owain

unread,
Nov 23, 2009, 7:14:47 PM11/23/09
to
On 23 Nov, 23:19, Tim W wrote:
> > a.. IP address: 77.96.243.253
> This is the bit from whois that matters:
> role: Telewest Broadband IP Network Services
> Summary - it's a TeleWest broadband customer and you can post an abuse
> report athttp://netreport.virginmedia.com/netreport

Doing a tracert leads to
77-96-243-253.cable.ubr13.gill.blueyonder.co.uk

Not sure how helpful that is, gill.blueyonder appears to be more
internal Virginmedia domains.

Owain

The Medway Handyman

unread,
Nov 23, 2009, 7:19:58 PM11/23/09
to

Assuming that is the case - I have Norton 360 installed, how would it happen
& what can I do to stop it?

Dave Plowman (News)

unread,
Nov 23, 2009, 7:45:30 PM11/23/09
to
In article <yPEOm.8055$Ym4....@text.news.virginmedia.com>,

The Medway Handyman <davi...@nospamblueyonder.co.uk> wrote:
> > Can I ask have you at anytime clicked on a link in an email seeing to
> > have come from ebay or paypal and the page it has loaded has seemed to
> > look like the ebay login page?
> >
> > In other words what is known as a phishing email?

> Hard to tell Harry, I might well have done even though I'm of a
> suspicious nature.

> I get so many e mails from E Bay & Pay Pal I simply don't know which to
> trust. As a result I rarely use either.

Any idea how 'they' got your password?

--
*Stable Relationships Are For Horses. *

Dave Plowman da...@davenoise.co.uk London SW
To e-mail, change noise into sound.

Bob Eager

unread,
Nov 23, 2009, 7:47:31 PM11/23/09
to
On Tue, 24 Nov 2009 00:06:08 +0000, Tim W wrote:

> Bob Eager <rd...@spamcop.net>
> wibbled on Monday 23 November 2009 23:54
>
>> On Mon, 23 Nov 2009 23:19:07 +0000, Tim W wrote:
>>
>>> That's no use here - IP's beginning with 10.x.x.x, 192.168.x.x and
>>> (losely but not strictly accurate) 172.16.x.x are private ranges that
>>> can never legitimately appear on the public internet, so I'm guessing
>>> it's an internal IP in TeleWest or ebay.
>>
>> Purely as a matter of interest...why the rider on the 172.16.x.x range?
>
> Only because it's a /12 so it should be 172.16-31.x.x. That's one range
> I can never remember, other than I use 172.16.0.x as a local route
> between my ADSL router and the firewall box. I had to Wikipedia it just
> to answer you(!)

Ah, OK...I never use that range either.

> I like 10/8 - simple, short, large, easy to remember, so I tend to use
> that for my internal net. I don't like 192.168.x.x because that tends to
> be the default for all manner of widgets when they have their
> firmware/config reset (despite DHCP).

I use real IPs everywhere here at home so I don't go near the
192.168.xx.xx range anyway except on small test networks.

> I'm hopeless with memorising numbers - I'm going to have brainfailure
> when I eventually configure my IPv6 block into everything... Due to
> Andrews and Arnold being very helpful with my house move WRT to DSL, I
> seem to have a merged collection of 3 IPv4 blocks, misc single addresses
> and two IPv6 blocks all routed to my line here.

I just have two IP blocks from them...plus the IPv6 one, which I really
must get on with.

Theo Markettos

unread,
Nov 23, 2009, 9:07:27 PM11/23/09
to
Mark <Ma...@127.0.0.1> wrote:
> The Medway Handyman wrote:
>
> > "The password change request was made from:
> >
> > a.. IP address: 77.96.243.253
> > b.. ISP host: 10.11.64.246 "
> >
>
> which resolves to a Virginmedia Gillingham UBR
> so as a guess your Windows are compromised.?

Something along those lines. TMH is posting from
94.168.74.108 which is cpc2-gill16-2-0-cust619.basl.cable.virginmedia.com
and the password email is from:
77.96.243.253 which is 77-96-243-253.cable.ubr13.gill.blueyonder.co.uk

The former looks like an ex-NTL address in Gillingham, while the latter is
ex-Telewest in Gillingham. Or have Virgin Media renumbered ex-BY customers
into the namespace formerly occupied by NTL? Or is
basl.cable.virginmedia.com Basildon? Is there a big cable under the Thames
at that point?

Another thought for TMH... did you log in to your eBay account from anyone
else's computer? Or perhaps take your computer to someone else's network
connection?

Theo

The Medway Handyman

unread,
Nov 24, 2009, 3:31:00 AM11/24/09
to
Dave Plowman (News) wrote:
> In article <yPEOm.8055$Ym4....@text.news.virginmedia.com>,
> The Medway Handyman <davi...@nospamblueyonder.co.uk> wrote:
>>> Can I ask have you at anytime clicked on a link in an email seeing
>>> to have come from ebay or paypal and the page it has loaded has
>>> seemed to look like the ebay login page?
>>>
>>> In other words what is known as a phishing email?
>
>> Hard to tell Harry, I might well have done even though I'm of a
>> suspicious nature.
>
>> I get so many e mails from E Bay & Pay Pal I simply don't know which
>> to trust. As a result I rarely use either.
>
> Any idea how 'they' got your password?

Not a clue. Its not something you could guess either. Now changed to
something so obscure its ridiculous.

The Medway Handyman

unread,
Nov 24, 2009, 3:32:37 AM11/24/09
to

No to both.

Bruce

unread,
Nov 24, 2009, 4:25:25 AM11/24/09
to
On Mon, 23 Nov 2009 23:24:55 GMT, "The Medway Handyman"
<davi...@nospamblueyonder.co.uk> wrote:
>
>Thanks Tim. No dosh lost, all re set with passwords & questions Derren
>Brown couldn't crack.


But a keylogger would already have them. And that may have been how
it all happened in the first place. :-(

D.M.Chapman

unread,
Nov 24, 2009, 4:27:10 AM11/24/09
to
In article <50bef6d...@davenoise.co.uk>,

Dave Plowman (News) <da...@davenoise.co.uk> wrote:

>> I get so many e mails from E Bay & Pay Pal I simply don't know which to
>> trust. As a result I rarely use either.
>
>Any idea how 'they' got your password?

I'm suspicious of ebay "security".

My ebay account was compromised (loads of UGG boots advertised... didn't know
wtf they were until then :-))

I had a strong password (12chars, alphanumeric, mixed case and with specials)
and I never respond to phishing attacks (I've worked running email systems
for soooo long I long since gave in trusting any email).

Only use Macs to access the account, and they all scanned clean so I don't
think it was a keylogger/virus.

They told me they had had several cases of this and that I ought to change
my password. When questioned they got more and more defensive until they
stopped talking to me. 30 minutes or so after I reported it to them
ebay.co.uk was down for maintenaince for a while. Possibly a coincidence...

All the auctions were cancelled and all charges removed. Not had a problem
since (this was a couple of years ago)

I've been involved in enough computer security investigations to smell
something odd. Could all be a coincidence but...

