|
At 10:11 AM 10/9/2018, Scott McGrath wrote: The problem with using an alternative DNS provider is some slimy ISP's disallow use of alternative DNS under the guise of "protecting" you. There are also wifi networks that disallow use of alternate DNS providers - my local library is an example. Of course, I do very little there - I access some online resources that can only be accessed when I am on the library network, and the only other thing I do there is check my email. My laptop has a utility to automatically configure wifi connections, so when I connect at the library it automatically uses the library network for DNS resolution. Dale H. Cook, GR/HP/Tek Collector, Roanoke/Lynchburg, VA
|
The problem with using an alternative DNS provider is some slimy ISP’s disallow use of alternative DNS under the guise of ‘protecting’ you.
In reality it’s all about monetizing your internet activity and redirecting you to ‘preferred’ partners. Use of alternative providers makes that much harder for an ISP to do those things. Not impossible mind you just much more expensive.
Whoever controls the DNS controls what you see on the internet and what you don’t.
|
On 09/10/18 09:38, Dr. David Kirkby
from Kirkby Microwave Ltd wrote:
On Tue, 9 Oct 2018 at 07:53, Tom Gardner < tggzzz@...>
wrote:
A wouldn't have thought the
"ownership" carries any useful information. I presume it
can be easily forged. As a colleague of mine, Stefek
Zaba, used to tell everybody in the mid-late 90s, "my
name is Donald Duck, and I have a digital certificate to
prove it".
The only important part of a digital certificate is that
it is vouched for by the chain of certificates to a
trusted root certificate. If you trust the chain then
you have (some) trust in the site.
Of course it isn't necessary to have a certificate that
has a chain to a trusted root certificate. One system I
worked on had a "self-signed" certificate, and that was
completely sufficient for our purposes.
I too have created self-signed
certificates, but they would be flagged by any modern
browser as being self-signed, so should be a warning to
someone that something is amiss.
Agreed.
Just as a causual user of eBay, I'm
finding hacked accounts all the time by accident. There
seems to be something wrong with their security system that
is permitting these accounts to be hyjacked.
It could well be outside ebay's ability to control. Classic example
would be a password used in multiple places, and one of the other
places losing the info.
I don't know how many people get
tricked by the eBay scammers and pay by bank transfer.
Sufficient, I presume :(
Even solicitors have been duped with their client's money for a
house purchase: all it takes is a simple "our bank account has
changed" email, and some dozy admins.
|
Dr. David Kirkby from Kirkby Microwave Ltd
On Tue, 9 Oct 2018 at 07:53, Tom Gardner < tggzzz@...> wrote:
A wouldn't have thought the "ownership" carries any useful
information. I presume it can be easily forged. As a colleague of
mine, Stefek Zaba, used to tell everybody in the mid-late 90s, "my
name is Donald Duck, and I have a digital certificate to prove it".
The only important part of a digital certificate is that it is
vouched for by the chain of certificates to a trusted root
certificate. If you trust the chain then you have (some) trust in
the site.
Of course it isn't necessary to have a certificate that has a chain
to a trusted root certificate. One system I worked on had a
"self-signed" certificate, and that was completely sufficient for
our purposes.
I too have created self-signed certificates, but they would be flagged by any modern browser as being self-signed, so should be a warning to someone that something is amiss.
Just as a causual user of eBay, I'm finding hacked accounts all the time by accident. There seems to be something wrong with their security system that is permitting these accounts to be hyjacked. I don't know how many people get tricked by the eBay scammers and pay by bank transfer.
Dr David Kirkby Ph.D C.Eng MIET
Kirkby Microwave Ltd
Registered office: Stokes Hall Lodge, Burnham Rd, Althorne, CHELMSFORD, Essex, CM3 6DT, United Kingdom.
Registered in England and Wales as company number 08914892
Tel 01621-680100 / +44 1621-680100
|
In this instance, the "clue" (other than the dodgey deal itself) was
that the "Daily Deals" fake ebay site was not TLS secured.? It was
plain old http:
If you try to go to ebay (.com or .co.uk for example) using http,
you will automatically get redirected to the https secured pages.
Doing a traceroute on the daily deals link address, and then trying
to reverse DNS the resulting endpoint IP address, also flagged up
suspicions.
Any site that isn't using TLS these days, that purports to be ebay
is instantly suspicious.??? (Another good reason not to hide details
in the URL bar.? Google, are you listening?? Of course they are, but
only 'bots.)
