Hello Bill, Did as you suggested and the following came up: Your name server, at 24.92.226.9, appears to be safe, but make sure the ports listed below aren't following an obvious pattern (:1001, :1002, :1003, or :30000, : 30020, :30100...).
Requests seen for dba2b0069a04.doxdns5.com: 24.92.226.9:59251 TXID=42314 24.92.226.9:36412 TXID=42452 24.92.226.9:7310 TXID=65406 24.92.226.9:47231 TXID=40436 24.92.226.9:33662 TXID=6918 What does it mean/ Thanks On Sep 13, 2008, at 11:38 PM, Bill Christensen wrote: > > At 10:31 PM -0700 9/12/08, Carl Nygren wrote: >> Hello all, >> >> I was going to log on to PayPal now, but a site popped up asking for >> name, address, credit card number, CVV2, date of credit card expiry, >> bank account info, and Social Security Number. >> >> What bothers me is a) Why would PayPal ask for this, and b) I live in >> Sweden and I am a Swedish citizen. :) >> I do not have a Social Security Number - since I do not live in the >> US. > > They didn't. See below. > >> >> I did not submit any info at all. > > This is good. > >> I did however send an email to PayPal asking how exactly they are >> expecting me to fill out this form. > > This could be worse than spam. If you typed the address in your > browser, it's probably DNS Cache poisoning. (if you followed a link > in an email, it probably was a common phish and not what I describe > below.) > > In early August a security hole in the Domain Name System (the > "traffic cop" part of the internet that changes the name you type in > to your browser such as 'paypal.com' into an IP address of a specific > machine) was discovered. Not all domain name servers have been fixed > yet, though patches exist for most of them. > > The exploit involves taking advantage of the fact that Domain Name > Servers typically do not change the port they talk on with each new > query. As a result, it becomes possible for someone to hit a domain > name server with requests in a way that allows them to 'piggyback' a > payload of bogus data which gets cached along with the real stuff. > (I'm not going into the details here, for obvious reasons). The > patch causes the server to assign ports in a random sequence, which > greatly reduces but does *not* eliminate the threat. > > Using such a technique someone could hack a DNS server such that a > legitimate request for the location of "www.paypal.com" by someone > using that server (ie, a user like you) would point to their phishing > server. > > To test whether the DNS server you use is safe from threats of this > type, use the DNS tester at <http://www.doxpara.com/?p=1162>. > Everyone should perform the test. > > If your DNS server(s) don't pass the test, contact your ISP and > demand at least one that does. > > For more info, see > <http://support.menandmice.com/jforum/posts/list/65.page> and follow > the links. > > > -- > Bill Christensen > <http://greenbuilder.com/contact/> > > Green Building Professionals Directory: <http:// > directory.greenbuilder.com> > Sustainable Building Calendar: <http://www.greenbuilder.com/calendar/> > Green Real Estate: <http://www.greenbuilder.com/realestate/> > Straw Bale Registry: <http://sbregistry.greenbuilder.com/> > Books/videos/software: <http://bookstore.greenbuilder.com/> > > John Callahan [EMAIL PROTECTED] If there are no dogs in Heaven, when I die I want to go where they went.ยจ --Will Rogers extreme positive = (ybya2) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed Low End Mac's G3-5 List, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/g3-5-list?hl=en Low End Mac RSS feed at feed://lowendmac.com/feed.xml -~----------~----~----~----~------~----~------~--~---
