Daily Archives: May 25, 2008

Security is hard.

Posted on by
34

And it gets harder when ISPs are aware of security problems on their network but don’t care. And believe it or not, I’m not talking about iPower this time.

Actual IM transcript from a conversation with xmission.com:

Tacit: You are hosting a phish.
Tacit: ftp://webmaster:webmaster@204.228.142.40/.ws/eBayISAPIi.dll
catalyst: chill, you could send a notification to abuse@xmission.com or to phish@ebay.com or whatever they have now
Tacit: Sent it two weeks ago.
Tacit: And a week ago.
Tacit: No response, phish still active.
Tacit: Two weeks is a long time.
Tacit: Your abuse@ address appears to be routed straight to /dev/null.
catalyst: I’m not an xmission employee, so I can’t help, just thought I’d recommend some alternatives
rostrax: Abuse is a valid e-mail address and it is looked at.
rostrax: That would be my suggestion on what to do.
Tacit: Again?
Tacit: How many times do you think I should send the same email to abuse@xmission.com before I conclude that xmission supports and condones hacks and phishes on their network?
rostrax: How many times have you sent it?
Tacit: Four.
Tacit: First one two weeks ago.
rostrax: I cannot speak for our abuse team, but I’m sure they’ve looked into it
Tacit: If they’ved looked into it, and it’s still active, what conclusion would you draw from that?
Tacit: 204.228.142.40 is on your network, yes?
rostrax: It is one of the IP’s we have yes.
Tacit: And if you click on the above link, you would agree that it is definitely an eBay phish, yes?
rostrax: You have to understand business’ have certain ways of handling these things. It may take some time. Please be patient with us, if you could send another e-mail I would appreciate it greatly. Also cc it to rostrax [at] xmission.com
Tacit: I do understand that businesses operate certain ways; I run one myself. Two weeks to handle a phish? Even China Netcom deals with phish sites faster…
rostrax: I’m unsure of our particular policy, but if you can send the e-mail and cc me on it, I will look into it on Tuesday


Edit: It gets better. Apparently, this phish has been active on Xmission’s network since at least April 9th.