Darren

Bruce

unread,
Nov 24, 2009, 4:37:18 AM11/24/09
to
On Tue, 24 Nov 2009 09:27:10 +0000 (UTC), dmc@puffin. (D.M.Chapman)
wrote:

>I'm suspicious of ebay "security".
>
>My ebay account was compromised (loads of UGG boots advertised... didn't know
>wtf they were until then :-))
>
>I had a strong password (12chars, alphanumeric, mixed case and with specials)
>and I never respond to phishing attacks (I've worked running email systems
>for soooo long I long since gave in trusting any email).
>
>Only use Macs to access the account, and they all scanned clean so I don't
>think it was a keylogger/virus.
>
>They told me they had had several cases of this and that I ought to change
>my password. When questioned they got more and more defensive until they
>stopped talking to me. 30 minutes or so after I reported it to them
>ebay.co.uk was down for maintenaince for a while. Possibly a coincidence...
>
>All the auctions were cancelled and all charges removed. Not had a problem
>since (this was a couple of years ago)
>
>I've been involved in enough computer security investigations to smell
>something odd. Could all be a coincidence but...


There is an assumption that eBay fraud is always carried out by people
outside the eBay organisation.

That may or may not be a valid assumption. ;-)

D.M.Chapman

unread,
Nov 24, 2009, 4:41:39 AM11/24/09
to
In article <a5l2yRB+7xCLFw35@y.z>, fred <n...@for.mail> wrote:
>>
>>customer generating a mountain of complaints.
>>
>If you don't complain then you can't expect things to get any better.
>Similarly, if you don't report a crime then you can't expect it to be
>resolved.
>
>Keep it short, keep it sweet, keep it factual and you'd be surprised how
>positively abuse departments respond.


As someone who receives abuse complaints from the internet, I fully
agree.

Short and to the point. Don't bother explaining the full story - just that
ebay report that this address was invovled in fraudulantly listing
items (or whatever).

Include *all* emails you have had from ebay about this - just because the
10.x.x.x addresses are meaningless on the internet doesn't mean they are
not handy to the abuse dept.

>Report the IP address and report the date and time of the attempt as the
>time of the notification of the change email.


Forward the email if possible - people rekeying or picking the important
bits from emails like this are generally a pain (let the abuse team work
out which bits are relevant).

Also, don't go on about how you have the worlds best antivirus program
or how you are fantastic at running large networks and understand security
as you've got 4 machines and once used linux - abuse depts don't care,
trust me :-)

Darren

D.M.Chapman

unread,
Nov 24, 2009, 4:43:49 AM11/24/09
to
In article <579b7ae3-edb0-451b...@e31g2000vbm.googlegroups.com>,

Owain <spuorg...@gowanhill.com> wrote:
>On 23 Nov, 23:19, Tim W wrote:
>> > a.. IP address: 77.96.243.253
>> This is the bit from whois that matters:
>> role: Telewest Broadband IP Network Services
>> Summary - it's a TeleWest broadband customer and you can post an abuse
>> report athttp://netreport.virginmedia.com/netreport
>
>Doing a tracert leads to
>77-96-243-253.cable.ubr13.gill.blueyonder.co.uk


Errr....

gill.blueyonder?

Gillingham?

Medway handyman - in Gillingham?....

Are your PCs completely clean Dave (full scan with decent upto date virus
scanner etc etc)?

Darren

Dave Plowman (News)

unread,
Nov 24, 2009, 5:38:58 AM11/24/09
to
In article <8RMOm.8098$Ym4....@text.news.virginmedia.com>,

The Medway Handyman <davi...@nospamblueyonder.co.uk> wrote:
> > Any idea how 'they' got your password?

> Not a clue. Its not something you could guess either. Now changed to
> something so obscure its ridiculous.

Probably makes no difference if they managed to find out your first one -
they could do the same with the new one.

--
*Who is this General Failure chap anyway - and why is he reading my HD? *

The Natural Philosopher

unread,
Nov 24, 2009, 5:48:54 AM11/24/09
to
and are you using unencrypted wireless in your house?

Thats the easiest one. Someone parks a van outside with a laptop, and
watches the keystrokes..then logs in as you, and off he goes.

Stuart Noble

unread,
Nov 24, 2009, 6:05:46 AM11/24/09
to

Similar to the banks in that respect then. I'm sure internal fraud is
the main problem, though it suits them to pedal the idea that the
customer has been careless or the victim of a cunning hacker in Belarus
or somewhere.
My partner and I have a joint card, but she only uses hers in
supermarkets and shops. I do all the online stuff, but it was her card
that was cloned. Go figure as they say

Clive George

unread,
Nov 24, 2009, 6:26:11 AM11/24/09
to
"The Natural Philosopher" <t...@invalid.invalid> wrote in message
news:hegdmm$nfv$1...@news.albasani.net...

> Thats the easiest one. Someone parks a van outside with a laptop, and
> watches the keystrokes..then logs in as you, and off he goes.

Any site taking a password is https these days, especially the likes of
ebay, so that's not going to work.

My money's on phishing.


Bruce

unread,
Nov 24, 2009, 6:43:19 AM11/24/09
to
On Tue, 24 Nov 2009 11:05:46 GMT, Stuart Noble
<stuart...@ntlworld.com> wrote:

>Bruce wrote:
>> There is an assumption that eBay fraud is always carried out by people
>> outside the eBay organisation.
>>
>> That may or may not be a valid assumption. ;-)
>
>Similar to the banks in that respect then. I'm sure internal fraud is
>the main problem, though it suits them to pedal the idea that the
>customer has been careless or the victim of a cunning hacker in Belarus
>or somewhere.
>My partner and I have a joint card, but she only uses hers in
>supermarkets and shops. I do all the online stuff, but it was her card
>that was cloned. Go figure as they say.


I have no idea how prevalent internal fraud is in banks, but in the
retail sector, it is reckoned that losses through staff pilferage are
on average several times higher than losses through shoplifting by
"customers".

Jules

unread,
Nov 24, 2009, 8:23:15 AM11/24/09
to

unless they're snooping on the signal between the keyboard and the
computer...

http://arstechnica.com/security/news/2008/10/beware-your-keyboard-may-be-tattling-on-your-typing.ars

</paranoia>

:-)

> My money's on phishing.

Yeah, mine too. There are folk out there who are very good at crafting the
emails so that they look genuine. I make sure I have my client set to show
HTML emails as plain text, which weeds out nearly all of the shit - and I
just ignore anything completely that looks like it's from a bank, ebay or
paypal.

cheers

Jules

Mark

unread,
Nov 24, 2009, 11:00:45 AM11/24/09
to
Theo Markettos wrote:

> Mark <Ma...@127.0.0.1> wrote:
>> The Medway Handyman wrote:
>>
>> > "The password change request was made from:
>> >
>> > a.. IP address: 77.96.243.253
>> > b.. ISP host: 10.11.64.246 "
>> >
>>
>> which resolves to a Virginmedia Gillingham UBR
>> so as a guess your Windows are compromised.?
>
> Something along those lines. TMH is posting from
> 94.168.74.108 which is cpc2-gill16-2-0-cust619.basl.cable.virginmedia.com
> and the password email is from:
> 77.96.243.253 which is 77-96-243-253.cable.ubr13.gill.blueyonder.co.uk
>
> The former looks like an ex-NTL address in Gillingham, while the latter is
> ex-Telewest in Gillingham. Or have Virgin Media renumbered ex-BY
> customers

in fact they are both the same, that VM ip range came with the Gill upgrade
earlier this year.