As to DNS settings, not sure which Dave the comment was targeted at,
but I already use Quad9 and their secondary address (that, without
poking at the settings I can't remember) in both my home router and
travelling PC.?? Sure, it stops a lot, but stuff like that due to
being hosted on Digital Ocean's systems (a valid hosting company)
still get through.
Take care.
73.
Dave G0WBX
(Too many "Dave's" on here...)
Re: Some suspiciously cheap RF test kit
on eBay UK
From: Dave
McGuire
Date: Mon, 08 Oct 2018 09:54:08 PDT
...which is an excellent argument in support of "encryption
everywhere". The scumbags will find a way around that (like simply
registering and installing SSL certificates) but the trick is to
stay
one step ahead of them.
The point, though, is that there's no way to tell what domains are
"fake". After all, what constitutes "fake" in this context? The
fraudulent listing is a fully legitimate domain name, there is
nothing
"fake" about it other than the fact that, as a substring, it
includes
the same sequence of characters as that of a well-known web site.
That is actually an extraordinarily difficult problem to solve
without
creating lots of false positives.
-Dave
--
Created on and sent from a Unix like PC running and using free and open source software.
::
|
On 08/10/18 23:00, Dr. David Kirkby
from Kirkby Microwave Ltd wrote:
Looking at the SSL certificates of , and
shows something odd.
For ?
"Owner: This website does not supply ownership
information."
For
"Owner: This website does not supply ownership
information."
For
"Owner: Kirkby Microwave Ltd"
(see attached screen
shots)
So why the %?$ don't eBay
at least have their SSL certificates with their
ownership in? I think the EV SSL certificate
cost me $80 for a year, so hardly a fortune.
A wouldn't have thought the "ownership" carries any useful
information. I presume it can be easily forged. As a colleague of
mine, Stefek Zaba, used to tell everybody in the mid-late 90s, "my
name is Donald Duck, and I have a digital certificate to prove it".
The only important part of a digital certificate is that it is
vouched for by the chain of certificates to a trusted root
certificate. If you trust the chain then you have (some) trust in
the site.
Of course it isn't necessary to have a certificate that has a chain
to a trusted root certificate. One system I worked on had a
"self-signed" certificate, and that was completely sufficient for
our purposes.
"If you think encryption will solve your problem, you don't
understand encryption and you don't understand your problem".
Then s/encryption/identity/ (as the UK government has spent a lot of
money finding out with its plans for digital identity certificates
for all the Queens's subjects)
|
My apologies. I was not completely up to speed with public DNS providers and just assumed the worst. :^)
toggle quoted message
Show quoted text
On 9/10/18 12:49 PM, bownes wrote: 9.9.9.9 isn’t Google. It’s a friend, former co-worker, and person of great trust.
8.8.8.8 is google.
On Oct 8, 2018, at 18:11, Andy ZL3AG via Groups.Io <zl3ag@...> wrote:
On 9/10/18 5:50 AM, bownes wrote:
Well said Dave.
But you and I are attentive to domain names due to our rather DNS centric backgrounds. Other folks might want to think about using 9.9.9.9 as their DNS server (as opposed to the one your ISP hands you) as it has a number of features to knock down the spam and scams.
Bob
I trust my ISP more than I trust Google.
|
9.9.9.9 isn’t Google. It’s a friend, former co-worker, and person of great trust.
8.8.8.8 is google.
toggle quoted message
Show quoted text
On Oct 8, 2018, at 18:11, Andy ZL3AG via Groups.Io <zl3ag@...> wrote:
On 9/10/18 5:50 AM, bownes wrote:
Well said Dave.
But you and I are attentive to domain names due to our rather DNS centric backgrounds. Other folks might want to think about using 9.9.9.9 as their DNS server (as opposed to the one your ISP hands you) as it has a number of features to knock down the spam and scams.
Bob
I trust my ISP more than I trust Google.
|
On 9/10/18 5:50 AM, bownes wrote: Well said Dave.
But you and I are attentive to domain names due to our rather DNS centric backgrounds. Other folks might want to think about using 9.9.9.9 as their DNS server (as opposed to the one your ISP hands you) as it has a number of features to knock down the spam and scams.
