My So Called Life preorders... kiddie porn? (1 Viewer)

[Jeff Ulmer]

I would never try unsubscribing from spam, as all they are doing is looking for confirmation of a valid email address.

 

[Ricardo C]

Anyone getting child porn (or stuff you suspect might be child porn) can report it here: http://www.antichildporn.org/reporting.cfm

 

[Kelley_B]

Kinda off topic, but could someone tell me what is the differnce in the two packages offered on the website?

 

[Kevin Leonard]

Kelley,

The difference is that one option includes ALL the episodes, while the other option is for those that purchased a previous DVD containing the first three eps of "MSCL".

 

[David Lambert]

By the way: if you live in Pennsylvania and you receive this Spam or anything like it come April 1st, then it's just not the senders who are hit as pornographers. It's the involved ISP's, too!

Without being political - just informative - there is a new law on the books in that state, effective April 1st, that hits up the ISP's who fail to prevent users from getting stuff like this or connecting to sites like that.

Discussion of such a law's effectiveness is, of course, a political discussion and therefore against HTF rules. We're here to discuss Home Theater and things related to that (like ordering DVD's and getting kiddie porn spam as a result?).

 

[Steve Felix]

I second what Jeff said about unsubscribing. That's basically telling them, "Hi! I exist, and I looked at your message!"

 

[Dave F]

This must be an ongoing thing at AnotherUniverse. I placed an order there months ago & received similar (maybe the same) email. I never made the connection though.

Sad.

-Dave

 

[JasonRosenfeld]

Hi. I have been working on this DVD project with Another Universe. They do not sell email addresses. They received the same email today, and I unfortunately received it as well. And I am equally disgusted.
If this happened to you, please forward the email to me at [email protected]. If you want me to call you, send me your number. Note: I do not work for AnotherUniverse.com.
Thanks,
Jason

 

[rutger_s]

I have ordered from Another Universe for several years. Never once did I ever have to give them an email address, even for online orders.

I just place my order via the standard form and mail it in to them.

You can also use the standard form to phone in your order if you want to do it faster. The My So Called Life box sets are not an online exclusive item. They are a Another Universe exclusive item and you can order either box set via phone, mail, or web.

I just prefer to do it by mail so I don't have to use a credit card.

 

[JasonRosenfeld]

I am attaching this message emailed to me from Justin Martin, the Web Admin of AnotherUniverse.com. He signed up for the site, but there is a delay in approving new accounts. His message follows:
------
Hello Everyone,
My name is Justin Martin. I am the Head Web Administrator for AnotherUniverse.com. Earlier today 3/21/02, our corporate office received a telephone call about a spam email that was sent to an email account that had previously only been used for the purpose of ordering the MSCL box set.
We were dismayed to learn about the content of the email. Shortly after the call we found that we received the same piece of spam email and when I arrived home, my personal
account contained two copies of the same message. Tomorrow morning, I will notify law enforcement of the criminal nature of the email.
As far as our privacy policy is concerned, we do not sell our email list to anyone. It is reserved solely for corporate use. Therefore, how this spam was sent to customers who only used their addresses to contact us, has not yet been determined. I will continue to investigate
the source of this spam tomorrow, and will not rest until it is found.
I will be sending an update to everyone on our mailing list to let them know to be on the lookout for the spam message, and to gauge when it was received and by how many of our customers.
Our company would never be a party to anything as deplorable as this. I apologize on behalf of AnotherUniverse.com if you received this email. You will help us immensely if you forward the spam to us.
Justin Martin
Web Administrator
AnotherUniverse.com
email: [email protected]

 

[Steve Tannehill]

Well, my spam filter is working, because I would not have even noticed the email had I not heard about it here. And while I do not isolate email addresses per online vendor, that was the first spam at my recent "online only" email address.

There are only two possibliities here:

1) Another Universe, or one of their employees, harvested our email addresses and sold them for spam.

2) Our data was exploited by a security hole in their system.

And if it's (2) and someone got our email addresses, what about our credit card information?

Grrr....

- Steve

Edit: I did not see Justin's response before posting this. Thanks for taking immediate action.