% Information related to '94.168.64.0 - 94.168.79.255'

inetnum: 94.168.64.0 - 94.168.79.255
netname: BBIGROWTH2009
descr: BROADBAND Gillingham
country: GB
Host : cpc2-gill16-2-0-cust619.basl.cable.virginmedia.com

inetnum: 77.96.242.0 - 77.96.243.255
netname: BROADBANDAUDIT
descr: BROADBAND BASI GILL-CMTS-13
country: GB
Host :77-96-243-253.cable.ubr13.gill.blueyonder.co.uk


in fact if you go back to 18 Jan 2009

news:069cl.21280$Sp5....@text.news.virginmedia.com
TMH was actually posting from the IP in question 77.96.243.253
make of that what you will!

-

ARWadsworth

unread,
Nov 24, 2009, 11:45:09 AM11/24/09
to

"R.Clarke" <Robin...@clara.net.uk> wrote in message
news:7n0hqjF...@mid.individual.net...
>
> "gazz" <s...@m.con> wrote in message
> news:hef11i$2ch$1...@news.eternal-september.org...
>> "Andy Champ" <no....@nospam.invalid> wrote in message
>> news:8dWdnQgwnPc_npbW...@eclipse.net.uk...
>>
>> i had a problem years ago when an exGF decided to spam a forum i had on
>> my
>> personal website, she added a few death threats for good measure, a quick
>> search from the logs showed the ip addy to be from the university she
>> worked
>> at, it even resolved it to the department she worked in so i knew it was
>> her, i managed to get the phone numbers for the it tutor and everything
>> from
>> the whois data.,
>>
>> i posted that info on my forum, and apparantly a few of my friends
>> decided
>> to phone the uni up and complain, a few sent letters of complaint about
>> how
>> she was abusing and wasting the uni's resources and so on.
>
>
> That was very big of you. Getting all your friends to write letters to
> your
> ex-girl friend's employer in an effort to get her sacked. Just because she
> said some nasty things about you on some web-forum or another.


> If it wasn't for the fact that it's all a great big lie.
>
> For your information sunshine, people in the real world such as employers
> don't
> take a blind bit of notice of letters, or emails, or phone calls from what
> are
> quite obviously, internet loonies trying to get even. They all go straight
> in the
> bin.

Most employers would not bin letters of complaint and ignore phone calls
complaining about a member of staff using a work computer to make death
threats.

Many firms also have a code of conduct that a member off staff has to follow
when not at work.


When I had a bunny boiler problem last year the Ward Sister was most
interested when I went to see her with all the relevant details. The bunny
boiler backed off after a warning by her boss.

Adam

Harry Bloomfield

unread,
Nov 24, 2009, 12:32:24 PM11/24/09
to
Dave Plowman (News) formulated the question :

> Any idea how 'they' got your password?

That's easy. You click on the link in the phishing email, which takes
you to a look-a-like ebay or paypal (or etc.) web site and of course
you then have to log in. The site isn't the genuine one, but a copy -
even the URL's are spoofed to appear like the genuine one. So you type
your login details in, which it stores and they then have full access
to your account.

Best thing is to change your passwords for both quickly, if they have
not already locked you out by changing the passwords, then try and let
both ebay and paypal know your accounts have been compromised.

--
Regards,
Harry (M1BYT) (L)
http://www.ukradioamateur.co.uk


Dave Plowman (News)

unread,
Nov 24, 2009, 1:02:05 PM11/24/09
to
In article <mn.c41c7d9b1b...@NOSPAM.tiscali.co.uk>,

Harry Bloomfield <harry...@NOSPAM.tiscali.co.uk> wrote:
> Dave Plowman (News) formulated the question :
> > Any idea how 'they' got your password?

> That's easy. You click on the link in the phishing email, which takes
> you to a look-a-like ebay or paypal (or etc.) web site and of course
> you then have to log in. The site isn't the genuine one, but a copy -
> even the URL's are spoofed to appear like the genuine one. So you type
> your login details in, which it stores and they then have full access
> to your account.

Only easy if you're foolish enough to respond to those sort of emails.
Even if you think them genuine, make your own way to the site - you'll be
contacted there if they need to.

> Best thing is to change your passwords for both quickly, if they have
> not already locked you out by changing the passwords, then try and let
> both ebay and paypal know your accounts have been compromised.

--
*I love cats...they taste just like chicken.

Tim

unread,
Nov 24, 2009, 1:15:32 PM11/24/09
to
Dave Plowman (News) wrote:
> In article <mn.c41c7d9b1b...@NOSPAM.tiscali.co.uk>,
> Harry Bloomfield <harry...@NOSPAM.tiscali.co.uk> wrote:
>> Dave Plowman (News) formulated the question :
>>> Any idea how 'they' got your password?
>
>> That's easy. You click on the link in the phishing email, which takes
>> you to a look-a-like ebay or paypal (or etc.) web site and of course
>> you then have to log in. The site isn't the genuine one, but a copy -
>> even the URL's are spoofed to appear like the genuine one. So you
>> type your login details in, which it stores and they then have full
>> access to your account.
>
> Only easy if you're foolish enough to respond to those sort of emails.

Well yes but TMH did say in an earlier message:

The Medway Handyman wrote:


> Harry Bloomfield wrote:
>>
>> Can I ask have you at anytime clicked on a link in an email seeing to
>> have come from ebay or paypal and the page it has loaded has seemed
>> to look like the ebay login page?
>>
>> In other words what is known as a phishing email?
>
> Hard to tell Harry, I might well have done even though I'm of a
> suspicious nature.
>
> I get so many e mails from E Bay & Pay Pal I simply don't know which
> to trust. As a result I rarely use either.

Tim

Grimly Curmudgeon

unread,
Nov 24, 2009, 1:31:09 PM11/24/09
to
We were somewhere around Barstow, on the edge of the desert, when the
drugs began to take hold. I remember "R.Clarke"
<Robin...@clara.net.uk> saying something like:

>For your information sunshine

Fuck off, Todger.

Nightjar

unread,
Nov 24, 2009, 2:03:30 PM11/24/09
to
The Medway Handyman wrote:
> Harry Bloomfield wrote:
>> The Medway Handyman expressed precisely :

>>> fred wrote:
>>>> In article <IUDOm.8032$Ym4....@text.news.virginmedia.com>, The
>>>> Medway Handyman <davi...@nospamblueyonder.co.uk> writes
>>>>> Tried that & http://www.geektools.com/whois.php
>>>>>
>>>>> Trouble is, too much information, most of which I don't understand.
>>>>>
>>>>> Would it be wise/acceptable to post the numbers here?
>>>>>
>>>> Yes, post all you have and the source of the information, it's
>>>> useless without knowing where it came from and how reliable it is.
>>> OK. I recieved a message from E Bay about a password change
>>> confirmation:- "The password change request was made from:

>>>
>>> a.. IP address: 77.96.243.253
>>> b.. ISP host: 10.11.64.246 "
>>>
>>> I subsequently discovered various address's, (inc Pay Pal) had been
>>> changed to Dorset, Dublin, New York & Nigeria!
>> Dave,

>>
>> Can I ask have you at anytime clicked on a link in an email seeing to
>> have come from ebay or paypal and the page it has loaded has seemed to
>> look like the ebay login page?
>>
>> In other words what is known as a phishing email?
>
> Hard to tell Harry, I might well have done even though I'm of a suspicious
> nature.
>
> I get so many e mails from E Bay & Pay Pal I simply don't know which to
> trust. As a result I rarely use either.

I've rarely used ebay, but ISTR that they provide an application that
will warn you if the site you are visiting is not a genuine ebay site.

