Author |
Message |
Registered: March 10, 2007 | Posts: 4,282 |
| Posted: | | | | It was called to my attention this morning that there existed a way to access email addresses of forum users regardless of their email address privacy setting. I investigated and identified the method, which involved manually creating falsified URLs. I have corrected the issue so this is no longer possible.
I apologize for any trouble this may have caused for any of our users. As an additional step, we will perform a full audit to ensure that no additional ways exist to bypass email address or other privacy. | | | Invelos Software, Inc. Representative |
|
Registered: March 13, 2007 | Reputation: | Posts: 5,494 |
| Posted: | | | | would this explain all the viagra spam I also get.... ?? Thanks Ken.. ! | | | In the 60's, People took Acid to make the world Weird. Now the World is weird and People take Prozac to make it Normal.
Terry |
|
Registered: June 9, 2007 | Posts: 1,208 |
| Posted: | | | | I thought all posts in the Anouncements board were supposed to be locked?? |
|
Registered: March 10, 2007 | Posts: 4,282 |
| Posted: | | | | This one is open for comment for a period of time. | | | Invelos Software, Inc. Representative |
|
Registered: March 13, 2007 | Reputation: | Posts: 5,494 |
| Posted: | | | | I received this alert when I was 'surfing' around Invelos the other day.,, This is what I found out about 'TCP Fin Scan': The firewall alert that you are seeing indicates that someone has attempted to scan your computer using the TCP FIN Scan. What this does is attempt to determine which ports are open on your computer so that they may be used to intrude. The fact that you have been alerted to the scan by the Shaw Secure firewall is your assurance that the scan was not successful, as it was blocked by Shaw Secure. It is impossible to prevent someone from attempting to scan your computer, since the Internet is, by its very nature, a shared medium, and so the defence is to block the scan. So there is no cause for concern because Shaw Secure has protected your computer from being scanned. Is this what this Post is about Ken ?? | | | In the 60's, People took Acid to make the world Weird. Now the World is weird and People take Prozac to make it Normal.
Terry | | | Last edited: by widescreenforever |
|
Registered: March 13, 2007 | Reputation: | Posts: 922 |
| Posted: | | | | No, what Ken meant is that it was possible to get my mail address (mine should be private) by switching the username in a legit url like http://www.invelos.com/ConfirmNotAutomated.aspx?task=email&alias=widescreenforever to my username: http://www.invelos.com/ConfirmNotAutomated.aspx?task=email&alias=SH84. Prior to this patch everyone could "solve" the test and get my mail address, now that's not possible.
And you got a simple portscan, script kiddies do them all day long and try to get an infected pc to play with. It's nothing to worry about if your computer is clean. | | | Deutsches DVD Profiler Forum: www.dvdprofiler-forum.de | | | Last edited: by SH84 |
|
Registered: March 13, 2007 | Posts: 350 |
| Posted: | | | | ... and the one you posted appears to originate from France somewhere ... | | | -fred |
|
Registered: March 13, 2007 | Posts: 2,692 |
| Posted: | | | | Quoting widescreenforever: Quote: I received this alert when I was 'surfing' around Invelos the other day.,, This is what I found out about 'TCP Fin Scan': The firewall alert that you are seeing indicates that someone has attempted to scan your computer using the TCP FIN Scan. It seems you only get the warning if you are using IE6 or IE7. | | | Paul | | | Last edited: by pauls42 |
|
Registered: May 19, 2007 | Reputation: | Posts: 5,918 |
| Posted: | | | | That scan alert didn't come from Invelos - it's not related to your browsing but is a probe being performed by someone else. |
|
Registered: March 13, 2007 | Reputation: | Posts: 5,494 |
| Posted: | | | | it just seemed funny that i got that intrusion while I was on an Invelos page.. | | | In the 60's, People took Acid to make the world Weird. Now the World is weird and People take Prozac to make it Normal.
Terry |
|
Registered: April 4, 2007 | Posts: 85 |
| Posted: | | | | I had the same..an intrusion warning when i was on the invelos site!!! I get the warning from mine firewall Kaspersky.
R.N |
|
Registered: March 13, 2007 | Posts: 1,242 |
| Posted: | | | | A damn good firewall with settings to allow you out and un-warranted intruders out will stop any intrusion.
@Terry: just because you where on the Invelos site at the time the attack occured doen't mean it's Invelos site related. I have seen them come up on a freinds PC when he was only downloading his email's.
Steve |
|
Registered: March 13, 2007 | Posts: 670 |
| Posted: | | | | Quoting widescreenforever: Quote: Is this what this Post is about Ken ??
No, the screenshot shows that the scan originated from the IP-address 83.115.198.142, which has nothing to do with Invelos - it belongs to a private costumer in France (with the ISP Wanadoo)... That you got it while visiting the Invelos website has nothing to do with anything - you would have gotten it no matter which site you were on when the scan was initiated - you would even have gotten it if your browser was closed at the time... | | | The future is here. It's just not widely distributed yet. (William Gibson) |
|
Registered: April 4, 2007 | Posts: 888 |
| Posted: | | | | Well, if two of you were being "attacked" by a french private person not even hiding their IP while browsing this forum there is a possibility it is one of our french users :/ | | | - Jan |
|
Registered: May 19, 2007 | Reputation: | Posts: 5,918 |
| Posted: | | | | Well, if they want to see what ports are open, they have to have their IP visible. If they spoof their IP address, they don't get any response back because the response goes somewhere else. |
|
Registered: March 13, 2007 | Posts: 1,796 |
| Posted: | | | | Quoting widescreenforever: Quote: would this explain all the viagra spam I also get.... ??
Thanks Ken.. ! Not to mention enhancement spam for certain body parts. but your oversight wasn't as noticeable cause of spam increase compare to: Moat on my spam increased when I amplified for Social Security, an other example of how our government is looking out for you. My spam blocker catches about 150 to 200 a day, not mention 25 to 40 possible spam. | | | We don't need stinkin' IMDB's errors, we make our own. Ineptocracy, You got to love it. "Nearly all men can stand adversity, but if you want to test a man's character, give him power." - Abraham Lincoln | | | Last edited: by Srehtims |
|