This fell a little far down the page, so I'm posting it up here too. Now Bill said:
"for sake of argument I'm a thieving no good dirt bag (some may already agree to this) but at the same time I'm a little creative and I get this idea to mirror some of these escorts sites. Lets also assume I have the technical expertise to pull this off and start making life difficult for people and maybe make a few dollars while Im at it. Now tell me, how many providers have anything in place to stop someone like this? How many even have a decent firewall that can stop a hacker(large corporations cant stop them)? How many even know what a firewall is or can determine if they are or have been hacked?"
Okay, Bill, say a thieving no good dirt bag mirrors a woman's site just as you say.
He gets you (or your less paranoid twin brother) to fill out a verification form, obtaining your home and work numbers and addresses your email, and perhaps and if you don't have a good firewall, maybe he may have your IP address.
Now, I'm not up on current criminal techniques, but first how does he exploit this for profit? Explain that and I'll take you're caution seriously. Right now, it just looks very foolish.
Let's see, how's he going to use this "crucial information?" Identity fraud: He'll need to get your SSN at least, which he doesn't have, and can't get on that information. Bank account/credit card larceny: again, he can't get from your home address to your account numbers without a lot of risky digging. Blackmail: You must be kidding! All he has on you is information available from a hundred sources, on a form that anybody with OpenOffice could have created, and no proof that you filled it out. Your neighbor down the street has better blackmail dirt. He could sell your info to a telemarketer/spammer: and yes, that's annoying, but isn't there a no-call list?
In fact, I'll wager, that having your home and work addresses and numbers is only good for finding out if you have a stable address and real place of employment. As far as I could tell, it must be useless for any commercial exploitation.
Now, about being harassed by the dirtbag: if you lose your job on the basis of some creepy person calling and slandering you, can you say lawsuit? What employer can take that chance now? You're wife may be another story, but let's face it, any female pathological liar can make up a better story without the information-- without proof.
Moreover, have you considered how easy it is to get that information anyway? Your neighbors know your home address. Your friends know probably your work number, home phone number, and the name of your employer. All of them can be socially engineered to cough it up. Is this information on your business card? In other words, Bill, IMHO your concern about this is utterly, foolishly paranoid.
As long as you're not dumb enough to give away crucial information: your SSN, your credit card numbers, perhaps your birthdate and mother's maiden name. For screening, does any provider asked for these? If she does, tell the thieving dirtbag spoofing you to go to hell.
I myself am concerned about sites are getting hacked, including this one, or if emails were being intercepted, but we're all vulnerable to this right now, client or provider, and I hope people are learning to protect themselves better. I suggest learning encryption at least. I'm trying.
If you two have something to settle settle it through PM's. Theres no need to fill the boards with paragraph upon paragraph upon paragraph about one persons opinions. If you want to banter on to this person use the PM's not the boards.
my apologies. I really mean I'm done now and very sick of screening
Ridin323, it is good to see you posted your opinion in an open forum. I feel pretty good doing so myself because that is my prerogative. I don't mean to start anything with you. I just want to point out that some of us are not VIP, so there is no access to private mail. Maybe that is the reason some of us posting in an open forum. Just my $.003.
Zin, its not about paranoia its about putting unecessary information out there that can be exploited for whatever the purpose. Oh hell don't kid yourself that your info is safe and secure, its not. Not everyone that hobbies is not married or doesnt have a SO, not everyone has home business where they are the only one that answers. You get just enough of the right info on anyone and they can easily be blackmailed if they have concerns of it getting back to the wrong person. Its naive to believe it cant be done under the right conditions. Oh by the way, I think the post today of one provider is a perfect example of a loose cannon if I ever saw one. Mr. Silk is 100% correct, who in their right mind is going to give private information to someone with that mindset. Talk about playing with dynamite , holy crap.
No matter how big the threat is how can anyone justify it when they really dont have to take the risk, why gamble if you can have a sure thing? If I go through the trouble of keeping my information secure and that's important to me, why do I want to put it in unsecure hands. You're hoping people are learning to protect themselves doesn't answer the issue and when people assure you their information is safe with them and it really is not than why are you trusting them to begin with. Since you trust everyone and none of your personal information in the wrong hands cant hurt you, why don't you post all your personal information here and lets find out if you're right. 
Its your privledge to be the first to post the
"Oh poor me, I never should have given that info over the internet" topic or "I had no idea she would do something like that to me" or I'll just sit here and wait for the " Oh damn Mr. Silk and Bill18356 were right and now I'm fucked" Topic lol
How are your addresses and phone numbers critical? What's this dirtbag exploit that you're afraid of? You haven't explained it. The only reason to be that careful is if you think of providers as criminals. MrSilk said, "How many criminals do you give your personal information to." I'm impressed by that point, except if providers are criminals, so are hobbyists. How many criminals do you go into a room alone with, agree to be unarmed, get naked and be almost helpless with for an hour or two? Yes, hobbyists are criminals. (Gotta love the power of semantics).