Colin Bignell

The Medway Handyman

unread,
Nov 24, 2009, 2:37:23 PM11/24/09
to

Wot a keylogger?

The Medway Handyman

unread,
Nov 24, 2009, 2:39:13 PM11/24/09
to
D.M.Chapman wrote:
> In article
> <579b7ae3-edb0-451b...@e31g2000vbm.googlegroups.com>,
> Owain <spuorg...@gowanhill.com> wrote:
>> On 23 Nov, 23:19, Tim W wrote:
>>>> a.. IP address: 77.96.243.253
>>> This is the bit from whois that matters:
>>> role: Telewest Broadband IP Network Services
>>> Summary - it's a TeleWest broadband customer and you can post an
>>> abuse report athttp://netreport.virginmedia.com/netreport
>>
>> Doing a tracert leads to
>> 77-96-243-253.cable.ubr13.gill.blueyonder.co.uk
>
>
> Errr....
>
> gill.blueyonder?
>
> Gillingham?
>
> Medway handyman - in Gillingham?....

Gillingham is part of the Medway Towns, but I believe this to be Gillingham
Dorset.


>
> Are your PCs completely clean Dave (full scan with decent upto date
> virus scanner etc etc)?

AFAIK.

The Medway Handyman

unread,
Nov 24, 2009, 2:40:15 PM11/24/09
to
The Natural Philosopher wrote:
> D.M.Chapman wrote:
>> In article
>> <579b7ae3-edb0-451b...@e31g2000vbm.googlegroups.com>,
>> Owain <spuorg...@gowanhill.com> wrote:
>>> On 23 Nov, 23:19, Tim W wrote:
>>>>> a.. IP address: 77.96.243.253
>>>> This is the bit from whois that matters:
>>>> role: Telewest Broadband IP Network Services
>>>> Summary - it's a TeleWest broadband customer and you can post an
>>>> abuse report athttp://netreport.virginmedia.com/netreport
>>> Doing a tracert leads to
>>> 77-96-243-253.cable.ubr13.gill.blueyonder.co.uk
>>
>>
>> Errr....
>>
>> gill.blueyonder?
>>
>> Gillingham?
>>
>> Medway handyman - in Gillingham?....
>>
>> Are your PCs completely clean Dave (full scan with decent upto date
>> virus scanner etc etc)?
>>
>> Darren
>>
> and are you using unencrypted wireless in your house?

No wireless at all.

Graham.

unread,
Nov 24, 2009, 3:16:22 PM11/24/09
to

"The Medway Handyman" <davi...@nospamblueyonder.co.uk> wrote in message news:TBWOm.8327$Ym4....@text.news.virginmedia.com...


> Bruce wrote:
>> On Mon, 23 Nov 2009 23:24:55 GMT, "The Medway Handyman"
>> <davi...@nospamblueyonder.co.uk> wrote:
>>>
>>> Thanks Tim. No dosh lost, all re set with passwords & questions
>>> Derren Brown couldn't crack.
>>
>>
>> But a keylogger would already have them. And that may have been how
>> it all happened in the first place. :-(
>
> Wot a keylogger?

Seriously??
It's a piece of spyware that literally logs all the key-strokes you make
and sends them to the attacker.passwords would be sent in clear
text even if the website you were typing them into returned ****

--
Graham.

%Profound_observation%


Owain

unread,
Nov 24, 2009, 3:28:54 PM11/24/09
to
On 24 Nov, 19:03, "Nightjar wrote:
> I've rarely used ebay, but ISTR that they provide an application that
> will warn you if the site you are visiting is not a genuine ebay site.

Do people download it following a link they've received in an
email? ;-)

Owain


Bruce

unread,
Nov 24, 2009, 3:32:50 PM11/24/09
to
On Tue, 24 Nov 2009 19:37:23 GMT, "The Medway Handyman"
<davi...@nospamblueyonder.co.uk> wrote:

>Bruce wrote:
>> On Mon, 23 Nov 2009 23:24:55 GMT, "The Medway Handyman"
>> <davi...@nospamblueyonder.co.uk> wrote:
>>>
>>> Thanks Tim. No dosh lost, all re set with passwords & questions
>>> Derren Brown couldn't crack.
>>
>>
>> But a keylogger would already have them. And that may have been how
>> it all happened in the first place. :-(
>
>Wot a keylogger?


It's a nasty bit of malware which, when placed on your PC, logs every
keystroke you make and transmits them to whoever installed it.
Basic anti-virus software doesn't pick it up. You need a good
anti-spyware program too.

I am not an IT expert so I'm not the best person to recommend which
package is best for you, but I haven't been at all impressed with AVG
which failed to deal with quite a few items of malware, some serious.
I've had better results with Spyware Detector, but there will probably
be other, better packages.

All my work and other important files are stored on a Mac computer
which is only very rarely connected to the Internet. The Mac's
UNIX-based operating system is much less prone to virus and malware
attacks than Windows.

Bob Eager

unread,
Nov 24, 2009, 5:18:07 PM11/24/09
to
On Tue, 24 Nov 2009 20:32:50 +0000, Bruce wrote:

> All my work and other important files are stored on a Mac computer which
> is only very rarely connected to the Internet. The Mac's UNIX-based
> operating system is much less prone to virus and malware attacks than
> Windows.

But it still happens...remember Robert Morris...!

--
Use the BIG mirror service in the UK:
http://www.mirrorservice.org

Bruce

unread,
Nov 24, 2009, 5:43:18 PM11/24/09
to
On 24 Nov 2009 22:18:07 GMT, Bob Eager <rd...@spamcop.net> wrote:
>On Tue, 24 Nov 2009 20:32:50 +0000, Bruce wrote:
>> All my work and other important files are stored on a Mac computer which
>> is only very rarely connected to the Internet. The Mac's UNIX-based
>> operating system is much less prone to virus and malware attacks than
>> Windows.
>
>But it still happens...remember Robert Morris...!


You're right, of course. I use Linux on my main (ex-Windows) laptop
for that very reason. ;-)

But getting back to the subject, I think the majority of Windows users
have not the slightest conception of how much at risk they are from
spyware and malware. They just use standard anti-virus packages that
don't even attempt to tackle the real nasties.

Bob Eager

unread,
Nov 24, 2009, 5:55:33 PM11/24/09
to

I agree. I use BSD mostly (and have done ever since it appeared on the
VAX), as at least it is well tried and tested. And the weak point
exploited most by Morris was sendmail - I never use it on any of my
systems.

Dave Plowman (News)

unread,
Nov 24, 2009, 6:26:03 PM11/24/09
to
In article <heheuo$27a$1...@news.eternal-september.org>,

Graham. <m...@privacy.net> wrote:
> > Wot a keylogger?

> Seriously??
> It's a piece of spyware that literally logs all the key-strokes you make
> and sends them to the attacker.passwords would be sent in clear
> text even if the website you were typing them into returned ****

Which is why many use a drop down menu to select, say, a couple of letters
from a second secure word?

--
*Drugs may lead to nowhere, but at least it's the scenic route *

The Natural Philosopher

unread,
Nov 24, 2009, 7:02:56 PM11/24/09
to

and that bug was fixed 15 years ago..and it ONLY worked on a VAX running
a specific operating system with a specific build of it too.


>

Bob Eager

unread,
Nov 24, 2009, 7:14:25 PM11/24/09
to

and on a Sun, too.

