Search

Domino Upgrade

VersionSupport end
5.0
6.0
6.5
7.0
8.0
8.5
Upgrade to 9.x now!
(see the full Lotus lifcyle) To make your upgrade a success use the Upgrade Cheat Sheet.
Contemplating to replace Notes? You have to read this! (also available on Slideshare)

Languages

Other languages on request.

Twitter

Useful Tools

Get Firefox
Use OpenDNS
The support for Windows XP has come to an end . Time to consider an alternative to move on.

About Me

I am the "IBM Collaboration & Productivity Advisor" for IBM Asia Pacific. I'm based in Singapore.
Reach out to me via:
Follow notessensei on Twitter
(posts)
Skype
Sametime
IBM
Facebook
LinkedIn
XING
Amazon Store
Amazon Kindle
NotesSensei's Spreadshirt shop
profile for stwissel on Stack Exchange, a network of free, community-driven Q&A sites

03/05/2006

Paypal Phish, getting damn good

Category
This just arrived in my inbox:


It is an image with an hyperlink on the dispute transaction text to an Estonian host. It pretty much looks like a pixel perfect duplication of paypal. For a layman user difficult to spot (unless you do the magazines with the "spot-the-7-differences" a lot):
  • - Paypal sends text, not an image
  • - the hotspot is slightly off
  • - It has been send to me via BCC

May them grow pimples on their butt, so they can't sit painfree!

23/11/2005

eMail abuse --- it's not me!

Category
From bouncing messages I learned today, that a flood of viruses is send specifically to Singaporean email accounts with the fake sender info@wissel.net. In case you came to this site to look who attacked you: It is not me. There is no such email address. The sender's address is totally fake. I also find that disgusting.
Nevertheless --- have a great day!

08/11/2005

Fighting Zombies

Category
Seems like the Australian government got the right idea. They start taking the ISVs into the responsibility to shut down zombies. There is quite a bit over coverage world wide. At the end the solution to curb unsolicited use of the Internet lies at the access ramps. Unfortunately the definition of "unsolicited" is in the eye of the beholder, so what weeds out a pest can also be used to suppress. I don't think that will be a problem in Australia, rather further up North (much further).  

04/09/2005

Phishing gets more sophisticated

Category
Just got a phishing email that claimed a paypal problem. The Phishers duplicated Paypals lingo and look very closely. They also tried to leverage on our tendency to scan pages rather than to read them. The URL is mostly identical to Paypal's. The only difference is a dash instead of a dot and slash. They just made the processing part of paypal (behind the .com ) part of their domain. To masquerade that they encoded it:

h t t p : / / www.paypal-com-cgi-bin-xxx-pp7848%34%31%2E%63%6F%6D (not the real one to protect innocent people).
Which translates to:
h t t p : / / www.paypal-com-cgi-bin-xxx-pp784841.com

The mail was routed:
"from sebsoksa.com.previewmysite.com (localhost [127.0.0.1]) by web5.megawebservers.com (8.12.10/8.12.9) with ESMTP id j835Fiu3017824 for <stephan@wissel.net>; Sat, 3 Sep 2005 01:15:50 -0400"
which is fake of course (at least the from part).

What is very confusing: The IP address of the webserver is 65.54.132.254 running on IIS6 in Redmond!!! See for yourself! Somehow the managed to highjack the server for a reroute!

The true form that pops up is running on a 1 & 1 registered server by Mr. Solis:
Domain ID:D10723261-LRMS
Domain Name:ID-PP75216122155155554454.INFO
Created On:18-Aug-2005 17:35:47 UTC
Expiration Date:18-Aug-2006 17:35:47 UTC
Sponsoring Registrar:R113-LRMS
Status:ACTIVE
Status:OK
Registrant ID:C11011092-LRMS
Registrant Name:Felipe Solis
Registrant Street1:415 N. Paseo Flamenco Apt
Registrant City:Rio Rico
Registrant State/Province:AZ
Registrant Postal Code:85648
Registrant Country:US
Registrant Phone:+1.5205484584
Registrant Email:etareke at hotmail.com
Admin ID:C11011092-LRMS
Admin Name:Felipe Solis
Admin Street1:415 N. Paseo Flamenco Apt
Admin City:Rio Rico
Admin State/Province:AZ
Admin Postal Code:85648
Admin Country:US
Admin Phone:+1.5205484584
Admin Email:etareke at hotmail.com

Nice try Mr. Solis!

Update: Hotmail doesn't care, that their servers are used in a scam. I duly forwarded the message to abuse@hotmail.com, explaining the problem. First I got a promising (auto) reply: " This is an auto-generated response designed to let you know that our system received your support inquiry and a Support Representative will review your question and respond to you soon." About a second later (what a joke, that a support representative would have looked into it) Hotmail told me, that since it is not a hotmail email (rather than their server), they won't look into it: " Unfortunately, we cannot take action on the mail you sent us because it does not reference a Hotmail account. Please send us another message that contains the full Hotmail e-mail address and the full e-mail message to:
   abuse@hotmail.com".  

Update 2: I just got an email from 1 & 1 who hosted the destination phishing site: " Dear Sir or Madam, thank you for bringing this matter to our attention. The account in question has been suspended."
Seems some ISP do care! Well done 1&1.

Disclaimer

This site is in no way affiliated, endorsed, sanctioned, supported, nor enlightened by Lotus Software nor IBM Corporation. I may be an employee, but the opinions, theories, facts, etc. presented here are my own and are in now way given in any official capacity. In short, these are my words and this is my site, not IBM's - and don't even begin to think otherwise. (Disclaimer shamelessly plugged from Rocky Oliver)
© 2003 - 2017 Stephan H. Wissel - some rights reserved as listed here: Creative Commons License
Unless otherwise labeled by its originating author, the content found on this site is made available under the terms of an Attribution/NonCommercial/ShareAlike Creative Commons License, with the exception that no rights are granted -- since they are not mine to grant -- in any logo, graphic design, trademarks or trade names of any type. Code samples and code downloads on this site are, unless otherwise labeled, made available under an Apache 2.0 license. Other license models are available on written request and written confirmation.