SORBS Identity theft alert

See http://www.iadl.org/sorbs/sorbs-story.html

SORBS seems to be collecting a lot of sensitive information to view
listings:

Name:
Preferred Login ID:
Password:
Confirm Password:
Home Phone:
Business Phone:
Mobile Phone:
Email Address:
Company:
Autonomous Systems Number:
Security Question:
Security Answer:
Skill Level: None, I can play games though.
A little, just use them for email.
Average, familiar with them, used at home and work.
A lot, sysadmin or MCSE etc.
My Name is Charles Babbage, or Alan Turing.
Address:
Address:
Town/City:
State/County:
Zipcode/Postcode:
Country:

This detailed information could be sold to IT recruiters, used for
identity theft, password collection, or used for other mass marketing
purposes. Security questions are often used by sensitive sites such as
domain registries to authenticate users who have lost their passwords.
This is very alarming information collection.

And with some clever correlation, googling, and patience, I could do the same for the majority of people posting to this list on a regular basis.

In short, what's your point?

If you have substantial evidence that information collected by SORBS has been used as such, by all means, come out and accuse them of it.

Otherwise, kindly keep your pissing contest to yourself.

- billn

See IADL Dentistry – My Dental Blog

Having read this diatribe I can only catagorize it as mis-informed and
state unequivocably that Brian McWilliams has no clue whatsoever who
runs SPEWS. (please see myriad interviews I have down with BMcW).

"See more about mailbombing. Mailbombers are spammers. They just aren't
in it for the money. Or possibly they are. SORBS asks for donations to
get delisted, and also seeks donations from Subscribers. It is very
unusual for blacklists to extort money this way."

This also is a blatant mischaracterization, the AHBL relies on donations
and advertisements on the website to fund it's operational budget,
spamhaus charges for commercial
supporthttp://www.spamhaus.org/organization/funding.html .

MCI reaps 5 million dollars per year on spam related income
http://www.emailbattles.com/archive/battles/spam_aajghgebej_c/, spam
costs companies billions
http://www.washingtonpost.com/ac2/wp-dyn/A17754-2003Mar12, why are we
expected to fight it for free?

Though we do our best to look out for the good of the internet we are
not by any means communists, and we deserve to be compensated for our
work. Right now the AHBL barely covers the operational costs of the
servers on a month-to-month basis let alone compensating it's volunteers
for their time.

SORBS seems to be collecting a lot of sensitive information to view
listings:

My site, my rules, or in this case Matthew's site, Matthew's rules. As
a non-paying user you always have a choice as to whether or not you
provide personal information to a website, should you choose not to,
don't. The same goes with useage of the DNSBL or RHSBL. Note that this
choice may result in your inability to access some content that that
site has to offer.

or used for other mass marketing purposes.

If Matthew Sullivan uses this to send spam, I'll personally eat my MTA.

Please take your cart00ney and other senseless accusation-making
activities to somewhere where I don't have to see them.

Why is it when I google AV8 I get an abit motherboard and not your
company? Odd, no website at www.av8.com. Do you sir have a network of
any sort?

Date: Sun, 10 Apr 2005 23:51:54 -0700 (PDT)
From: Bill Nash

> See IADL Dentistry – My Dental Blog

In short, what's your point?

SORBS lists Dean. I suspect this makes him angry.

If you have substantial evidence that information collected by SORBS
has been used as such, by all means, come out and accuse them of it.

Otherwise, kindly keep your pissing contest to yourself.

I'd have to dig through StopORBS archives, but the belief that companies
can run DNSBLs on their own servers lead to Dean accusing a few people,
self included, of being something along the lines of "the Internet's
most dangerous criminals". Looks like it's Matt Sullivan's turn.

Let's all step back and use Google before launching another long,
pointless "I [don't] like your DNSBL" thread. All that can possibly be
said probably has been said, many different times, and on many different
lists.

That said, I shan't post to this hopefully-short-lived thread again.
I've heard there are lists for this sort of DNSBL-centric bickering;
perhaps someone who cares about their existence can confirm, enumerate,
and direct interested parties (if any) that way.

Eddy

Oh.

trelane@trelane.net (Andrew D Kirch) wrote:

SORBS lists Dean. I suspect this makes him angry.

who's dean?

the problem with feeding trolls is that they puke it up on
the carpet.

procmail is your friend.

randy

Why is it when I google AV8 I get an abit motherboard and not your
company?

Top of the list when I google av8 is our offices page.

Odd, no website at www.av8.com. Do you sir have a network of
any sort?