The Natural Philosopher

unread,
Nov 24, 2009, 9:04:24 PM11/24/09
to
Dont think so.

Unless the processors were identical

It relied on a precise text string overwriting a stack based buffer, and
corrupting it in a precise way.

John Rumm

unread,
Nov 24, 2009, 10:20:39 PM11/24/09
to
The Medway Handyman wrote:
> Some scumbag has tried to change my E Bay account details.
>
> I have the IP address and the ISP host numbers, how do I find who it is, and
> to whom do I report them?

To the ISP in question. Note you also need the exact time of the
incident since with some ISPs the IP addresses are dynamically allocated
and reused - so the same address can be used by a number of unrelated
users over a period of time.

--
Cheers,

John.

/=================================================================\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\=================================================================/

Bob Eager

unread,
Nov 25, 2009, 2:38:34 AM11/25/09
to

That's what I always thought (I read the original papers when it
happened). But apparently it used two different binaries, and sent both
to the system under attack...

And the mechanism was a bit more compliacted than that:

http://spaf.cerias.purdue.edu/tech-reps/823.pdf

dennis@home

unread,
Nov 25, 2009, 4:25:22 AM11/25/09
to

"Bruce" <docne...@gmail.com> wrote in message
news:13oog5duu5jclfs7m...@4ax.com...

I am amazed at how many linux/unix users do nothing at all even though stuff
like root kits have been around for years.
I suppose its to be expected, they keep telling each other that they are
immune so often that they actually start to believe it. The reality is
different of course.
There is a lot of evidence that botnets are controlled by hacked unix
machines, windows machines generally can't handle many connections without
the user noticing a problem and then reinstalling/running AV software, this
losses the rather valuable botnet.
The users of these hacked unix machines will be telling everyone that unix
is safe.
>

dennis@home

unread,
Nov 25, 2009, 4:34:22 AM11/25/09
to

"The Natural Philosopher" <t...@invalid.invalid> wrote in message

news:hehs7g$5mp$1...@news.albasani.net...

The sendmail running on many linux systems had exploits three years ago that
I know of.
Postfix has replaced it on most systems AFAIK, some of the sendmail exploits
were never fixed AFAIK so anyone still running sendmail is probably
exploitable.
There have been a number of security updates to postfix to remove
exploitable holes.
Just running linux/unix does *not* make you safe whatever linux/unix users
say.

Cue the usual windows is worse answer from linux users who still don't get
it.

Mark

unread,
Nov 25, 2009, 5:24:25 PM11/25/09
to
John Rumm wrote:

> The Medway Handyman wrote:
>> Some scumbag has tried to change my E Bay account details.
>>
>> I have the IP address and the ISP host numbers, how do I find who it is,
>> and to whom do I report them?
>
> To the ISP in question. Note you also need the exact time of the
> incident since with some ISPs the IP addresses are dynamically allocated
> and reused - so the same address can be used by a number of unrelated
> users over a period of time.
>

yes but in this case the reported IP was in fact in use by TMH earlier in
the year.
An Ebay upcock i suspect.��

John Rumm

unread,
Nov 26, 2009, 7:36:29 AM11/26/09
to
Clive George wrote:
> "The Natural Philosopher" <t...@invalid.invalid> wrote in message
> news:hegdmm$nfv$1...@news.albasani.net...
>
>> Thats the easiest one. Someone parks a van outside with a laptop, and
>> watches the keystrokes..then logs in as you, and off he goes.
>
> Any site taking a password is https these days, especially the likes of
> ebay, so that's not going to work.

Remember the key loggers run on *your* computer and hence have full
access to the raw keypress data long before it gets into a SSL stream.

John Rumm

unread,
Nov 26, 2009, 7:43:41 AM11/26/09
to
Jules wrote:

> On Tue, 24 Nov 2009 11:26:11 +0000, Clive George wrote:
>
>> "The Natural Philosopher" <t...@invalid.invalid> wrote in message
>> news:hegdmm$nfv$1...@news.albasani.net...
>>
>>> Thats the easiest one. Someone parks a van outside with a laptop, and
>>> watches the keystrokes..then logs in as you, and off he goes.
>> Any site taking a password is https these days, especially the likes of
>> ebay, so that's not going to work.
>
> unless they're snooping on the signal between the keyboard and the
> computer...
>
> http://arstechnica.com/security/news/2008/10/beware-your-keyboard-may-be-tattling-on-your-typing.ars
>
> </paranoia>

You can apparently make a pretty good stab at recovering keystroke
information from just an audio stream of someone typing. Each key/typist
combination has a unique sound that will yield to a basic frequency
distribution analysis.

Clive George

unread,
Nov 26, 2009, 7:51:00 AM11/26/09
to
"John Rumm" <see.my.s...@nowhere.null> wrote in message
news:ZIudnRJl3q7S65PW...@brightview.co.uk...

> Clive George wrote:
>> "The Natural Philosopher" <t...@invalid.invalid> wrote in message
>> news:hegdmm$nfv$1...@news.albasani.net...
>>
>>> Thats the easiest one. Someone parks a van outside with a laptop, and
>>> watches the keystrokes..then logs in as you, and off he goes.
>>
>> Any site taking a password is https these days, especially the likes of
>> ebay, so that's not going to work.
>
> Remember the key loggers run on *your* computer and hence have full access
> to the raw keypress data long before it gets into a SSL stream.

TNP wasn't suggesting a keylogger - "and are you using unencrypted wireless
in your house?"


dennis@home

unread,
Nov 26, 2009, 9:53:32 AM11/26/09
to

"Clive George" <cl...@xxxx-x.fsnet.co.uk> wrote in message
news:gM6dnWV1DN6a55PW...@brightview.co.uk...

> TNP wasn't suggesting a keylogger - "and are you using unencrypted
> wireless in your house?"

It is pretty safe using open wireless to do your banking, provided you use a
trusted DNS.
The actual banking site will be https so all the data is encrypted before
being put on the wireless even if the actual wireless is not encrypted.

Dave

unread,
Nov 26, 2009, 12:31:01 PM11/26/09
to
John Rumm wrote:
> Jules wrote:
>> On Tue, 24 Nov 2009 11:26:11 +0000, Clive George wrote:
>>
>>> "The Natural Philosopher" <t...@invalid.invalid> wrote in message
>>> news:hegdmm$nfv$1...@news.albasani.net...
>>>
>>>> Thats the easiest one. Someone parks a van outside with a laptop,
>>>> and watches the keystrokes..then logs in as you, and off he goes.
>>> Any site taking a password is https these days, especially the likes
>>> of ebay, so that's not going to work.
>>
>> unless they're snooping on the signal between the keyboard and the
>> computer...
>>
>> http://arstechnica.com/security/news/2008/10/beware-your-keyboard-may-be-tattling-on-your-typing.ars
>>
>>
>> </paranoia>
>
> You can apparently make a pretty good stab at recovering keystroke
> information from just an audio stream of someone typing. Each key/typist
> combination has a unique sound that will yield to a basic frequency
> distribution analysis.

It is the same when hand generated Morse code is sent, you can recognise
the 'hand'.

Dave

Bruce

unread,
Nov 26, 2009, 3:31:01 PM11/26/09
to
On Thu, 26 Nov 2009 17:31:01 +0000, Dave <dave...@btopenworld.com>
wrote:

>It is the same when hand generated Morse code is sent, you can recognise
>the 'hand'.


