TKJunkMail
Enjoy the sun
Premium
join:2002-03-03
Avalon, NJ
 ·Sprint Mobile Broa..
 ·Comcast
2 edits | Secure, but inconvenient
This may be a way to provide secure communications from E-bay, but if everyone you do business with on the Internet goes this route, then you will have to go from site to site just getting your messages. How time consuming and inconvenient this method will be instead of checking your 1 email Inbox instead. Maybe they should just find a universal way to use secure communications and fix the email systems.
My Web Page
My Blog
Join Red Room Forum |
|
jopfef
Keeper of the Beagles
Premium,MVM
join:2001-03-31
Saint Louis, MO
clubs: 
·Charter Pipeline
 ·Vonage
 ·AT&T Southwest
| said by TKJunkMail  :Secure, but inconvenient Better safe than sorry....  
--
"...If the beasts were gone, we would die from a great loneliness of spirit." - Chief Seattle |
|
justin
Australian
join:1999-05-28
Brooklyn, NY
Host:
IPv6
Business Connectiv..
Home/Office setup ..
Console/Handheld g..
Console Tech
| reply to TKJunkMail
they may get together and offer a standard XML based message query interface. And then someone can develop a message monitoring app that can keep track of multiple sites.
But then the phishers will work with the trojan writers to infect the local app and the battle will move on... |
|
Bobby_Peru
Premium
join:2003-06-16
| said by justin:
they may get together and offer a standard XML based message query interface. And then someone can develop a message monitoring app that can keep track of multiple sites. Great idea!
said by justin:
But then the phishers will work with the trojan writers to infect the local app and the battle will move on... Grinch! 
--
**~~Infected/Hijacked? FAQ~~~Protect/Secure Your Box/Data FAQ~~~Security Forum FAQs~~** |
|
corrosive23
join:2002-06-06
Yucaipa, CA | Im calling bull on this statement
Ive already received spam in my ebay message box. I bid on something and then the next day someone sent me a message saying he had similar items and would I like to bid on his auctions. |
|
Neil
Stop All The Downloadin
join:2003-08-20
New York, NY | it doesn't matter..
People will still fall for e-mail phishing scams. |
|
Frink
Professor
join:2000-07-13
Scotch Plains, NJ | reply to corrosive23
Re: Im calling bull on this statement
After having this "feature" for a day, I have 5 SPAM messages in my ebay inbox. This negates this service's value at the start...very poor. |
|
salahx
join:2001-12-03
Saint Louis, MO
| Why not just use PGP or X.509?
Almost all mail client support X.509 certificates, and PGP support is available for all platforms. The companies could sign their messages, that way, the mail client would only need to check the signature and you could be sure it was genuine.
Maybe its not foolproof, as phishing is a social engineering game, but "check the signature" is a lot easier than explaining to to someone how the check the headers. |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL | It's all about spam
With this new "in box", Ebay can spam you as much as they want, yet not be blocked by spam filters. |
|
copperdoctor
Premium
join:2003-12-08
Palatine, IL
| Noticed this
Got a message the other day, caught me by surprise but I didnt think much of it since I dont do much on ebay. As far as a hassle... we live in a world of hassles...whats new.
--
»kidcubfan.blogspot.com/ |
|
starstuff
Fly By Wire
Premium
join:2001-12-05
Mcallen, TX
| reply to corrosive23
Re: Im calling bull on this statement
said by corrosive23 :Ive already received spam in my ebay message box. I bid on something and then the next day someone sent me a message saying he had similar items and would I like to bid on his auctions. SPAM is not the problem, fraud is.
I got the following message from ebay after receiving two outside (fraudulent?) invitations from the same person.
Dear me (me@mydomain.com):
Our records indicate that you recently interacted with bluecoi4 through the eBay email system.
Sometimes eBay accounts are used to send email solicitations for transactions outside of eBay, or to send unrelated questions in an attempt to discover your email address. We wanted you to be aware of the potential fraud risk these solicitations pose and encourage you to ignore the email you received from this member. Sales that take place outside of eBay are not eligible for any eBay or PayPal protective services and you run the risk of losing your money or your item if you complete these transactions.
We would encourage you to review the eBay pages related to Fraud Protection at the address provided below for information on steps you can take to ensure that future transactions are completed successfully:
»pages.ebay.com/help/confidence/i···-ov.html
If you have already sent the item or sent payment for the item, please reply to this email and we will send you additional information about how to protect yourself.
