BlogSmall business, Marketing, Promotion and Web Design

After some thought-sharing with friends, I’ve got some links to visit and some things to read. Results were petrifying, to say the least. It’s not like it’s the end of the world, but it does raise the concern of outsourcing in a whole.

The web forum I had a chance to visit (no url here for obvious reasons) is dedicated to carding. You don’t know what this is? Oh, that’s easy - carding is when you open your monthly statement honestly believing that you’ve paid off this credit card last month and then - mwa-ha-ha (aka evil laughter) you see that you have spent quite some money ordering stuff you had no idea about and that goods were shipped somewhere you also have no idea of. That’s it, you just have been carded. Meaning - your credit card’s number have been stolen by someone else and all the money used for ordering some goods that were shipped across the country.

But how is this possible? - you might want to ask. And here’s where the concern arises. Some credit card numbers are stolen by bad guys who invade large companies, steal large amounts of numbers. Banks usually are aware of this, take charge and change your number and pin almost immediately. This is bad for the banks, but simply an inconviniece for you.

What’s worse - is when numbers are stolen from small merchants. The following example is actually a real-world example that I have found on the above mentioned forum. No names were given, so unfortunately I cannot warn the owners of the card or other people who might be affected. The credit card information that was stolen included credit card numbers, CVV2 codes, billing addresses, phone numbers - pretty much all the information you need to make an order on an merchant web site. The interesting thing is - how it got stolen. It was not from a security breach (which would be understandable), however it was from the scripts that were developed by outsourcing vendor. Apparently someone didn’t review the code after it was submitted by programmers from Russia. The trick is that some vendors keep the credit card information in their databases (God knows why). So, when user pays for service or goods the credit card info gets submitted to the database. The programmer only had to make one additional PHP line that e-mails him same data that gets transmitted to the merchant’s credit card processor. This way the process of stealing credit cards gets automated…

Back from article mode. When I outsource things there are two requests that must be met. First - I must see the source code. Second - I myself will install all the scripts. This usually weeds out those, who wish to plant their “seeds of evil” in otherwise perfectly working scripts (and they must work properly, because otherwise the owner or clients would suspect the problem). Ofcourse it doesn’t totally guarantee the security, but it assures at least some additional level of protection for customers.

On the other hand - there’s no way that owner of the store can protect himself from the chargeback if someone makes a purchase with a stolen credit card. Unfortunately…

Popularity: 6%

You might also be interested in reading this:

• Why Trusted Platform Module won’t protect you (December 14, 2007): Recently I was asked a very good question on Trusted Platform Module. Question stated that once the hard drive is removed from the system, there is nothing that prevents attacker to break decryption (even brute force it) and obtain data no matter how secure it is. Pretty much all the protection applied in [...]
• Web hosting requests (October 20, 2004): What makes people to post requests like these? Platform: Linux Space: 1000 MB Bandwidth: 30GB Control Panel: yes IP Address: no Email Accounts: unlimited Database(s): unlimited Expected cost: 1 per year Right, like someone is really going to give them free hosting like this. The forum seems pretty empty. I mean if the forum would have been up to the resources, then sure, it [...]
• Twitting in a new way (December 18, 2007): There is a post on Mashable that outlines how to game Twitter into becoming a natural environment to spread malware. There is little to none incentive to create pure spam feeds, as they will, undoubtedly, be closed and all future links will be marked with "nofollow" attribute. Malware, however, is whole another story. In this [...]
• Twitter, twitter, little star… (August 21, 2007): Last week I have discovered a new and innovative way people will produce doorways for their black hat SEO techniques. It's called Twitter and it's some sort of a guestbook, where posting is available via number of widgets, including direct post from IM. Create a bunch of twitter pages (the only manual part of the [...]