.. | -.- -. --- .-- | . -..- .- -.-. - .-.. -.-- | .-- .... .- - |
-.-- --- ..- | -- . .- -. | ..--.. |

;-)

John Rumm

unread,
Nov 26, 2009, 5:13:23 PM11/26/09
to
Bruce wrote:
> On Thu, 26 Nov 2009 17:31:01 +0000, Dave <dave...@btopenworld.com>
> wrote:
>> It is the same when hand generated Morse code is sent, you can recognise
>> the 'hand'.
>
>
> ... | -.- -. --- .-- | . -..- .- -.-. - .-.. -.-- | .-- .... .- - |

> -.-- --- ..- | -- . .- -. | ..--.. |
>
> ;-)

- .... .- - .----. ... . .- ... -.-- ..-. --- .-. -.-- --- ..- - ---
... .- -.--

geoff

unread,
Nov 26, 2009, 5:42:39 PM11/26/09
to
In message <pNqdnaghBbweYJPW...@brightview.co.uk>, John
Rumm <see.my.s...@nowhere.null> writes

>Bruce wrote:
>> On Thu, 26 Nov 2009 17:31:01 +0000, Dave <dave...@btopenworld.com>
>> wrote:
>>> It is the same when hand generated Morse code is sent, you can
>>>recognise the 'hand'.
>> ... | -.- -. --- .-- | . -..- .- -.-. - .-.. -.-- | .-- .... .- - |
>> -.-- --- ..- | -- . .- -. | ..--.. | ;-)
>
>- .... .- - .----. ... . .- ... -.-- ..-. --- .-. -.-- --- ..- -
>--- ... .- -.--
>
>

STOP THAT NOW !

--
geoff

ARWadsworth

unread,
Nov 26, 2009, 6:14:34 PM11/26/09
to

"geoff" <ra...@kateda.org> wrote in message
news:vzjIaBTf...@demon.co.uk...

.. -.. --- -. --- - ..- -. -.. . .-. ... - .- -. -.. .-- .... .- -
.. ... --. --- .. -. --. --- -.

Adam

geoff

unread,
Nov 26, 2009, 6:23:44 PM11/26/09
to
In message <uZDPm.9097$Ym4...@text.news.virginmedia.com>, ARWadsworth
<adamwa...@blueyonder.co.uk> writes
You - COAT


--
geoff

The Medway Handyman

unread,
Nov 26, 2009, 7:59:00 PM11/26/09
to
John Rumm wrote:
> Bruce wrote:
>> On Thu, 26 Nov 2009 17:31:01 +0000, Dave <dave...@btopenworld.com>
>> wrote:
>>> It is the same when hand generated Morse code is sent, you can
>>> recognise the 'hand'.
>>
>>
>> ... | -.- -. --- .-- | . -..- .- -.-. - .-.. -.-- | .-- .... .- - |
>> -.-- --- ..- | -- . .- -. | ..--.. |
>>
>> ;-)
>
> - .... .- - .----. ... . .- ... -.-- ..-. --- .-. -.-- --- ..- -
> --- ... .- -.--

Don't you call me a .----. ... . .- ... -.-- !


--
Dave - The Medway Handyman
www.medwayhandyman.co.uk


John Rumm

unread,
Nov 26, 2009, 10:43:46 PM11/26/09
to

-. . .. - .... . .-. -.. --- . ... --. . --- ..-. ..-. -... -.-- -
.... . .-.. --- --- -.- ... --- ..-. .. - .-.-.-

John Rumm

unread,
Nov 26, 2009, 10:46:57 PM11/26/09
to
The Medway Handyman wrote:
> John Rumm wrote:
>> Bruce wrote:
>>> On Thu, 26 Nov 2009 17:31:01 +0000, Dave <dave...@btopenworld.com>
>>> wrote:
>>>> It is the same when hand generated Morse code is sent, you can
>>>> recognise the 'hand'.
>>>
>>> ... | -.- -. --- .-- | . -..- .- -.-. - .-.. -.-- | .-- .... .- - |
>>> -.-- --- ..- | -- . .- -. | ..--.. |
>>>
>>> ;-)
>> - .... .- - .----. ... . .- ... -.-- ..-. --- .-. -.-- --- ..- -
>> --- ... .- -.--
>
> Don't you call me a .----. ... . .- ... -.-- !

.-- --- ..- .-.. -.. -. --- - -.. .-. . .- -- --- ..-. .. - ---
.-.. -.. -.-. .... .- .--. .-.-.-

Andy Burns

unread,
Nov 27, 2009, 2:44:38 AM11/27/09
to
On 26/11/09 23:23, geoff wrote:

>>>> - .... .- - .----. ... . .- ... -.-- ..-. --- .-. -.-- --- ..- - ---
>>>> ... .- -.--
>>>
>>> STOP THAT NOW !
>>

>> .. -.. --- -. --- - ..- -. -.. . .-. ... - .- -. -.. .-- .... .- - ..
>> ... --. --- .. -. --. --- -.
>
> You - COAT

-.-- --- ..- ...- . .--. ..- .-.. .-.. . -..

Bruce

unread,
Nov 27, 2009, 5:22:52 AM11/27/09
to


.-- .... .- - | .... .- ...- . | .. | ... - .- .-. - . -.. | ..--.. |?

Andrew Gabriel

unread,
Dec 2, 2009, 2:42:12 PM12/2/09
to
In article <heit62$luv$1...@news.datemas.de>,

"dennis@home" <den...@killspam.kicks-ass.net> writes:
>
> I am amazed at how many linux/unix users do nothing at all even though stuff
> like root kits have been around for years.
> I suppose its to be expected, they keep telling each other that they are
> immune so often that they actually start to believe it. The reality is
> different of course.
> There is a lot of evidence that botnets are controlled by hacked unix

Care to point to some of it?

> machines, windows machines generally can't handle many connections without
> the user noticing a problem and then reinstalling/running AV software, this
> losses the rather valuable botnet.
> The users of these hacked unix machines will be telling everyone that unix
> is safe.
>>

--
Andrew Gabriel
[email address is not usable -- followup in the newsgroup]

dennis@home

unread,
Dec 2, 2009, 5:39:48 PM12/2/09
to

"Andrew Gabriel" <and...@cucumber.demon.co.uk> wrote in message
news:hf6fuk$a1s$1...@news.eternal-september.org...


> In article <heit62$luv$1...@news.datemas.de>,
> "dennis@home" <den...@killspam.kicks-ass.net> writes:
>>
>> I am amazed at how many linux/unix users do nothing at all even though
>> stuff
>> like root kits have been around for years.
>> I suppose its to be expected, they keep telling each other that they are
>> immune so often that they actually start to believe it. The reality is
>> different of course.
>> There is a lot of evidence that botnets are controlled by hacked unix
>
> Care to point to some of it?

Well something simple like http://en.wikipedia.org/wiki/Srizbi_botnet
reveals that the controllers are using python which isn't likely to be
running on windows.
Nor are they likely to be using their own machines as that would get them
caught.

The following, which you quoted, but apparently failed to grasp.

