Warning: OutsourcingRoom.com

am 05.08.2009 05:04:07 von Daniel Brown

Just as a heads-up, in case you guys weren't yet aware (cross-posting):

Elance.com was the victim of an SQL injection attack earlier this
summer (they apparently missed our billions of threads on sanity).
According to their folks, only names, company names, phone numbers,
and email addresses were taken. Whether or not that's true, I don't
know, but that's beyond the scope of this warning.

The most recent attempt to get more of your personal information
comes from a (*possibly* legitimate) website named
OutsourcingRoom.com. If you have been a member of Elance, you may
have already received the message from OSR that claims that you signed
up with them, and gives you a username and password. Now, I'm not
here to tell you guys and gals what to do, but taking the facts into
account - the stealing of private information by breeching the
security of a competitor - it's entirely up to you as to whether or
not you'll consider OSR a trustworthy business. Chances are, they'll
not only charge you for using the service, but will also be so kind as
to reuse (or redistribute) your private and financial information,
should you be willing to give it to them.

We've already received numerous hits on our network for
OutsourcingRoom.com and one or two other shoddy attempts to gain more
information. Today the emails seem to have picked up significantly,
and appear to be not only valid, but professionally-crafted.
Thankfully, we were anticipating such, after being alerted to the
attack by Elance themselves. Perhaps a bit embarrassing for them, but
it was a good move to mitigate the damage post-fact, in my opinion.

That's it. Just trying to keep everyone from getting scammed and
screwed. For more information, check Google, as always. ;-P

--

daniel.brown@parasane.net || danbrown@php.net
http://www.parasane.net/ || http://www.pilotpig.net/
Check out our great hosting and dedicated server deals at
http://twitter.com/pilotpig

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=gcdmg-mysql-2@m.gmane.org

Re: Warning: OutsourcingRoom.com

am 05.08.2009 05:49:05 von Steve

Daniel Brown wrote:
> Just as a heads-up, in case you guys weren't yet aware (cross-posting):
>
> Elance.com was the victim of an SQL injection attack earlier this
> summer (they apparently missed our billions of threads on sanity).
> According to their folks, only names, company names, phone numbers,
> and email addresses were taken. Whether or not that's true, I don't
> know, but that's beyond the scope of this warning.
>
> The most recent attempt to get more of your personal information
> comes from a (*possibly* legitimate) website named
> OutsourcingRoom.com. If you have been a member of Elance, you may
> have already received the message from OSR that claims that you signed
> up with them, and gives you a username and password. Now, I'm not
> here to tell you guys and gals what to do, but taking the facts into
> account - the stealing of private information by breeching the
> security of a competitor - it's entirely up to you as to whether or
> not you'll consider OSR a trustworthy business. Chances are, they'll
> not only charge you for using the service, but will also be so kind as
> to reuse (or redistribute) your private and financial information,
> should you be willing to give it to them.
>
> We've already received numerous hits on our network for
> OutsourcingRoom.com and one or two other shoddy attempts to gain more
> information. Today the emails seem to have picked up significantly,
> and appear to be not only valid, but professionally-crafted.
> Thankfully, we were anticipating such, after being alerted to the
> attack by Elance themselves. Perhaps a bit embarrassing for them, but
> it was a good move to mitigate the damage post-fact, in my opinion.
>
> That's it. Just trying to keep everyone from getting scammed and
> screwed. For more information, check Google, as always. ;-P
>
>

I got that email. I was wondering what that was about. Thanks for the info!

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Warning: OutsourcingRoom.com

