No thanks for all the phish

I'm used to report phishing when I get one in my mailbox. Last Thursday (Jan 5) I received one attempt disguised as an eBay email asking me to verify my identity. I went to, only to discover that they've removed all practical means to report such abuse. In order to report a security issue to eBay, you have to go through a registration process, which is utterly ridiculous.

So I reviewed the source of the email, did a whois on the phisher site, found that it was hosted by Telefonica in Spain and reported it to the abuse address listed on the IP range in the whois. Today I received confirmation from Telefonica that they shut the site down. Kudos to them for this, and taking the time to reply to me! eBay should thank them too, they care more about the security of eBay customers than eBay itself, apparently.

Speaking of phishing, I just discovered this anti-phishing group (heh, I see eBay has a prominent place on the sponsors list). Also Netcraft has an anti-phishing toolbar. I've tested neither of those, but I think that if there was some internet-scale way to submit a suspicious email and get the providers co-operate a bit, phishing attempts would not fly long before being caught and stopped.


I recently received an email to update my Amazon account while I use only my wife's account on Amazon, so I haven't been caught in the trap but indeed I didn't spend too much time trying to fight the phishing.

Internet Merchants should also warn more often on their Website that they never send emails to their customers to update/check account information so that if you get one it's PHISHING (except for domain name ...)

There will be a workshop this week in New-York on security.

"Toward a More Secure Web
W3C Workshop on Transparency and Usability of Web Authentication"

You can read the position papers from the different companies, browser vendors, etc.

And the program of the workshop


mensuelles Archives

Recent Entries

  • Steve Jobs

    "Remembering that I’ll be dead soon is the most important tool I’ve ever encountered to help me make the big choices in life. Because...

  • Your privacy on MOTOBLUR by Motorola

    After the Nokia Ovi Store carelessness, it's now Motorola who's allowing strangers to get access to your private information on their MOTOBLUR portal. Exactly like...

  • How to resume a broken ADC download

    (I'm documenting this trick for myself to remember, but it can be useful for others…) Apple, on its Apple Developer Connection site, has a bad...

  • WTF is this ‘myEventWatcherDiv’ doing in my web?

    All of a sudden I started to find the following line in most of the web pages I was browsing, including ones I made where...

  • Your privacy on Nokia Ovi Store

    My friend Adam Greenfield recently complained about the over-engineering culture at Nokia: I was given an NFC phone, and told to tap it against the...