Right now I have 12 e-mails in the inbox of the free hosting offer mailbox, almost all of them look nearly identical. Something like this:

fei

Reason: freebie

Name: wu

Address: feiwu

Phone: feiwu

Message: Can open the same of space me to do the yellow forum 么 !Thank!If can of words! Please the letter of reply: akcoo@vip.163.com

More e-mails like this: grayer@vip.163.com, caotang@vip.163.com, stupid122431hk@gmail.com, cnflying@163.com, emufy@163.com, doon@xasamail.com, suyan@vip.1488.com, lxycc@msn.com, eoyul@vip.163.com, admin788@gmail.com

It’s just hilarious to see the same guy (the 163 domain) sending same e-mail over and over again. Is it really that difficult to find a free host who DOESN’T care what you put on his servers? I care, therefore I will not approve inquiries that have entries like this:

Address: zhongdongcun27

Phone: rouqingjingwang

Yeah, I was really looking forward at dialing that fantastic number!

Popularity: 7%

You might also be interested in reading this:

• Web hosting requests (October 20, 2004): What makes people to post requests like these? Platform: Linux Space: 1000 MB Bandwidth: 30GB Control Panel: yes IP Address: no Email Accounts: unlimited Database(s): unlimited Expected cost: 1 per year Right, like someone is really going to give them free hosting like this. The forum seems pretty empty. I mean if the forum would have been up to the resources, then sure, it [...]
• Windows Hosting is down (December 15, 2004): Yeah, it's that time of the life when shit hits the fan HARD! The provider for Windows Hosting went down without notice... And IS down still for almost a week. Then we lost several clients, and finally decided to abandon the whole windows hosting thing and concentrate on Linix/PHP/mySQL in addition to web design services [...]
• Weird people that sell hosting (January 20, 2005): Yeah, weird. How else would you call these guys that don't return phone calls, don't respond to e-mails of their clients? They seem to be too big to notice small clients that have invested in whole year of hosting. And instead of making another sale they just ignoring it. Good, I'll make a sale on [...]
• Sunday’s blabber (October 31, 2004): Don't forget to set your clocks one hour back! This night must have been prelude to Halloween. I've got 11 Chinese asking for free hosting (with no apparent web site details) and one guy from New York who was so security conscious that he didn't provide his return e-mail address... But hey, what can I do. [...]

What makes people to post requests like these?

Platform: Linux

Space: 1000 MB

Bandwidth: 30GB

Control Panel: yes

IP Address: no

Email Accounts: unlimited

Database(s): unlimited

Expected cost: 1 per year

Right, like someone is really going to give them free hosting like this. The forum seems pretty empty. I mean if the forum would have been up to the resources, then sure, it would make a lot of sense to give the guy what he wants for banner on his pages, but with overall 42 members… I have my own forum, it has 55 members and it takes approximately 300 Megs of bandwidth, not to mention space… and only one database.

On the topic of forums… recently spoke with guy who wanted me to host Chinese forum for free. Two words - get real. Such forums consume enormous amount of resources, oftentimes host illegal wares, porn or both, there is no way for English-Russian speaking host to determine what’s behind those signs they call hieroglyphs, and you want all this hassle for free? You are stealing hundreds and thousands worth of software and you don’t even want to pass the savings? Curse, curse, curse

Trying to figure out how to work out the free hosting idea. So, if you happen to stroll by this blog and happen to need a free hosting - contact us through our web site www.zealus.com and we’ll see what we can do for you.

Popularity: 13%

You might also be interested in reading this:

• Free web hosting (February 19, 2005): Some times you get a request that's just so plain impudent, that you can't even say no... Consider this - guy asks for 2GB of space, 15 GB of traffic for free hosting. Fine, I don't mind that, no problem. But the concept there is to get money from the ads to move to normal [...]
• Windows Hosting is down (December 15, 2004): Yeah, it's that time of the life when shit hits the fan HARD! The provider for Windows Hosting went down without notice... And IS down still for almost a week. Then we lost several clients, and finally decided to abandon the whole windows hosting thing and concentrate on Linix/PHP/mySQL in addition to web design services [...]
• Weird people that sell hosting (January 20, 2005): Yeah, weird. How else would you call these guys that don't return phone calls, don't respond to e-mails of their clients? They seem to be too big to notice small clients that have invested in whole year of hosting. And instead of making another sale they just ignoring it. Good, I'll make a sale on [...]
• Updates by the pound. (September 26, 2005): What I like my clients for is not only the money they tend to forget to pay, but for all the fun I tend to have meeting their requests. By all means - I'm happy to provide the services and whatnot. What amazes me is how fast the ideas and demands are changing :)