So I get a piece of SPAM that advertises a "how to make money on eBay" book. For kicks, I go to the website (hosted in Asia, of course)
(Aside -- the website includes a gimmick where if you "buy by midnight on (today's date), save 50%". Change the date on your PC, and the offer gets extended to THAT day) I check out the order form, which a) isn't secured with SSL, and b) submits the information to a different website. So I go there to muck around and see what there is (again, hosted in Asia) Lo and behold, I look at the root of said website, and I get a directory listing: submit.php orders.txt And as you can probably guess, orders.txt contains -- ORDERS. Names, addresses, phone numbers, and CREDIT CARD NUMBERS. Dozens of them. So I got to thinking... what should I do here? a) Nothing. It's not my problem. b) Notify the provider who hosts the submission page c) Send e-mails to all the morons who tried to buy this "product" (their e-mail addresses are readily available, next to their credit card numbers), letting them know that they are morons and this is why they shouldn't buy products advertised in SPAM. d) Something else I chose option a. What would you do? (What would Brian Boitano do?) __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