am 05.08.2009 05:49:05 von Steve

Re: Warning: OutsourcingRoom.com

am 05.08.2009 09:06:22 von Ashley Sheridan

On Tue, 2009-08-04 at 20:49 -0700, Steve wrote:
> Daniel Brown wrote:
> > Just as a heads-up, in case you guys weren't yet aware (cross-posting):
> >
> > Elance.com was the victim of an SQL injection attack earlier this
> > summer (they apparently missed our billions of threads on sanity).
> > According to their folks, only names, company names, phone numbers,
> > and email addresses were taken. Whether or not that's true, I don't
> > know, but that's beyond the scope of this warning.
> >
> > The most recent attempt to get more of your personal information
> > comes from a (*possibly* legitimate) website named
> > OutsourcingRoom.com. If you have been a member of Elance, you may
> > have already received the message from OSR that claims that you signed
> > up with them, and gives you a username and password. Now, I'm not
> > here to tell you guys and gals what to do, but taking the facts into
> > account - the stealing of private information by breeching the
> > security of a competitor - it's entirely up to you as to whether or
> > not you'll consider OSR a trustworthy business. Chances are, they'll
> > not only charge you for using the service, but will also be so kind as
> > to reuse (or redistribute) your private and financial information,
> > should you be willing to give it to them.
> >
> > We've already received numerous hits on our network for
> > OutsourcingRoom.com and one or two other shoddy attempts to gain more
> > information. Today the emails seem to have picked up significantly,
> > and appear to be not only valid, but professionally-crafted.
> > Thankfully, we were anticipating such, after being alerted to the
> > attack by Elance themselves. Perhaps a bit embarrassing for them, but
> > it was a good move to mitigate the damage post-fact, in my opinion.
> >
> > That's it. Just trying to keep everyone from getting scammed and
> > screwed. For more information, check Google, as always. ;-P
> >
> >
>
> I got that email. I was wondering what that was about. Thanks for the info!
>
Well, I try not to give out my details to too many people each month,
and this month they were beat to it by a nice fellow in Nigeria who I'm
helping out by letting him put some money into my account. Next month I
had originally planned to invest in those berrys everyone is talking
about and some watches, and then after that, I need to update my account
details on Ebay (I forgot I even had an account with them!) as they keep
asking me to go and do it because of a security update they've made.

Ho hum...

Thanks,
Ash
http://www.ashleysheridan.co.uk

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Warning: OutsourcingRoom.com

am 05.08.2009 09:06:22 von Ashley Sheridan

Re: Warning: OutsourcingRoom.com

am 05.08.2009 15:54:47 von Eric Butera

On Wed, Aug 5, 2009 at 3:06 AM, Ashley Sheridan w=
rote:
> On Tue, 2009-08-04 at 20:49 -0700, Steve wrote:
>> Daniel Brown wrote:
>> > Â Â Just as a heads-up, in case you guys weren't yet aware (=
cross-posting):
>> >
>> > Â Â Elance.com was the victim of an SQL injection attack ear=
lier this
>> > summer (they apparently missed our billions of threads on sanity).
>> > According to their folks, only names, company names, phone numbers,
>> > and email addresses were taken. Â Whether or not that's true, I do=
n't
>> > know, but that's beyond the scope of this warning.
>> >
>> > Â Â The most recent attempt to get more of your personal inf=
ormation
>> > comes from a (*possibly* legitimate) website named
>> > OutsourcingRoom.com. Â If you have been a member of Elance, you ma=
y
>> > have already received the message from OSR that claims that you signed
>> > up with them, and gives you a username and password. Â Now, I'm no=
t
>> > here to tell you guys and gals what to do, but taking the facts into
>> > account - the stealing of private information by breeching the
>> > security of a competitor - it's entirely up to you as to whether or
>> > not you'll consider OSR a trustworthy business. Â Chances are, the=
y'll
>> > not only charge you for using the service, but will also be so kind as
>> > to reuse (or redistribute) your private and financial information,
>> > should you be willing to give it to them.
>> >
>> > Â Â We've already received numerous hits on our network for
>> > OutsourcingRoom.com and one or two other shoddy attempts to gain more
>> > information. Â Today the emails seem to have picked up significant=
ly,
>> > and appear to be not only valid, but professionally-crafted.
>> > Thankfully, we were anticipating such, after being alerted to the
>> > attack by Elance themselves. Â Perhaps a bit embarrassing for them=
, but
>> > it was a good move to mitigate the damage post-fact, in my opinion.
>> >
>> > Â Â That's it. Â Just trying to keep everyone from getti=
ng scammed and
>> > screwed. Â For more information, check Google, as always. Â ;-=
P
>> >
>> >
>>
>> I got that email. I was wondering what that was about. Thanks for the in=
fo!
>>
> Well, I try not to give out my details to too many people each month,
> and this month they were beat to it by a nice fellow in Nigeria who I'm
> helping out by letting him put some money into my account. Next month I
> had originally planned to invest in those berrys everyone is talking
> about and some watches, and then after that, I need to update my account
> details on Ebay (I forgot I even had an account with them!) as they keep
> asking me to go and do it because of a security update they've made.
>
> Ho hum...
>
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Har har. This was not a mindless 411 scam. It is a bit different
when an actual site people use gets hacked and their personal
information stolen. I too received one of these emails and it was
very convincing. It has my exact username from the Elance site and
was crafted in such a way that it seems this new site was a partner
with Elance somehow.