The Natural Philosopher

unread,
Dec 2, 2009, 6:14:32 PM12/2/09
to
dennis@home wrote:
>
>
> "Andrew Gabriel" <and...@cucumber.demon.co.uk> wrote in message
> news:hf6fuk$a1s$1...@news.eternal-september.org...
>> In article <heit62$luv$1...@news.datemas.de>,
>> "dennis@home" <den...@killspam.kicks-ass.net> writes:
>>>
>>> I am amazed at how many linux/unix users do nothing at all even
>>> though stuff
>>> like root kits have been around for years.
>>> I suppose its to be expected, they keep telling each other that they are
>>> immune so often that they actually start to believe it. The reality is
>>> different of course.
>>> There is a lot of evidence that botnets are controlled by hacked unix
>>
>> Care to point to some of it?
>
> Well something simple like http://en.wikipedia.org/wiki/Srizbi_botnet
> reveals that the controllers are using python which isn't likely to be
> running on windows.

Thes serervs are r=unning linux. The clients are to a man windozePC's

Its a shame u dont understand what you read.

But then, you never did.

> Nor are they likely to be using their own machines as that would get
> them caught.
>
> The following, which you quoted, but apparently failed to grasp.
>
>>
>>> machines, windows machines generally can't handle many connections
>>> without
>>> the user noticing a problem and then reinstalling/running AV
>>> software, this
>>> losses the rather valuable botnet.
>>> The users of these hacked unix machines will be telling everyone that
>>> unix
>>> is safe.
>>>>
>>
>> --
>> Andrew Gabriel
>> [email address is not usable -- followup in the newsgroup]
>

Vulnerable unix machines are public hosting servers. Not joe bloggs at
home with his desktop. Of necessity these machines have actual customer
upload facilities, and very open access. And are not maintained by the
owners of the software upon them. Any sysadmin can open a door for cash.

Or by mistake.

Running behind a NAT router at home, is a vastly different proposition.

But then, that means nothing to you, because not much does.

Andrew Gabriel

unread,
Dec 2, 2009, 7:08:23 PM12/2/09
to
In article <hf6sco$vog$1...@news.albasani.net>,

The Natural Philosopher <t...@invalid.invalid> writes:
> dennis@home wrote:
>>
>>
>> "Andrew Gabriel" <and...@cucumber.demon.co.uk> wrote in message
>> news:hf6fuk$a1s$1...@news.eternal-september.org...
>>> In article <heit62$luv$1...@news.datemas.de>,
>>> "dennis@home" <den...@killspam.kicks-ass.net> writes:
>>>>
>>>> I am amazed at how many linux/unix users do nothing at all even
>>>> though stuff
>>>> like root kits have been around for years.
>>>> I suppose its to be expected, they keep telling each other that they are
>>>> immune so often that they actually start to believe it. The reality is
>>>> different of course.
>>>> There is a lot of evidence that botnets are controlled by hacked unix
>>>
>>> Care to point to some of it?
>>
>> Well something simple like http://en.wikipedia.org/wiki/Srizbi_botnet
>> reveals that the controllers are using python which isn't likely to be
>> running on windows.
>
> Thes serervs are r=unning linux. The clients are to a man windozePC's
>
> Its a shame u dont understand what you read.
>
> But then, you never did.

Yep - none of the Linux systems were infected with viruses;
they were installed for the purpose of controlling the virus.
Interesting that the virus writers knew better than to use Windows
themselves ;-) The virus infects and lives in the NTFS filesystem
drivers on Windows.

Man at B&Q

unread,
Dec 3, 2009, 5:15:06 AM12/3/09
to
On Nov 23, 11:23 pm, "The Medway Handyman"
<davidl...@nospamblueyonder.co.uk> wrote:
> Harry Bloomfield wrote:
> > The Medway Handyman expressed precisely :
> >> fred wrote:
> >>> In article <IUDOm.8032$Ym4.7...@text.news.virginmedia.com>, The
> >>> Medway Handyman <davidl...@nospamblueyonder.co.uk> writes
>
> >>>> Tried that &http://www.geektools.com/whois.php
>
> >>>> Trouble is, too much information, most of which I don't understand.
>
> >>>> Would it be wise/acceptable to post the numbers here?
>
> >>> Yes, post all you have and the source of the information, it's
> >>> useless without knowing where it came from and how reliable it is.
>
> >> OK.  I recieved a message from E Bay about a password change
> >> confirmation:- "The password change request was made from:
>
> >>   a.. IP address: 77.96.243.253
> >>   b.. ISP host: 10.11.64.246 "
>
> >> I subsequently discovered various address's, (inc Pay Pal) had been
> >> changed to Dorset, Dublin, New York & Nigeria!
>
> > Dave,
>
> > Can I ask have you at anytime clicked on a link in an email seeing to
> > have come from ebay or paypal and the page it has loaded has seemed to
> > look like the ebay login page?
>
> > In other words what is known as a phishing email?
>
> Hard to tell Harry, I might well have done even though I'm of a suspicious
> nature.
>
> I get so many e mails from E Bay & Pay Pal I simply don't know which to
> trust.  As a result I rarely use either.

Ebay and PayPal send very few e-mails, even to registered users, IME.
What you are probably receiving are e-mails purporting to be from them
(phishing). Genuine PayPal e-mails will always address you by your
registered name, not "dear paypal user" or similar.

The simple answer is NEVER click on a link in any such e-mails, nor
cut and paste links into your browser. ALWAYS access them via you
browser by typing in the URL or using a known good favourite link.

No problems with either.

MBQ


Dave Plowman (News)

unread,
Dec 3, 2009, 5:48:25 AM12/3/09
to
In article
<a8132bfa-2ac5-42cf...@s20g2000yqd.googlegroups.com>,

Man at B&Q <manat...@hotmail.com> wrote:
> Ebay and PayPal send very few e-mails, even to registered users, IME.

Not so. Ebay regularly send out details of special offers. But this may be
an option. Just be wary of any that require you to click on a link and log
in.

--
*I couldn't repair your brakes, so I made your horn louder *

Dave Plowman da...@davenoise.co.uk London SW
To e-mail, change noise into sound.

Andy Champ

unread,
Dec 3, 2009, 3:01:34 PM12/3/09
to
Andrew Gabriel wrote:
>
> The virus infects and lives in the NTFS filesystem
> drivers on Windows.
>

Really? Not just an FS filter or such? Never heard of such a thing.
Do you have a link?

Andy

Message has been deleted

Andrew Gabriel

unread,
Dec 4, 2009, 6:00:56 AM12/4/09
to
In article <pK6dnU_Cia2DhIXW...@eclipse.net.uk>,

http://en.wikipedia.org/wiki/Srizbi_botnet#Srizbi_trojan

Actually, it's not just the NTFS drivers, it's also the network
drivers, so its behaviour (and existance) is invisible to virus
scanners, network snoopers, and firewalls running in the same
system looking at the filesystem or at network activity. It also
hooks into the kernel's registry support, to hide its registry
settings.

Basically, it runs entirely in the kernel, and the kernel components
seem to do a good job of hiding its existance, in addition to actually
deploying the payload. After all, once you're in the kernel, you can
make sure any virus scanner is only seeing a sanitised version of the
system with any evidence of the virus removed from anything outside
of itself. Of course, virus scanners catch up once the scanning
companies have worked out what its doing and how it works.

dennis@home

unread,
Dec 4, 2009, 4:43:00 PM12/4/09
to

"The Natural Philosopher" <t...@invalid.invalid> wrote in message

news:hf6sco$vog$1...@news.albasani.net...