Bob
I trust my ISP more than I trust Google.
|
Dr. David Kirkby from Kirkby Microwave Ltd
On Mon, 8 Oct 2018 at 17:54, Dave McGuire < mcguire@...> wrote:
? ...which is an excellent argument in support of "encryption
everywhere".? The scumbags will find a way around that (like simply
registering and installing SSL certificates) but the trick is to stay
one step ahead of them.
? The point, though, is that there's no way to tell what domains are
"fake".? After all, what constitutes "fake" in this context?? The
fraudulent listing is a fully legitimate domain name, there is nothing
"fake" about it other than the fact that, as a substring, it includes
the same sequence of characters as that of a well-known web site.
? That is actually an extraordinarily difficult problem to solve without
creating lots of false positives.
? ? ? ? ? ? ?-Dave
Do you think EV SSL certificates, along with public education, could play any role? So when someone clicks on a greed padlock in their browser bar, then can determine the owner of a domain?
Looking at the SSL certificates of , and shows something odd.
For ? "Owner: This website does not supply ownership information."
For "Owner: This website does not supply ownership information."
For "Owner: Kirkby Microwave Ltd"
(see attached screen shots)
So why the %?$ don't eBay at least have their SSL certificates with their ownership in? I think the EV SSL certificate cost me $80 for a year, so hardly a fortune.
Neither Keysight nor Anritsu have EV SSL certicates, although Rohde and Schwarz do. But eBay is a prime target for these sort of attacks, so I'm amazed that like almost any bank, PayPal etc, eBay don't get EV SSL certificates - and eductate people on what to look for.?
Anyway, I won my auction for the 3 GHz impedance analyzer for ?310 - see picture attached. I will see how long it takes eBay to tell me not to pay for it. Of course I have not paid, as I knew it was a scam, but it does not stop me bidding on scams.
-- Dr David Kirkby Ph.D C.Eng MIET
Kirkby Microwave Ltd
Registered office: Stokes Hall Lodge, Burnham Rd, Althorne, CHELMSFORD, Essex, CM3 6DT, United Kingdom.
Registered in England and Wales as company number 08914892
Tel 01621-680100 / +44 1621-680100
|
Aside from the ‘_’, both are technically valid. There are no special reserved words like ‘www’, ‘mail’, etc, but some have become popular conventions.
Bob
toggle quoted message
Show quoted text
On Oct 8, 2018, at 15:59, Adrian <Adrian@...> wrote:
Am I right that the format for the sub domain is that it must precede the main thus:
()whatever.sub.domain.main_domain.com/
I realise that won't help much with an all numbers domain but does help with most legitimate sites
so 'mail.your_bank.com/' is ok but 'your_bank.mail.com/' is not?
Adrian
On 10/8/2018 7:41 PM, PAUL NICKALLS via Groups.Io wrote:
Always look for the last full stop before the "/". It gives a very good clue as to what is going on.
Paul.
On 08/10/2018 17:09, pianovt via Groups.Io wrote:
Aside from the obvious weekend ebay scam, there is something very disturbing here. I am talking about how well they disguised their web site URL.
|
Am I right that the format for the sub domain is that it must precede the main thus:
()whatever.sub.domain.main_domain.com/
I realise that won't help much with an all numbers domain but does help with most legitimate sites
so 'mail.your_bank.com/' is ok but 'your_bank.mail.com/' is not?
Adrian
toggle quoted message
Show quoted text
On 10/8/2018 7:41 PM, PAUL NICKALLS via Groups.Io wrote: Always look for the last full stop before the "/". It gives a very good clue as to what is going on.
Paul.
On 08/10/2018 17:09, pianovt via Groups.Io wrote:
Aside from the obvious weekend ebay scam, there is something very disturbing here. I am talking about how well they disguised their web site URL.
|
Always look for the last full stop before the "/". It gives a very
good clue as to what is going on.
Paul.
On 08/10/2018 17:09, pianovt via
Groups.Io wrote:
Aside from the obvious weekend ebay scam, there is something very
disturbing here. I am talking about how well they disguised their
web site URL.
I generally check a URL (at least superficially) before clicking
on it. This URL probably would have fooled me. This kind of a scam
could happen anywhere outside of ebay. For example, they could
have set up a phony Amazon web site using the same method. It
looks like it was a really bad idea to allow URLs with a string of
text in front of the domain name.
