Martin List-Petersen wrote:
-> Contact Google.
Somebody from Google replied off-list. Sounds like Google maybe
had this updated even before he looked at it.
-> Again. Akamai is helpful. Contact them.
Somebody from Akamai replied off-list and they're looking into it.
-> 3) End-user unable to complete an online e-commerce transaction
-> due to a fraud-prevention service thinking he was a Chilean user
-> trying to buy something with a US-based credit card.
->
-> There's no fast fix for this, but have you talked to MaxMind about
-> chaning the Geo location ? They'll implent it fast and it's in their
-> DB within a week, max 2, but it'll take 2 months at least, before it
MaxMind was the first place I checked; they already had the correct
info when I looked. IP2Location don't have the right info, but they
think it's a Speakeasy.net IP in Washington DC which probably won't be a
problem. No idea about Digital Element yet.
Netblock is 67.214.48.0/20 - was reg'd a couple of weeks ago so folks
who pull ARIN assignments regularly will have it. Those who care but
don't check ARIN regularly may want to see if they think it's in Chile,
and change it to Denver, Colorado if so.
-> However, the ecommerce issue is a bit worse, because there's some
-> of'em out there, like one of the biggest hosters in the states, that
-> have 2 year old data.
Yeah, it's those types that I'm hoping to locate as well... Google
and Akamai were immediately noticed by the test users, and have also
responded very quickly (thanks, guys), but ideally we'd like to be
proactive and get as many of these updated *before* the real customers
hit the network and start having problems.
-Robert.-
try being illiterate and living in japan 
my gripe is the significant sites that put up the kanji page, offer no language choice, and you got there from the US url. you're trapped.
and i can not tunnel out of it via my westin or ashburn racks, as my address blocks are registered to my home address here in japan.
sense of humor required. younger brain desired, so i can learn japanese.
randy
Agreed, and I expect that we're be seeing more dynamic and more granular
movement of IPv4 blocks over the next few years. Services that purport
to provide useful information about IP block utilization geography had
best plan accordingly.
/John
[my personal view only]
Is there an easy way to get past history on an IP block? Most sites will
show you aspects of that *now*....
Frank
Sorry for my ignorance... but may some one explain how this
fraud-prevention service works?
How about US tourists in Chile trying to buy something with it's US
based credit card?
Thx,
Nic.
Frank Bulk wrote:
Nicolas Antoniello wrote:
Sorry for my ignorance... but may some one explain how this
fraud-prevention service works?
How about US tourists in Chile trying to buy something with it's US
based credit card? 
It's a misconception of some muppets, especially in IT related products, that forget, that a lot or IT professionals do travel all over the world and usually have a credit card in their home country.
Pure and utter nonsense.
/M
Or perhaps the hassle of dealing with stolen US credit card numbers from clients outside the US costs far more money than you could hope to make back with the purchases of US nationals travelling overseas?
Could well be muppets, but surely there are other possibilities.
Joe
It's a misconception of some muppets, especially in IT related products, that forget, that a lot or IT professionals do travel all over the world and usually have a credit card in their home country.
Pure and utter nonsense.
Or perhaps the hassle of dealing with stolen US credit card numbers from clients outside the US costs far more money than you could hope to make back with the purchases of US nationals travelling overseas?
Could well be muppets, but surely there are other possibilities.
Sad but true, we have had to turn off signups outside the US because of that very problem. Yes, I am sure we lose some sales, but in general it is not worth the fraud costs.
<>
Nathan Stratton CTO, BlinkMind, Inc.
nathan at robotics.net nathan at blinkmind.com
http://www.robotics.net http://www.blinkmind.com
Why don't the fraudsters just use Open US Proxies?
Owen
Joe Abley wrote:
It's a misconception of some muppets, especially in IT related
products, that forget, that a lot or IT professionals do travel all
over the world and usually have a credit card in their home country.
Pure and utter nonsense.
Or perhaps the hassle of dealing with stolen US credit card numbers from
clients outside the US costs far more money than you could hope to make
back with the purchases of US nationals travelling overseas?
Could well be muppets, but surely there are other possibilities.
I can understand merchants wanting the extra security, but the issue is,
that they then don't want to fork out for a MaxMind subscription or the
likes.
One of the bigger colo providers in the states is selling SSL
certificates, but their geoip data is ancient.
I even bothered to raise a ticket with them and the answer was just
"we're working with our development team on that". When I revisited 6
months later, nothing had changed.
It's not the only case, that I've ran into this issue and the US is not
the only place that credit cards are issued or used. Nor is credit
card/credit card theft a outside US only thing. It happens anywhere,
inside or outside the US. That's exactly, why the banks starting adding
the personalized password option etc.
Using outdated geoip data for merchant-services is as unprofessional as
asking people to fax a copy of their credit card to some fax number.
Kind regards,
Martin List-Petersen
Owen DeLong wrote:
It's a misconception of some muppets, especially in IT related
products, that forget, that a lot or IT professionals do travel all
over the world and usually have a credit card in their home country.
Pure and utter nonsense.
Or perhaps the hassle of dealing with stolen US credit card numbers
from clients outside the US costs far more money than you could hope
to make back with the purchases of US nationals travelling overseas?
Could well be muppets, but surely there are other possibilities.
Sad but true, we have had to turn off signups outside the US because
of that very problem. Yes, I am sure we lose some sales, but in
general it is not worth the fraud costs.
Why don't the fraudsters just use Open US Proxies?
You can be sure, that the people wanting to defraud merchants know all
these tricks and use them. The verified by visa password option is a far
better solution, but I've not seen many US merchants supporting that yet.
Instead they're relying on outdated geoip data or ask people to fax a
copy of their credit card.
/Martin
We probably should move this to funsec, but I'll bite.
The basic problem is the lack of security and non-repudiation in credit
cards in general, and the US in particular. Non-clonable, card-present,
technologies have existed for a long time, and card readers are cheap.
AMEX tried to make this free with Blue, but it wasn't adopted.
So, the US banks, and AMEX, seem willing to exchange some amount of
fraud, and inconvenience for a minority; in exchange for convenience and
higher transaction volume for the majority. They've been enabled by the
fact that HNC's software works very well.
As long as those who make the profit bear the bulk of the risk, as they
do with credit cards, I guess there's no issue. Given the "debit card"
lack of limit of liability for the consumer, this may change.
Because anyone with half a brain blocks proxies from their e-commerce
site.
can you know at a reasonable confidence level that it's a proxy?
randy
Give me an IP address (privately, of course). I can tell you if it is, with
consult from other colleagues in the security community.
That's almost a no-brainer.
- - ferg
Give me an IP address (privately, of course). I can tell you if it is, with
consult from other colleagues in the security community.
147.28.0.36
and "consult with colleagues" is not something very operationally scalable.
randy
Of course, chasing ghosts in RGnet/PSGnet is clever, but not a worthwhile
exercise.
The point here is that there are many folks monitoring open proxies for
illegal activities, etc., and not all of the mind-share reside in one
single database.
A collaborate effort to share information on abuse activity is required, of
course -- and indeed already exists.
So having said all that, what exactly was your point?
- - ferg
So having said all that, what exactly was your point?
bluff calling.
that you can not tell us if that specific host is a proxy means that this is pretty much bs.
that you and your no-girls-allowed club have some list of things you think are proxies (sure would be nice to have a definition thereof), doeth not make a rigorous, testable, and scalable system.
though i guess some list of things you don't like has some utility. but it sure ain't automatible ops let alone computer science.
randy