--=20
http://www.ericbutera.us/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Warning: OutsourcingRoom.com

am 05.08.2009 15:56:19 von Ashley Sheridan

On Wed, 2009-08-05 at 09:54 -0400, Eric Butera wrote:
> On Wed, Aug 5, 2009 at 3:06 AM, Ashley Sheridan wrote:
> > On Tue, 2009-08-04 at 20:49 -0700, Steve wrote:
> >> Daniel Brown wrote:
> >> > Just as a heads-up, in case you guys weren't yet aware (cross-posting):
> >> >
> >> > Elance.com was the victim of an SQL injection attack earlier this
> >> > summer (they apparently missed our billions of threads on sanity).
> >> > According to their folks, only names, company names, phone numbers,
> >> > and email addresses were taken. Whether or not that's true, I don't
> >> > know, but that's beyond the scope of this warning.
> >> >
> >> > The most recent attempt to get more of your personal information
> >> > comes from a (*possibly* legitimate) website named
> >> > OutsourcingRoom.com. If you have been a member of Elance, you may
> >> > have already received the message from OSR that claims that you signed
> >> > up with them, and gives you a username and password. Now, I'm not
> >> > here to tell you guys and gals what to do, but taking the facts into
> >> > account - the stealing of private information by breeching the
> >> > security of a competitor - it's entirely up to you as to whether or
> >> > not you'll consider OSR a trustworthy business. Chances are, they'll
> >> > not only charge you for using the service, but will also be so kind as
> >> > to reuse (or redistribute) your private and financial information,
> >> > should you be willing to give it to them.
> >> >
> >> > We've already received numerous hits on our network for
> >> > OutsourcingRoom.com and one or two other shoddy attempts to gain more
> >> > information. Today the emails seem to have picked up significantly,
> >> > and appear to be not only valid, but professionally-crafted.
> >> > Thankfully, we were anticipating such, after being alerted to the
> >> > attack by Elance themselves. Perhaps a bit embarrassing for them, but
> >> > it was a good move to mitigate the damage post-fact, in my opinion.
> >> >
> >> > That's it. Just trying to keep everyone from getting scammed and
> >> > screwed. For more information, check Google, as always. ;-P
> >> >
> >> >
> >>
> >> I got that email. I was wondering what that was about. Thanks for the info!
> >>
> > Well, I try not to give out my details to too many people each month,
> > and this month they were beat to it by a nice fellow in Nigeria who I'm
> > helping out by letting him put some money into my account. Next month I
> > had originally planned to invest in those berrys everyone is talking
> > about and some watches, and then after that, I need to update my account
> > details on Ebay (I forgot I even had an account with them!) as they keep
> > asking me to go and do it because of a security update they've made.
> >
> > Ho hum...
> >
> > Thanks,
> > Ash
> > http://www.ashleysheridan.co.uk
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>
> Har har. This was not a mindless 411 scam. It is a bit different
> when an actual site people use gets hacked and their personal
> information stolen. I too received one of these emails and it was
> very convincing. It has my exact username from the Elance site and
> was crafted in such a way that it seems this new site was a partner
> with Elance somehow.
>
> --
> http://www.ericbutera.us/
>
Is there nothing that anybody can actually do about this? Where is the
new company based? Are there laws in that country about this sort of
thing?

Thanks,
Ash
http://www.ashleysheridan.co.uk

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Warning: OutsourcingRoom.com

am 05.08.2009 16:10:22 von Martin Scotta

Nobody can actually do anything. This happen all the time.

Sites like facebook or myspace send invitations to all your mail's
contacts, but that's not the problem. What I can't understand is why
do they do pre-signup just you for the "easy" of you.
I have _created_ an account just to edit my personal data, that's nonsense!=
!!

If you give your contact info you are allowing this kind of "issues",
but if you don't... well, you can't use internet if you don't.

