posted on June 4, 2001 07:36:47 PM new
I just received 2 identical e-mails from Ebay pertaining to a password change request. Here is the message, not including link they sent;
***********
Forgot your password?
If you did not forget your password, please ignore this email.
To choose a new password, please go to the URL below:
(please use it exactly as is including all trailing fullstops)
xxxxxxxxxxxxxxx
This request was made from:
IP address: 63.227.167.3
ISP host: 63.227.167.3
Thank you for using eBay!
http://www.ebay.com
*******************
I should mention I recently had a problem with a user who started harassing me through e-mail.
posted on June 4, 2001 07:44:20 PM new
I had two of these last week. That was the first time in over 3 years of selling that I ever got these. The trace came back to a Canadian isp.
posted on June 4, 2001 07:50:02 PM new
Hello david2001. Those addresses don't match the ones I have but I think each department has a different address. I did a lookup on Sam Spade and this is the result:
Query: 63.227.167.3
Registry: whois.arin.net
Results:
U S WEST Communications Svcs, Inc. (NETBLK-USW-INTERACT99) USW-INTERACT99
63.224.0.0 - 63.231.255.255
WYOMING DINOSAUR CENTER (NETBLK-USW-WYOMINGDINOSAURCE) USW-WYOMINGDINOSAURCE
63.227.167.0 - 63.227.167.255
posted on June 4, 2001 08:22:36 PM new
The problem I just had was with a user who lives in the Northeast--not Wyoming. Is this confusion perhaps just an e-mail routing issue and it actually could be this guy?
I read up on the Wyoming Dinosaur Center and it's a museum in Wyoming.
What do you think? I am about to spell all this out to safeharbor, but don't want to have them screw with the guy unless it is legit.
posted on June 4, 2001 08:53:02 PM newdavid2001, I would be inclined to just change my password and forget about this email for now. If you notice anything else odd, or you receive another one of these emails, I would send them, including the full headers, to SafeHarbor and let them figure it out.
posted on June 4, 2001 09:21:39 PM new
I changed my password to a long series of numbers and letters....
BUT....
I just realized if someone is trying to break into my account, ALL they have to do is come up with the answer to my password hint!! Then THEY will be able to CHANGE my password to whatever they want!
They don't have to figure out your password---JUST the hint word!!
WHY bother changing your password if people only have to crack your password hint word---which you apparently CANNOT change!
HOW do you change your password hint????
I checked the different change this or that section, but could NOT find anything about how to do that.
posted on June 4, 2001 09:35:05 PM new
My auction partner was booted off ebay after she received one of those emails. Someone cracked her pw or changed it or something like that, stole her account, and ran up several thousand dollars in auction bids before she was suspended. She went through the appeals process and everything. I won't say whether she got back on or not, but it was a big mess all around.
posted on June 4, 2001 09:44:44 PM new
Blanche:
Thanks for that link!!
Guess what I did.
I was really perplexed as to whether or not I should report this to Ebay AND I was tempted to send the problem user an e-mail stating that I know he is attempting to break into my account, BUT there is the off chance (very far off) that it isn't him.
SO...
I changed my hint question from "What is your favorite sport" to "Who is (user's name here)'s mom?
I figure if it is him, this'll let him know I'm on to him, while not directly accusing him...and if it isn't him, than it just won't make any sense anyway.
Now all I have to do is worry about my auctions getting screwed with.
posted on June 4, 2001 09:51:56 PM new
I had second thoughts about further aggrivating the situation and decided to just send the same message I was going to send via e-mail, except this would be my password hint question:
"How long before (user's real first name) is sued for online harassment?"
Again, this won't make any sense to a typical user, but if it is this guy, it'll let him know that I am aware of what's going on---and I don't have to take a chance in contacting him and being wrong.
posted on June 4, 2001 10:04:28 PM new
LOL That's a good one david2001 I hope you can take care of your harassment problem. I think you made the right choice for now because you don't know for certain if he's the one generating those emails. It could be an eBay glitch. That's been known to happen!!
posted on June 4, 2001 10:23:25 PM new
A few more words, if no one minds.
If getting a strange note about passwords at eBay does prompt you to want to change your eBay password even if you're suspicious of the note, ALWAYS go right to www.ebay.com and through their usual menu navigation to change your password, NEVER follow a provided link.
Same for personal preferences, and anything else relating to an account. Not just on eBay either, but anywhere else you have an account -- go right to the site where the account actually is, not following some sort of intermediary link sent through email. This way, you can be sure you're making the change only with the company you do business with, and not a scammer.
I'm no expert, but I do not trust the idea of a password hints systems. Microsoft and (IIRC) AW now employ it too, but if used as they recommend, it does mean you are partially defeating the reason for having a password in the first place (i.e. if you're making it easier for yourself, you're probably making it easier for crackers too).
Unless someone can convince me otherwise, the cure (password hints) is likely to become worse than the disease (people forgeting their passwords and having to be verified in some way before they can be reset).
The way to avoid that is to pick one of the options but not answer the question as such, instead picking another obscure and meaningless string, and then either sticking to just the one intended password and making sure to remember it, or remembering both.
Yes, it's more bother, but less than trying to repair any damage from a breach.
----
What's being done in the name of direct marketing nowadays is crazy.
The above are all just my opinions, except where I cite facts as such.
Oh, I am not dc9a320 anywhere except AW. Any others are not me.
Is eBay is changing from a world bazaar into a bizarre world?
posted on June 4, 2001 11:23:10 PM new
Fortunately for me, I have a pretty good memory.
I would never actually answer a hint question with anything but jibberish.
I am not worried about forgetting my password, as I was already able to memorize quickly the long series of letters and numbers that now make up my password.
Yep, the old numbers and letters game. If someone can crack this password, let them have my account, they'll deserve it.