There's a website. Try www.av8.net. www.av8.com redirects to www.av8.net,
but it looks like its been hosed.

Having read this diatribe I can only catagorize it as mis-informed and
state unequivocably that Brian McWilliams has no clue whatsoever who
runs SPEWS. (please see myriad interviews I have down with BMcW).

Brian McWilliams makes no claims about who runs SPEWS in the book.

"See more about mailbombing. Mailbombers are spammers. They just aren't
in it for the money. Or possibly they are. SORBS asks for donations to
get delisted, and also seeks donations from Subscribers. It is very
unusual for blacklists to extort money this way."

This also is a blatant mischaracterization, the AHBL relies on donations
and advertisements on the website to fund it's operational budget,
spamhaus charges for commercial
supporthttp://www.spamhaus.org/organization/funding.html .

Not from the victims, I hope.

MCI reaps 5 million dollars per year on spam related income
http://www.emailbattles.com/archive/battles/spam_aajghgebej_c/, spam
costs companies billions
http://www.washingtonpost.com/ac2/wp-dyn/A17754-2003Mar12, why are we
expected to fight it for free?

Because Open Relay blacklists have in the past given their databases
directly to spammers (or abusers, anyway). This generates abuse, which
the blacklist then happilly charges fees to block. We ought not encourage
that.

Though we do our best to look out for the good of the internet we are
not by any means communists, and we deserve to be compensated for our
work. Right now the AHBL barely covers the operational costs of the
servers on a month-to-month basis let alone compensating it's volunteers
for their time.

This is about SORBS, not AHBL. But speaking of for-profit anti-spam, most
people aren't interested. The IETF recently rejected SPF technology due to
its patent encumbrances. Anti-spam technology has to be free and
pervasive. Your dreams of getting rich on anti-spam are unlikely to be
realized.

> SORBS seems to be collecting a lot of sensitive information to view
> listings:

My site, my rules, or in this case Matthew's site, Matthew's rules. As
a non-paying user you always have a choice as to whether or not you
provide personal information to a website, should you choose not to,
don't. The same goes with useage of the DNSBL or RHSBL. Note that this
choice may result in your inability to access some content that that
site has to offer.

And when you collect an alarming amount of sensitive information
unnecessarily, people will be alerted.

> or used for other mass marketing purposes.

If Matthew Sullivan uses this to send spam, I'll personally eat my MTA.

ORBS and others were involved in mailbombing. (I conducted tests of this
back in the late 1990's.) Sullivan has threatened mailbombing. 3 MAPS
employees went to work for a well-known spammer. Doesn't seem like it
would be very surprising. It wouldn't the first time.

I hope your MTA is bio-degradable. Otherwise, you may have difficulty
passing it.

    --Dean

Dean Anderson wrote:

See IADL Dentistry – My Dental Blog

SORBS seems to be collecting a lot of sensitive information to view
listings:

All pages on http://www.sorbs.net/ look on the menu for 'Privacy Policy' (unless you have chosen not to view that menu in the preferences).

Just in case you have a problem reading here's a hint: Privacy Policy

One typo under 'Changes to the Policy' - the doc id is at the bottom not the top as stated, too small to warrant an update at this time of night.

This detailed information could be sold to IT recruiters, used for
identity theft, password collection, or used for other mass marketing
purposes.

It could be, but it isn't, and it won't be.

Security questions are often used by sensitive sites such as
domain registries to authenticate users who have lost their passwords.

Security question and answer box is for the user to choose a backup question and answer, don't tell me you didn't understand a simple concept as that?

This is very alarming information collection.

This is also way off topic, but I don't think that bothers you.

*End of thread*

/ Mat

Negative reinforcement is better than procmail. The problem with trolls is that they keep coming back if you don't beat them properly.

I'm a great example.

- billn

Charging /users/ of a dnsbl is one thing...charging listees is
  another. Some folks here may remember that I've often been a
  supporter of *bl operators, but I absolutely cannot support this
  particular policy of SORBS. I know Matthew has his heart in the
  right place, but he's making a big mistake there and eventually
  someone much saner than Dean Anderson will take him to task for
  it -- probably in the courts -- and that'll set a precedent
  which harms /all/ *bl operators.

  As for everything /else/ Dean accuses SORBS of...well, that's
  all utter bullshit as usual; pay him no mind, for he will be
  unable to return the favor.

The other problem with procmail is it doesnt catch people replying to our
resident list.kook. I'm going to have to start procmailing everything with
"dean" in the body now... :-/

-Dan