> dennis@home wrote:
>>
>>
>> "Andrew Gabriel" <and...@cucumber.demon.co.uk> wrote in message
>> news:hf6fuk$a1s$1...@news.eternal-september.org...
>>> In article <heit62$luv$1...@news.datemas.de>,
>>> "dennis@home" <den...@killspam.kicks-ass.net> writes:
>>>>
>>>> I am amazed at how many linux/unix users do nothing at all even though
>>>> stuff
>>>> like root kits have been around for years.
>>>> I suppose its to be expected, they keep telling each other that they
>>>> are
>>>> immune so often that they actually start to believe it. The reality is
>>>> different of course.
>>>> There is a lot of evidence that botnets are controlled by hacked unix
>>>
>>> Care to point to some of it?
>>
>> Well something simple like http://en.wikipedia.org/wiki/Srizbi_botnet
>> reveals that the controllers are using python which isn't likely to be
>> running on windows.
>
> Thes serervs are r=unning linux. The clients are to a man windozePC's
>
> Its a shame u dont understand what you read.
>
> But then, you never did.

Well as you are agreeing with what I said I suppose you don't actually have
a clue what you are saying.
But then, you never did and, probably, never will.

dennis@home

unread,
Dec 4, 2009, 4:46:35 PM12/4/09
to

"Andrew Gabriel" <and...@cucumber.demon.co.uk> wrote in message

news:hf6vhn$8nv$1...@news.eternal-september.org...

Yet again we have viruses singled out as being the problem and not the users
failing to understand security.
I expect you are a linux user and think you are safe just because you use
linux.

dennis@home

unread,
Dec 4, 2009, 4:49:44 PM12/4/09
to

"Huge" <Hu...@nowhere.much.invalid> wrote in message
news:7ns4lpF...@mid.individual.net...


Hi huge, feeling well enough to put in an appearance I see.
Keep taking the pills as you are still posting cr@p.

Andrew Gabriel

unread,
Dec 5, 2009, 6:13:26 AM12/5/09
to
In article <hfbvvu$6pq$1...@news.datemas.de>,

"dennis@home" <den...@killspam.kicks-ass.net> writes:
>
>
> "Andrew Gabriel" <and...@cucumber.demon.co.uk> wrote in message
> news:hf6vhn$8nv$1...@news.eternal-september.org...
>>
>> Yep - none of the Linux systems were infected with viruses;
>> they were installed for the purpose of controlling the virus.
>> Interesting that the virus writers knew better than to use Windows
>> themselves ;-) The virus infects and lives in the NTFS filesystem
>> drivers on Windows.
>
> Yet again we have viruses singled out as being the problem and not the users
> failing to understand security.

Well, we're just responding to your suggestion that a Linux
system was somehow being subverted into spreading this virus,
which wasn't the case. The Linux systems were setup for this
sole purpose, and were not in any way compromised.

> I expect you are a linux user and think you are safe just because you use
> linux.

Not a single Linux system installed here (although it does
happen occasionally when I need to work on one).

dennis@home

unread,
Dec 5, 2009, 8:00:15 AM12/5/09
to

"Andrew Gabriel" <and...@cucumber.demon.co.uk> wrote in message

news:hfdf8m$96j$4...@news.eternal-september.org...


> In article <hfbvvu$6pq$1...@news.datemas.de>,
> "dennis@home" <den...@killspam.kicks-ass.net> writes:
>>
>>
>> "Andrew Gabriel" <and...@cucumber.demon.co.uk> wrote in message
>> news:hf6vhn$8nv$1...@news.eternal-september.org...
>>>
>>> Yep - none of the Linux systems were infected with viruses;
>>> they were installed for the purpose of controlling the virus.
>>> Interesting that the virus writers knew better than to use Windows
>>> themselves ;-) The virus infects and lives in the NTFS filesystem
>>> drivers on Windows.
>>
>> Yet again we have viruses singled out as being the problem and not the
>> users
>> failing to understand security.
>
> Well, we're just responding to your suggestion that a Linux
> system was somehow being subverted into spreading this virus,
> which wasn't the case.

I didn't say it was compromised by a virus.
I said it was compromised and that linux is not secure as many linux user
like to claim, some may even believe it too.
Which is why linux users that understand vulnerabilities always appear to
like bringing virii into the argument, just to try and deflect the
uninformed from actually understanding that linux is vulnerable to various
attacks.

> The Linux systems were setup for this
> sole purpose, and were not in any way compromised.

No they are frequently compromised systems that user doesn't know is being
used for the purpose.
It would be easy to stop the attacks if they were using their own machines
as well as being easy to identify and arrest them.

>
>> I expect you are a linux user and think you are safe just because you use
>> linux.
>
> Not a single Linux system installed here (although it does
> happen occasionally when I need to work on one).

So which system are you running knews on then?

Andrew Gabriel

unread,
Dec 5, 2009, 12:52:35 PM12/5/09
to
In article <hfdlh0$hlt$1...@news.datemas.de>,

"dennis@home" <den...@killspam.kicks-ass.net> writes:
>
>
> "Andrew Gabriel" <and...@cucumber.demon.co.uk> wrote in message
> news:hfdf8m$96j$4...@news.eternal-september.org...
>> In article <hfbvvu$6pq$1...@news.datemas.de>,
>> "dennis@home" <den...@killspam.kicks-ass.net> writes:
>>>
>>>
>>> "Andrew Gabriel" <and...@cucumber.demon.co.uk> wrote in message
>>> news:hf6vhn$8nv$1...@news.eternal-september.org...
>>>>
>>>> Yep - none of the Linux systems were infected with viruses;
>>>> they were installed for the purpose of controlling the virus.
>>>> Interesting that the virus writers knew better than to use Windows
>>>> themselves ;-) The virus infects and lives in the NTFS filesystem
>>>> drivers on Windows.
>>>
>>> Yet again we have viruses singled out as being the problem and not the
>>> users
>>> failing to understand security.
>>
>> Well, we're just responding to your suggestion that a Linux
>> system was somehow being subverted into spreading this virus,
>> which wasn't the case.
>
> I didn't say it was compromised by a virus.
> I said it was compromised

Well it wasn't.

> and that linux is not secure as many linux user
> like to claim, some may even believe it too.

That may be true (I don't know what security linux users
like to claim), but in the example you provided, no linux
systems were hacked, compromised, infected, etc.

> Which is why linux users that understand vulnerabilities always appear to
> like bringing virii into the argument, just to try and deflect the
> uninformed from actually understanding that linux is vulnerable to various
> attacks.
>
>> The Linux systems were setup for this
>> sole purpose, and were not in any way compromised.
>
> No they are frequently compromised systems that user doesn't know is being
> used for the purpose.

No, they were a set of 25 Itanium Linux systems in McColo's
hosting centre in San Jose, hired for the purpose.

> It would be easy to stop the attacks if they were using their own machines
> as well as being easy to identify and arrest them.

McColo allegedly specialised in hosting services which would
be difficult to take down. I would expect you can just buy the
service from anywhere around the world (as with any hosting
centre), so identity and arrest is easily avoided.

>>> I expect you are a linux user and think you are safe just because you use
>>> linux.
>>
>> Not a single Linux system installed here (although it does
>> happen occasionally when I need to work on one).
>
> So which system are you running knews on then?

a20$ uname -a
SunOS a20 5.11 snv_125 i86pc i386 i86pc
a20$

(i.e. Solaris)

Knews should build and run on any unix with Motif libraries
(or Motif-compatible libraries in the case of Linux).

It is loading more messages.
0 new messages