Updated: 24.11.2002; 11:30:29 Uhr.
disLEXia
lies, laws, legal research, crime and the internet
        

Sunday, August 27, 2000

Re: Hoaxes: when will they ever learn

A digital signature on the press release would not have prevented this -- it was a real press release sent out by Internet Wire, a business press-release agency.

The hoaxers got the release sent by social-engineering IW- they convinced a "day staff" that the "night staff" had approved the story. [Source: (San Jose) *Mercury News*, 26 Aug 2000]. Thus the story was accepted without checking the facts.

The real problem here is shoddy "journalism". Digital signatures would have prevented this only if IW accepted only e-mailed releases that were digitally signed, and they actually verified the signatures. If they accepted phoned-in releases, hoaxers could still send in fakes ones. Fixing the verification procedure is the way to prevent this sort of problem from occurring again.

Eric Murray http://www.lne.com/ericm ericm at lne.com Consulting Security Architect [Eric Murray via risks-digest Volume 21, Issue 03]
0:00 # G!

Risks of partially updated Web pages (ebay)

eBay presents each auction on a bookmarkable Web page which shows the item description, the time remaining before the auction ends, the current high bid, and the eBay identity of the high bidder. On repeated access, the "time left" field decrements in near-real time, eventually changing to "Auction has ended."

The seller's guide notes that "Going, going, gone! When your auction ends, you and the high bidder will get e-mails." This breezy remark is the only thing the seller's guide says about these e-mails, and it is easy to assume that they are just reminders. In contrast, eBay is very emphatic about the importance of buyer and seller contacting each other "within 3 days" after the auction ends.

Formerly, confirmation e-mails were sent within a few hours of the close of the auction, but lately they have been very slow, taking, in some cases, several days to arrive.

I listed a cheap item on which I expected few bids and got single bid for my minimum price within a few hours after the auction started. Day by day the "time left" counted down, and eventually read "Auction has ended." The page still showed a single bid and the ID of the original bidder. Two days after close of auction I had not received any e-mail, so I contacted the bidder shown on the Web page to initiate the transaction.

Needless to say, the next day a confirmation e-mail arrived showing that a second bidder with a higher bid had won the auction. The Web page for the auction, which formerly showed "Auction has ended, 1 bid, $5.00" now showed "Auction has ended, 2 bids, $12.50."

Obviously--in retrospect--the "time left" field is generated by some simple process that does not required database updating (since the end of the auction is constant). The rest of the page requires database access and is probably subject to the same delays as the process that sends the e-mail confirmations.

But it is natural to assume that if part of a dynamically generated Web page has been updated, the rest of it has, too. Stupid, to be sure--but natural. ["Daniel P.B. Smith" ]
0:00 # G!


Maximillian Dornseif, 2002.
 
August 2000
Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    
Jul   Sep
Search
about this disLEXia thing
presentations
scientific publications
logner Texts
my old homepage
categories in this weblog
Subsections of this WebLog
bloging by me
german language content
hacks
computer investigations
computer incidents
going to court
events and conferences
statistics and the like
privacy
main page

Subscribe to "disLEXia" in Radio UserLand.

Click to see the XML version of this web page.

Click here to send an email to the editor of this weblog.