Vladan
|
Yes, agreed 100%. Unfortunately, though, lots of people just "do what
they're told" these days. I've even spoken to a person, a technical
person no less, who upgraded is OS (and thus his computer, because
everyone knows you MUST run whatever OS came installed on the computer!)
when his ISP told him to...in order to support their advertisement
delivery software.
...which had nothing at all to do with what an ISP does, which is
MOVING PACKETS. This concept was lost on this (reminder: technical!)
guy, who was just blindly doing what his newly-hired ISP told him to do
on the phone.
This whole problem comes down to people diving in and using a complex
tool without learning anything about it first. Would they do that with
a Bridgeport mill? Or a car? Of course not. But they think nothing of
it with computers and the Internet.
(I remember the first time I had to deal with a consumer-level ISP. I
called them for the IP parameters and the guy asked "What Windows are
you running on your computer?" ..to which I replied "UNICOS".)
-Dave
toggle quoted message
Show quoted text
On 10/08/2018 12:50 PM, bownes wrote:
Well said Dave.
But you and I are attentive to domain names due to our rather DNS centric backgrounds. Other folks might want to think about using 9.9.9.9 as their DNS server (as opposed to the one your ISP hands you) as it has a number of features to knock down the spam and scams.
Bob
On Oct 8, 2018, at 12:39, Dave McGuire <mcguire@...> wrote:
On 10/08/2018 12:33 PM, pianovt via Groups.Io wrote:
Dave, I agree that the internet was not meant for e-commerce and really
lacks in terms of security. In this case, the domain name is
3262345523.site
The standard should really not allow any other text in front of the
domain name. It's just asking for a scam. Yes, but "text in front of the domain name" is how subdomains work.
Nearly all large networks use subdomains, sometimes as many has five
levels deep. In the case of the fake web page being discussed,
"www.ebay.com" is a fully legitimate subdomain of domain "3262345523.site".
The problem is scumbags on one end and people not paying
attention on the other end. Of course, as with anything else, when the
scumbags get better at fooling people, it becomes less our fault and
more their fault, as is what seems to be happening here. I myself would
probably have spotted the fraudulent page, but only because I ran very
large (tens of thousands of domains) DNS servers years ago, and I run a
couple of good-sized ones (hundreds of domains) now. Any other
reasonable person may not notice it at all.
...just like any reasonable person may not notice a modified ATM with
an added card-harvesting fixture, or a scam phone call from the IRS.
-Dave
--
Dave McGuire, AK4HZ
New Kensington, PA
--
Dave McGuire, AK4HZ
New Kensington, PA
|
...which is an excellent argument in support of "encryption
everywhere". The scumbags will find a way around that (like simply
registering and installing SSL certificates) but the trick is to stay
one step ahead of them.
The point, though, is that there's no way to tell what domains are
"fake". After all, what constitutes "fake" in this context? The
fraudulent listing is a fully legitimate domain name, there is nothing
"fake" about it other than the fact that, as a substring, it includes
the same sequence of characters as that of a well-known web site.
That is actually an extraordinarily difficult problem to solve without
creating lots of false positives.
-Dave
toggle quoted message
Show quoted text
On 10/08/2018 12:48 PM, Kuba Ober wrote: Modern browsers highlight such fake domains anyway, IIRC. Basically, if any prefix is a valid FQDN with valid https certificate, it’ll get flagged.
Cheers, Kuba
8 okt. 2018 kl. 12:39 skrev Dave McGuire <mcguire@...>:
On 10/08/2018 12:33 PM, pianovt via Groups.Io wrote:
Dave, I agree that the internet was not meant for e-commerce and really
lacks in terms of security. In this case, the domain name is
3262345523.site
The standard should really not allow any other text in front of the
domain name. It's just asking for a scam. Yes, but "text in front of the domain name" is how subdomains work.
Nearly all large networks use subdomains, sometimes as many has five
levels deep. In the case of the fake web page being discussed,
"www.ebay.com" is a fully legitimate subdomain of domain "3262345523.site".
The problem here is scumbags on one end and people not paying
attention on the other end. Of course, as with anything else, when the
scumbags get better at fooling people, it becomes less our fault and
more their fault, as is what seems to be happening here. I myself would
probably have spotted the fraudulent page, but only because I ran very
large (tens of thousands of domains) DNS servers years ago, and I run a
couple of good-sized ones (hundreds of domains) now. Any other
reasonable person may not notice it at all.
...just like any reasonable person may not notice a modified ATM with
an added card-harvesting fixture, or a scam phone call from the IRS.
