Re: Warning: OutsourcingRoom.com

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2009-08-05 at 11:10 -0300, Martin Scotta wrote:
> Nobody can actually do anything. This happen all the time.
> 
> Sites like facebook or myspace send invitations to all your mail's
> contacts, but that's not the problem. What I can't understand is why
> do they do pre-signup just you for the "easy" of you.
> I have _created_ an account just to edit my personal data, that's nonsense!!!
> 
> If you give your contact info you are allowing this kind of "issues",
> but if you don't... well, you can't use internet if you don't.
> 
> 
> On Wed, Aug 5, 2009 at 10:56 AM, Ashley
> Sheridan<ash@xxxxxxxxxxxxxxxxxxxx> wrote:
> > On Wed, 2009-08-05 at 09:54 -0400, Eric Butera wrote:
> >> On Wed, Aug 5, 2009 at 3:06 AM, Ashley Sheridan<ash@xxxxxxxxxxxxxxxxxxxx> wrote:
> >> > On Tue, 2009-08-04 at 20:49 -0700, Steve wrote:
> >> >> Daniel Brown wrote:
> >> >> >     Just as a heads-up, in case you guys weren't yet aware (cross-posting):
> >> >> >
> >> >> >     Elance.com was the victim of an SQL injection attack earlier this
> >> >> > summer (they apparently missed our billions of threads on sanity).
> >> >> > According to their folks, only names, company names, phone numbers,
> >> >> > and email addresses were taken.  Whether or not that's true, I don't
> >> >> > know, but that's beyond the scope of this warning.
> >> >> >
> >> >> >     The most recent attempt to get more of your personal information
> >> >> > comes from a (*possibly* legitimate) website named
> >> >> > OutsourcingRoom.com.  If you have been a member of Elance, you may
> >> >> > have already received the message from OSR that claims that you signed
> >> >> > up with them, and gives you a username and password.  Now, I'm not
> >> >> > here to tell you guys and gals what to do, but taking the facts into
> >> >> > account - the stealing of private information by breeching the
> >> >> > security of a competitor - it's entirely up to you as to whether or
> >> >> > not you'll consider OSR a trustworthy business.  Chances are, they'll
> >> >> > not only charge you for using the service, but will also be so kind as
> >> >> > to reuse (or redistribute) your private and financial information,
> >> >> > should you be willing to give it to them.
> >> >> >
> >> >> >     We've already received numerous hits on our network for
> >> >> > OutsourcingRoom.com and one or two other shoddy attempts to gain more
> >> >> > information.  Today the emails seem to have picked up significantly,
> >> >> > and appear to be not only valid, but professionally-crafted.
> >> >> > Thankfully, we were anticipating such, after being alerted to the
> >> >> > attack by Elance themselves.  Perhaps a bit embarrassing for them, but
> >> >> > it was a good move to mitigate the damage post-fact, in my opinion.
> >> >> >
> >> >> >     That's it.  Just trying to keep everyone from getting scammed and
> >> >> > screwed.  For more information, check Google, as always.  ;-P
> >> >> >
> >> >> >
> >> >>
> >> >> I got that email. I was wondering what that was about. Thanks for the info!
> >> >>
> >> > Well, I try not to give out my details to too many people each month,
> >> > and this month they were beat to it by a nice fellow in Nigeria who I'm
> >> > helping out by letting him put some money into my account. Next month I
> >> > had originally planned to invest in those berrys everyone is talking
> >> > about and some watches, and then after that, I need to update my account
> >> > details on Ebay (I forgot I even had an account with them!) as they keep
> >> > asking me to go and do it because of a security update they've made.
> >> >
> >> > Ho hum...
> >> >
> >> > Thanks,
> >> > Ash
> >> > http://www.ashleysheridan.co.uk
> >> >
> >> >
> >> > --
> >> > PHP General Mailing List (http://www.php.net/)
> >> > To unsubscribe, visit: http://www.php.net/unsub.php
> >> >
> >> >
> >>
> >> Har har.  This was not a mindless 411 scam.  It is a bit different
> >> when an actual site people use gets hacked and their personal
> >> information stolen.  I too received one of these emails and it was
> >> very convincing.  It has my exact username from the Elance site and
> >> was crafted in such a way that it seems this new site was a partner
> >> with Elance somehow.
> >>
> >> --
> >> http://www.ericbutera.us/
> >>
> > Is there nothing that anybody can actually do about this? Where is the
> > new company based? Are there laws in that country about this sort of
> > thing?
> >
> > Thanks,
> > Ash
> > http://www.ashleysheridan.co.uk
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
> 
> 
> 
> -- 
> Martin Scotta
> 
Nicely said, but doesn't answer the question.

Sites like that will send out emails all the time as invites, because
they have the permission of whoever they are sending the emails on
behalf of, hence why they can access the contacts list.

This is a different situation, where the site was hacked, and the
company is not only sending out invite links to all the email addresses
it found, but it is including other personal information, i.e. the
username and password on the original site. Also, as it got that
information as a result of hacking, and they are the ones directly using
that information, well, they could be in a lot of trouble depending on
where in the world they are.

Thanks,
Ash
http://www.ashleysheridan.co.uk


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux