At 10:31 PM -0700 9/12/08, Carl Nygren wrote: >Hello all, > >I was going to log on to PayPal now, but a site popped up asking for >name, address, credit card number, CVV2, date of credit card expiry, >bank account info, and Social Security Number. > >What bothers me is a) Why would PayPal ask for this, and b) I live in >Sweden and I am a Swedish citizen. :) >I do not have a Social Security Number - since I do not live in the >US.
They didn't. See below. > >I did not submit any info at all. This is good. >I did however send an email to PayPal asking how exactly they are >expecting me to fill out this form. This could be worse than spam. If you typed the address in your browser, it's probably DNS Cache poisoning. (if you followed a link in an email, it probably was a common phish and not what I describe below.) In early August a security hole in the Domain Name System (the "traffic cop" part of the internet that changes the name you type in to your browser such as 'paypal.com' into an IP address of a specific machine) was discovered. Not all domain name servers have been fixed yet, though patches exist for most of them. The exploit involves taking advantage of the fact that Domain Name Servers typically do not change the port they talk on with each new query. As a result, it becomes possible for someone to hit a domain name server with requests in a way that allows them to 'piggyback' a payload of bogus data which gets cached along with the real stuff. (I'm not going into the details here, for obvious reasons). The patch causes the server to assign ports in a random sequence, which greatly reduces but does *not* eliminate the threat. Using such a technique someone could hack a DNS server such that a legitimate request for the location of "www.paypal.com" by someone using that server (ie, a user like you) would point to their phishing server. To test whether the DNS server you use is safe from threats of this type, use the DNS tester at <http://www.doxpara.com/?p=1162>. Everyone should perform the test. If your DNS server(s) don't pass the test, contact your ISP and demand at least one that does. For more info, see <http://support.menandmice.com/jforum/posts/list/65.page> and follow the links. -- Bill Christensen <http://greenbuilder.com/contact/> Green Building Professionals Directory: <http://directory.greenbuilder.com> Sustainable Building Calendar: <http://www.greenbuilder.com/calendar/> Green Real Estate: <http://www.greenbuilder.com/realestate/> Straw Bale Registry: <http://sbregistry.greenbuilder.com/> Books/videos/software: <http://bookstore.greenbuilder.com/> --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed Low End Mac's G3-5 List, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/g3-5-list?hl=en Low End Mac RSS feed at feed://lowendmac.com/feed.xml -~----------~----~----~----~------~----~------~--~---