On Wed, Aug 5, 2009 at 10:56 AM, Ashley
Sheridan wrote:
> On Wed, 2009-08-05 at 09:54 -0400, Eric Butera wrote:
>> On Wed, Aug 5, 2009 at 3:06 AM, Ashley Sheridan > wrote:
>> > On Tue, 2009-08-04 at 20:49 -0700, Steve wrote:
>> >> Daniel Brown wrote:
>> >> > =A0 =A0 Just as a heads-up, in case you guys weren't yet aware (cro=
ss-posting):
>> >> >
>> >> > =A0 =A0 Elance.com was the victim of an SQL injection attack earlie=
r this
>> >> > summer (they apparently missed our billions of threads on sanity).
>> >> > According to their folks, only names, company names, phone numbers,
>> >> > and email addresses were taken. =A0Whether or not that's true, I do=
n't
>> >> > know, but that's beyond the scope of this warning.
>> >> >
>> >> > =A0 =A0 The most recent attempt to get more of your personal inform=
ation
>> >> > comes from a (*possibly* legitimate) website named
>> >> > OutsourcingRoom.com. =A0If you have been a member of Elance, you ma=
y
>> >> > have already received the message from OSR that claims that you sig=
ned
>> >> > up with them, and gives you a username and password. =A0Now, I'm no=
t
>> >> > here to tell you guys and gals what to do, but taking the facts int=
o
>> >> > account - the stealing of private information by breeching the
>> >> > security of a competitor - it's entirely up to you as to whether or
>> >> > not you'll consider OSR a trustworthy business. =A0Chances are, the=
y'll
>> >> > not only charge you for using the service, but will also be so kind=
as
>> >> > to reuse (or redistribute) your private and financial information,
>> >> > should you be willing to give it to them.
>> >> >
>> >> > =A0 =A0 We've already received numerous hits on our network for
>> >> > OutsourcingRoom.com and one or two other shoddy attempts to gain mo=
re
>> >> > information. =A0Today the emails seem to have picked up significant=
ly,
>> >> > and appear to be not only valid, but professionally-crafted.
>> >> > Thankfully, we were anticipating such, after being alerted to the
>> >> > attack by Elance themselves. =A0Perhaps a bit embarrassing for them=
, but
>> >> > it was a good move to mitigate the damage post-fact, in my opinion.
>> >> >
>> >> > =A0 =A0 That's it. =A0Just trying to keep everyone from getting sca=
mmed and
>> >> > screwed. =A0For more information, check Google, as always. =A0;-P
>> >> >
>> >> >
>> >>
>> >> I got that email. I was wondering what that was about. Thanks for the=
info!
>> >>
>> > Well, I try not to give out my details to too many people each month,
>> > and this month they were beat to it by a nice fellow in Nigeria who I'=
m
>> > helping out by letting him put some money into my account. Next month =
I
>> > had originally planned to invest in those berrys everyone is talking
>> > about and some watches, and then after that, I need to update my accou=
nt
>> > details on Ebay (I forgot I even had an account with them!) as they ke=
ep
>> > asking me to go and do it because of a security update they've made.
>> >
>> > Ho hum...
>> >
>> > Thanks,
>> > Ash
>> > http://www.ashleysheridan.co.uk
>> >
>> >
>> > --
>> > PHP General Mailing List (http://www.php.net/)
>> > To unsubscribe, visit: http://www.php.net/unsub.php
>> >
>> >
>>
>> Har har. =A0This was not a mindless 411 scam. =A0It is a bit different
>> when an actual site people use gets hacked and their personal
>> information stolen. =A0I too received one of these emails and it was
>> very convincing. =A0It has my exact username from the Elance site and
>> was crafted in such a way that it seems this new site was a partner
>> with Elance somehow.
>>
>> --
>> http://www.ericbutera.us/
>>
> Is there nothing that anybody can actually do about this? Where is the
> new company based? Are there laws in that country about this sort of
> thing?
>
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--=20
Martin Scotta