 

[David Lambert]

I'm glad to see Jason's and Justin's posts.
I have just forwarded the offensive e-mail to them, complete with message header information.
I am actually a tad dismayed, in a weird way, to find out that they did not intentionally sell our mailing list info to the spammers, though. I lends credence to the idea that our information was hacked somehow, and that our credit card numbers might be floating around out there somewhere, too! :frowning:
Gentlemen, please keep us informed! Thank you,

 

[JasonRosenfeld]

I was just talking with one of the people from MSCL.com. Can you confirm that your email address was not used for the petition on that site? If not, we can narrow it down to AU's side.
A quick google and usenet search shows that this is a very common spam message. I've tracked the source (while avoiding clicking on links, because lord knows I don't want to have my ip show on their site's servers. Some were sourced to China, Russia and also to Hamburg, Germany. In other words we are talking about a global child porn ring.
I don't know if security was breached or emails were simply sniffed as they were sent out. I obviously would not put packet sniffing or illegal harvesting past the animals behind such a site.
Jason
[email protected]

 

[David Lambert]

I am sure that I signed no petitions on that site. I *only* provided that e-mail address to order the box set.

 

[JoeDeM]

JasonRosenfeld wrote:

I don't know if security was breached or emails were simply sniffed as they were sent out. I obviously would not put packet sniffing or illegal harvesting past the animals behind such a site.

I'm afraid that Jason is right, I have seen this many times, and have seen programs to do this, any email you send out is wide open if it's not encripted, if you put certain key words in your email, you can trigger more spam.
I was working on a SAP project, and emailing clients, and started getting SAP spam from head hunters. All it takes is an unethical person with access to a router that your email passes through, and unfortunatly your email packets can pass throught a few routers on it's way to it's final destination.

 

[JasonRosenfeld]

If they are always sending the emails from the same IP, then the ip could have been sniffed over a period of time.

Quite honestly, from a defensive perspective, I don't know how that could be prevented altogether. That is why credit card charges use SSL. And even that is not perfect. Enough time and computing power, and any encryption scheme can be cracked. I have a personal PGP account, but obviously you cannot use PGP to mail to 3,000 people. In fact, even PGP does not encrypt the email addresses. And since all they want is the addresses, it would be useless here.

Now... if people had the ability to sign up for a secure email like ziplip, and the email was being sent from another ziplip account, the email would never be sent outside the service and would be shielded from this.

What sucks is you can essentially compromise your list because people are sniffing the emails as they pass.

As far as whether companies do stuff like this? AU does not. I did work for a company where they wanted me to sniff email addresses and harvest them from web sites, newsgroups too. Needless to say, it was not a job worth keeping. There is an industry built around it, though. Offshore email servers typically run about $500 a month, and there are advertised (usually via spam) programs that claim to sniff emails. Youc an complain all you want. These spammers typcially don't have phones or emails.

Jason

PS: The $64,000 Question is "How does a hotmail account with a crazy random username get 45 spams in one day?"

 

[Jeff Ulmer]

As far as I know, there were only two occasions where the email address that was spammed was used: first in the order of the boxset, the second in an email to AU asking for email confirmation of my order - which I still haven't received despite two phone calls (on my dime) and the one email I sent on the subject.

While it may be possible to sniff addresses, this is the first occasion in my years on the net, hundreds of transactions, and thousands of emails, where an email address I supplied to a company has been used for porn spam.

If their site is insecure enough to have emails harvested in the first place, the last thing I am going to do is forward the spam back to them with the headers intact, and expose my main email account to which it was forwarded.

 

[JasonRosenfeld]

bear in mind, if i know someone's IP, with the right software, I can essential sniff every email they send.

 

[Jeff Ulmer]

If a form supposedly behind an SSL connection is being sniffed there are some serious security issues involved, and since this appears to affect many who ordered, the likelihood that everyone of them also sent in an email that was sniffed at the sender's end is pretty remote.

 

[David Lambert]

...since this appears to affect many who ordered, the likelihood that everyone of them also sent in an email that was sniffed at the sender's end is pretty remote.

You hit the nail on the head. I never sent an e-mail to the Another Universe domain until after I got the Spam.
I input the address into the order form, and then got the confirm e-mail (which Jeff never got) that was sent to this unique e-mail address I used for the occassion.
This morning I sent the e-mail to Justin at the anotheruniverse.com domain (and cc:ed it to Jason), and that was the first time I sent e-mail TO these guys.
Since Jeff never received e-mail from AU or got anything else at that e-mail address until the Spam arrived, then we're left with two possibilities:
1) Both the sending and receiving e-mails were sniffed (a distinct probability)
2) The secure form information was compromised.