Why not post my addresses and numbers here? Because, Bill, it's a false comparison. Comparing ducks and geese, apples and oranges, you remember that? I also don't post them on any site, whether it has to do with sex or not. The only advantage of a discussion group is anonymity. I don't talk to my friends or family about the issues I talk about here. The intimacy of a session with a woman one on one is a totally different issue and a different bargain.
All of this applies only to reasonable information. For the business/personal relationship in the hobby, home and work numbers/addresses are reasonable.
I will swear to you right now, come what may, Bill, I will never make the post you suggest, nor whine about my disclosure to a provider for verification. It's different than making a mistake based on bad judgment. If I'm wrong about this, screening, however, it's a mistake made on principle. I won't complain about that, though if I'm proved wrong, I will alter the principle.
So, invest the smugness you're borrowing now for the day I make those posts-- and I hope you love the sight of interest accumulating because you will never collect.
I'm offering $20. to anywone who will read me the entire thread these two started down below and now up here. I have no idea what they are even debating about. I hope it's something good!!
Ahem...umm..sorry. Severely repressed Blackhawk fan in recovery.
Zin you and I have no idea of a providers past and quite honestly some do have some history that would even shake your trust. Zin anyone with just a little personal information today can get all kinds of information. You dont need a credit card # or a date of birth. Your name address phone number, employer are more than enough to get started with. If none of this was a concern to everyone here why would we all be using aliases. Why wouldn't we all post our information to save the aggravation? The fact that you say you won't post this information but have no problem with it sitting on a providers unsecure computer is the equivalent of locking your front door to your house but leaving the rear door and windows open. Its not a false comparison Zin, its just a case of you being willing to bury your head in the sand and hope it doesnt bite you on the ass.
I hope you never have to post a bad experience but I'm sure in the not to distant future we'll be seeing this kind of post. It has to happen and its sad
As far as Silks comment it was pretty funny when you think about it. He makes some very valid points and I'll let him have the honor of answering your response.
Or give me a link. Nevermind, I'll find one.
I'll put it like this, Bill. If that's all they need to "start" then I think they could obtain the info anyway, from zero, by looking you up in a phonebook. (If you're unlisted, there's a directory somewhere that has you.) With just a little more detective work, they can get your place of employment, and the number to it. So, all we're able to do anyway right now is lock our front door, our windows and back doors do not have **any** locks.
Your best defense, then, would be that you're marginally more secure than the next guy and hope that the sharks take the fish swimming on the outside of the school.
Or you could do what I do. That is, be so poor and spend my money on providers so fast that the only thing anybody could steal are my debts. If that ever changes, I may think differently...
For MrSilk, he has seen my post right now. What made you think I wasn't giving him that honor? I always give people that honor, unless they choose to just snipe.
QUOTE: "The fact that you say you won't post this information but have no problem with it sitting on a providers unsecure computer is the equivalent of locking your front door to your house but leaving the rear door and windows open."
There actually is a quite a big difference between supplying information to lady, even through a web form, and posting that same information on an open pubilc messageboard. An open and public messageboard that is on a site that has a traffic rank of 1,363 (that's damn impressive) and in the last six months got average page veiws between 80 million and 151 million. I don't think too many ladies sites can claim that kind of ranking or traffic.
As for mentions of any lady's "unsecure computer"...
Ok, let's see if I have this right, you think it is a reasonable possibility that someone with nefarious intent is going to go to a ladies website, crack the server and collect the FTP logs to get the IP address of whomever has uploaded or downloaded files via FTP, which more often than not would be the webmaster/webdesigner and not the lady herself.
Then, since most people don't have static IP addresses, dial up renews the address on each connection and cable usually renews each 24 hours, monitor the FTP access and since the greatest window would be 24 hours of being reasonably sure it would be the same IP, catch within 24 the last IP used to access the FTP.
Then take that information, and before the IP renewal, and use it to crack into that computer, and if it is the computer of the webmaster/designer it probably has security in place.
Then after that access that computer's email applications, though since many use web-based email it usually doesn't go to their email client, so they would have to install a key logger, from that go through the information to get the username and password to the web-based email that the lady writes to, then wait for an email from that lady, they would need a recent email since the aforementioned 24 renewal window for IP addresses on a cable connection.
Then read the headers from that email to get the IP adress for the lady whose site was initially hacked, to then get access to her computer, and going through the same steps as they did to get the webmaster/designer's web-based email information, to be able to get access to the information that you submitted?
Oh, and as for "unsecured" if a ldy is running Windows XP and has SP2, it comes with the Windows Firewall that is "ON" by default...so not completely unsecure on that front though personally I prefer Sygate.
Now there are other ways to get email, but they have nothing to do with whether or not the lady's computer is secured (I'll just deal with getting it from her computer as you use in your argument, and not from any other exploits). *grin*
After all that you still think that posting information here is the exact same risk to one's information? or since you used the anology of one locked door vs one unlocked door and unlocked windows....that posting here would actually be safer?
Yeah....I'm really gonna have to disagree with you on that.
I'm all for discussion about security threats...but I do prefer they are reasonable threats, and not just paranoia. *grin*
You have taken a rather long winded approach in doing nothing more than proving my point.