-Dave
--
Dave McGuire, AK4HZ
New Kensington, PA
--
Dave McGuire, AK4HZ
New Kensington, PA
|
As much as I dislike doing business with the Chinese there are thousands (if not millions) of legitimate Chinese "number" domains. My suspicion is that it was too difficult to register the "hanzi" characters (Chinese written language) with the Arabic character internet registry world? and that the government probably pre-approves (assigns) most domain names anyway, easier to just assign them a serial number... Only a guess though.
Dave
?manuals@...
toggle quoted message
Show quoted text
On 10/8/2018 12:39 PM, Dave McGuire wrote: On 10/08/2018 12:37 PM, Artekmedia wrote:
Number named sites are quite common originating in China for reasons I
can only guess at. Oh, the reasons are quite clear. Schemes like this.
-Dave
--
Dave
Manuals@...
www.ArtekManuals.com
|
Well said Dave.
But you and I are attentive to domain names due to our rather DNS centric backgrounds. Other folks might want to think about using 9.9.9.9 as their DNS server (as opposed to the one your ISP hands you) as it has a number of features to knock down the spam and scams.
Bob
toggle quoted message
Show quoted text
On Oct 8, 2018, at 12:39, Dave McGuire <mcguire@...> wrote:
On 10/08/2018 12:33 PM, pianovt via Groups.Io wrote:
Dave, I agree that the internet was not meant for e-commerce and really
lacks in terms of security. In this case, the domain name is
3262345523.site
The standard should really not allow any other text in front of the
domain name. It's just asking for a scam. Yes, but "text in front of the domain name" is how subdomains work.
Nearly all large networks use subdomains, sometimes as many has five
levels deep. In the case of the fake web page being discussed,
"www.ebay.com" is a fully legitimate subdomain of domain "3262345523.site".
The problem is scumbags on one end and people not paying
attention on the other end. Of course, as with anything else, when the
scumbags get better at fooling people, it becomes less our fault and
more their fault, as is what seems to be happening here. I myself would
probably have spotted the fraudulent page, but only because I ran very
large (tens of thousands of domains) DNS servers years ago, and I run a
couple of good-sized ones (hundreds of domains) now. Any other
reasonable person may not notice it at all.
...just like any reasonable person may not notice a modified ATM with
an added card-harvesting fixture, or a scam phone call from the IRS.
-Dave
--
Dave McGuire, AK4HZ
New Kensington, PA
|
Modern browsers highlight such fake domains anyway, IIRC. Basically, if any prefix is a valid FQDN with valid https certificate, it’ll get flagged.
Cheers, Kuba
toggle quoted message
Show quoted text
8 okt. 2018 kl. 12:39 skrev Dave McGuire <mcguire@...>:
On 10/08/2018 12:33 PM, pianovt via Groups.Io wrote:
Dave, I agree that the internet was not meant for e-commerce and really
lacks in terms of security. In this case, the domain name is
3262345523.site
The standard should really not allow any other text in front of the
domain name. It's just asking for a scam. Yes, but "text in front of the domain name" is how subdomains work.
Nearly all large networks use subdomains, sometimes as many has five
levels deep. In the case of the fake web page being discussed,
"www.ebay.com" is a fully legitimate subdomain of domain "3262345523.site".
The problem here is scumbags on one end and people not paying
attention on the other end. Of course, as with anything else, when the
scumbags get better at fooling people, it becomes less our fault and
more their fault, as is what seems to be happening here. I myself would
probably have spotted the fraudulent page, but only because I ran very
large (tens of thousands of domains) DNS servers years ago, and I run a
couple of good-sized ones (hundreds of domains) now. Any other
reasonable person may not notice it at all.
...just like any reasonable person may not notice a modified ATM with
an added card-harvesting fixture, or a scam phone call from the IRS.
-Dave
--
Dave McGuire, AK4HZ
New Kensington, PA
|
Well the auction ended. Somebody spend over 970 pounds. Check out the auction bids and tell me if some shill bidding was going on. very weird,
|
On 10/08/2018 12:37 PM, Artekmedia wrote: Number named sites are quite common originating in China for reasons I
can only guess at. Oh, the reasons are quite clear. Schemes like this. -Dave -- Dave McGuire, AK4HZ New Kensington, PA
|
bownes
Dave McGuire
RFI-EMI-GUY