Regards,
Customer Support (Trust and Safety Department) |
|
ObdH
Premium
join:2003-06-11
| reply to copperdoctor
Re: Noticed this
said by copperdoctor :Got a message the other day, caught me by surprise but I didnt think much of it since I dont do much on ebay. As far as a hassle... we live in a world of hassles...whats new. agreed... every few months I may come across something on ebay I want... but it's not like I care whether they're using email, or private messages, or packed mule... It's of little importance to me.. |
|
sivran
Long Live The Suite
Premium
join:2003-09-15
Arlington, TX
clubs: | reply to salahx
Re: Why not just use PGP or X.509?
The unwashed masses don't a) know what PGP and digital signatures are, b) probably use some sort of webmail, which makes the signature useless because viewing through a browser actually breaks it, and c) wouldn't know how in any case. |
|
ropeguru
Premium
join:2001-01-25
Bridgeport, WV
clubs: | reply to nwrickert
Re: It's all about spam
Just something else for me to ignore. I wonder how many messages I will get from Ebay in that box before they get the hint that I am not going to be reading them. |
|
Andrew J
Premium
join:2001-11-09
Lancaster, PA
clubs: | Yeah, the first five they sent me were pointless and really no different from spam. |
|
Combat Chuck
Too Many Cannibals
Premium
join:2001-11-29
Erie, PA
| reply to salahx
Re: Why not just use PGP or X.509?
said by salahx :Almost all mail client support X.509 certificates, and PGP support is available for all platforms. Try explaining digital signatures to joe user and watch their eyes glaze over.
You want people to check PGP sig's while I'm still working on getting people to read and think about the warnings their browser pops up.
--
Attention all decks! Brace for whining! |
|
JPCass
join:2001-01-23
Denver, CO
| How much does this really help?
My first thought is that unless it's a site that I use frequently, I'd want them to send me an e-mail letting me know that I have messages on the site and should come check. On-site messages are really only convenient for very frequent users, who are probably more likely to be savvy about spoof e-mails anyway.
My next thought is that spoofers will just start sending messages that say "you have secure mail on the site", and then use that as just one more way to link users to a fake login. That will continue to catch a lot of the people who don't know better to begin with.
It seems that what's still needed is a widely usable standard for secure e-mail. I've also started to wonder if there shouldn't be a whole domain that could only be used by verified, bonded institutions for secure logins to their main sites - something like .sec, which users would know to watch for, and e-mail clients could check for spoofing. |
|
VirtualLarry
Premium
join:2003-08-01
| reply to Combat Chuck
Re: Why not just use PGP or X.509?
said by Combat Chuck :Try explaining digital signatures to joe user and watch their eyes glaze over. You want people to check PGP sig's while I'm still working on getting people to read and think about the warnings their browser pops up. Yeah. A functioning "idiot light" indicating the correctness of crypto sigs on e-mail messages would be a Good Thing, if it would teach the masses to use them. (Ok, I consider myself fairly security-concious, and I still don't use them, mostly because no-one else does.)
I propose a picture of a traffic light, but with only two lights, red on the top, and green on the bottom.
No signature = no traffic-light picture.
Good signature = traffic light displaying green.
Bad signature = traffic light displaying red.
What do you think? The parallels between the no-lock/lock/broken-lock for SSL should be obvious. |
|
Jason Levine
Premium
join:2001-07-13
USA
| reply to justin
Re: Secure, but inconvenient
This type of thing is why secure RSS (RSS dynamically generated using a username and password to authorize the user) would be so nice. Imagine if you could set your RSS feedreader to download your eBay Message Center messages using your eBay username/password, your BBR post list using your BBR username/password, etc. This method would be nearly immune* to spamming, phishing, or password sniffing.
*Immune, that is, assuming that the local computer hasn't been trojaned. Once a PC's security is breached, all bets go out the window.
--
-Jason Levine
http://www.jasons-toolbox.com/
http://www.PCQandA.com/
http://www.urateit.com/ |
|
justin
Australian
join:1999-05-28
Brooklyn, NY
Host:
IPv6
Business Connectiv..
Home/Office setup ..
Console/Handheld g..
Console Tech
| well if RSS requests were automatically made with any domain cookies then they could be personalized. RSS readers in-built into browsers could certainly do that. There is nothing stopping XML servers from checking login cookies and producing personal content. |
|