Doesnt matter what the obstacles in hacking or mirroring protection they all have been proven ineffective against hackers and computer criminals. Why bury us in such geeky detail when it absolutely serves no purpose other than providing additional false security for both the providers and hobbyists(static IPs are now limited but certainly not extinct). There aren't any hack-proof sites, there are only tradeoffs in the risks vs costs to secure a site. I know you know this by what you wrote here.
Wouldn't your time be better served in educating providers that use online screening in how to better protect their sites and private info on computers rather than trying to project a security that isn't really there.
Why not spend time educating providers on products available to update their sites such as SSH instead of Telnet or FTP. Tell providers that firewalls are "mandatory" and I know you know better than to suggest in any way that Microsoft offers anything in the way of security when they have a responsibilty to protect their customers.
Oy this is tiresome and I hate geek but by now you get my drift
If you don't study the books on the actual exploits available, it looks like you've come to the cautious conclusion before you've studied the problem.
Bill, if information like your work number really opens you to wrongdoing, then there are over 150 million other people in this country who have that problem. In fact, the most secure people around under your paradigm are the unemployed and homeless. Doesn't that seem like a contradiction to you?
I wasn't aware, BTW, that a providers' work has any use for SSH, Telnet or FTP. A little like teaching a fireman riot control techniques, but I guess you can never be too careful... or wasteful.
so I dont have to talk this shit. You're asking a shark to jump out of the ocean into a fish bowl when I need to answer things like this. If you want to better serve the providers than teach them the truth dont baffle them with bullshit.What good is it going to do them by misleading them? How many people here understood 90% of wwhat WT said? If you really care than educate them
It may be lost on you, but it won't be on a lot of people.
and established from the beginning is you are being led by your dick and not your head and that isnt lost on anyone
Thank you, Bill, for diverting me from what was for the most part, a very miserable several days.
I wish you success, whatever you believe.
Conversation closed.
I was dealing with and replying to one point you made, not the entirety of your argument.
in more than one post you mentioned ladies with "unsecured" computers. You made a bit of stab with a statement about them not even knowing what a firewall is etc. and seemed to place any and all threats to this theory of yours....
I simply was pointing out that your focus on any individual computer was unrealistic. You are right, nothing is safe. Anyone could get ahold of your trash, and unless you burn anything with your name and address on it (shredding makes things more difficult but even cross-cut shredders leave enough that with time and effort could be reassembled) they could do some serious damage to you. You have a someone that is good enough at it, they can get pretty much all your information through social engineering and your License Plate Number....best not drive to appointments.
An aneccdote to this point, I have friend that a guy cut off in traffic, he had the guys LP# and from that managed to get the guy's cell phone number (through a few phone calls and good lies).
He called the guy's cell phone and told him, not to cut him off...freaked the hell out of the guy, but was damn funny.
So you drive down the street the right person can get all they need to know, and more about you than you would want them to, but is the minute chance of that happening keep you from driving? I gonna guess no. That threat isn't all that likely, much like your notion of unsecured computers and spoofed/stolen websites...it could happen, perhaps even has happened, but the likelyhood of it happening to you are not as great as you give it credit for.
My real point is, there are threats we worry about, and others that are graeter and more likely that we never consider. Send an email to someone they have your IP address, which they can either use to crack your box or if they are good at it can call your ISP and get your information...amazing what one that knows how can get from a little fast talking....or when you post here your IP is attached to each of your posts...so anyone with that access can get your info...and if you use IM clients you can really be open to some stuff. Worrying about a webform or a work number given to a lady is actually a smaller threat than many out there.
You do have to decide for yourself what precautions you take and which you are willing to forgo...but you need to weigh the threats and it seems from the repeated references to an "unsecured computer" you have your thumb on that side of the scale, giving it more wieght than it actually has or deserves....as for not trusting the ladies you may give information to, if you think them obtuse enough to not know how to install and run a firewall what makes you think they have the knowledge or wherewithall to social engineer or track your information?
Kind of contradictory to imply they are criminal masterminds in destroying your life, but not aware enough to protect their own computers.
As to you telling me I should be helping ladies secure their sites etc., How do you know I don't?
One little thing, the greatest threat to your information is the email server, and there is little the ladies or webmasters can do to secure those, and that goes for webforms or you just sending an email to a lady, or to anyone...oh but phones aren't safe either, remeber the first "hackers" did their work on phone companies. *grin* and now in the world of wireless, with the right equiptment (some you can build at home with really cheap and easy to get parts) and the right knowledge, information can be even less secure, you were the one raving about your Blackberry weren't ya? but that's another threat you don't worry too much about...threats need to be weighed.
-- Modified on 8/12/2005 2:50:44 PM
We have beat this topic to death. This makes the Who's John Galt crap look interesting!
Let's declare a two month moratorium on this topic!
It's him, again.
-- Modified on 8/11/2005 10:33:23 PM
I hope you find peace in something.
-- Modified on 8/12/2005 3:09:03 AM
I'd imagine that with all that information, it would be easier to forge an application for a bogus credit card. Although no reputable provider would do any such thing, it could become a highly effective scam. That's all the more reason why screening is important for both sides! (And yes, reviews are a form of screening by clients...)