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Warning: OutsourcingRoom.com

am 05.08.2009 16:14:42 von Ashley Sheridan

On Wed, 2009-08-05 at 11:10 -0300, Martin Scotta wrote:
> Nobody can actually do anything. This happen all the time.
>
> Sites like facebook or myspace send invitations to all your mail's
> contacts, but that's not the problem. What I can't understand is why
> do they do pre-signup just you for the "easy" of you.
> I have _created_ an account just to edit my personal data, that's nonsense!!!
>
> If you give your contact info you are allowing this kind of "issues",
> but if you don't... well, you can't use internet if you don't.
>
>
> On Wed, Aug 5, 2009 at 10:56 AM, Ashley
> Sheridan wrote:
> > On Wed, 2009-08-05 at 09:54 -0400, Eric Butera wrote:
> >> On Wed, Aug 5, 2009 at 3:06 AM, Ashley Sheridan wrote:
> >> > On Tue, 2009-08-04 at 20:49 -0700, Steve wrote:
> >> >> Daniel Brown wrote:
> >> >> > Just as a heads-up, in case you guys weren't yet aware (cross-posting):
> >> >> >
> >> >> > Elance.com was the victim of an SQL injection attack earlier this
> >> >> > summer (they apparently missed our billions of threads on sanity).
> >> >> > According to their folks, only names, company names, phone numbers,
> >> >> > and email addresses were taken. Whether or not that's true, I don't
> >> >> > know, but that's beyond the scope of this warning.
> >> >> >
> >> >> > The most recent attempt to get more of your personal information
> >> >> > comes from a (*possibly* legitimate) website named
> >> >> > OutsourcingRoom.com. If you have been a member of Elance, you may
> >> >> > have already received the message from OSR that claims that you signed
> >> >> > up with them, and gives you a username and password. Now, I'm not
> >> >> > here to tell you guys and gals what to do, but taking the facts into
> >> >> > account - the stealing of private information by breeching the
> >> >> > security of a competitor - it's entirely up to you as to whether or
> >> >> > not you'll consider OSR a trustworthy business. Chances are, they'll
> >> >> > not only charge you for using the service, but will also be so kind as
> >> >> > to reuse (or redistribute) your private and financial information,
> >> >> > should you be willing to give it to them.
> >> >> >
> >> >> > We've already received numerous hits on our network for
> >> >> > OutsourcingRoom.com and one or two other shoddy attempts to gain more
> >> >> > information. Today the emails seem to have picked up significantly,
> >> >> > and appear to be not only valid, but professionally-crafted.
> >> >> > Thankfully, we were anticipating such, after being alerted to the
> >> >> > attack by Elance themselves. Perhaps a bit embarrassing for them, but
> >> >> > it was a good move to mitigate the damage post-fact, in my opinion.
> >> >> >
> >> >> > That's it. Just trying to keep everyone from getting scammed and
> >> >> > screwed. For more information, check Google, as always. ;-P
> >> >> >
> >> >> >
> >> >>
> >> >> I got that email. I was wondering what that was about. Thanks for the info!
> >> >>
> >> > Well, I try not to give out my details to too many people each month,
> >> > and this month they were beat to it by a nice fellow in Nigeria who I'm
> >> > helping out by letting him put some money into my account. Next month I
> >> > had originally planned to invest in those berrys everyone is talking
> >> > about and some watches, and then after that, I need to update my account
> >> > details on Ebay (I forgot I even had an account with them!) as they keep
> >> > asking me to go and do it because of a security update they've made.
> >> >
> >> > Ho hum...
> >> >
> >> > Thanks,
> >> > Ash
> >> > http://www.ashleysheridan.co.uk
> >> >
> >> >
> >> > --
> >> > PHP General Mailing List (http://www.php.net/)
> >> > To unsubscribe, visit: http://www.php.net/unsub.php
> >> >
> >> >
> >>
> >> Har har. This was not a mindless 411 scam. It is a bit different
> >> when an actual site people use gets hacked and their personal
> >> information stolen. I too received one of these emails and it was
> >> very convincing. It has my exact username from the Elance site and
> >> was crafted in such a way that it seems this new site was a partner
> >> with Elance somehow.
> >>
> >> --
> >> http://www.ericbutera.us/
> >>
> > Is there nothing that anybody can actually do about this? Where is the
> > new company based? Are there laws in that country about this sort of
> > thing?
> >
> > Thanks,
> > Ash
> > http://www.ashleysheridan.co.uk
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>
>
>
> --
> Martin Scotta
>
Nicely said, but doesn't answer the question.

Sites like that will send out emails all the time as invites, because
they have the permission of whoever they are sending the emails on
behalf of, hence why they can access the contacts list.

This is a different situation, where the site was hacked, and the
company is not only sending out invite links to all the email addresses
it found, but it is including other personal information, i.e. the
username and password on the original site. Also, as it got that
information as a result of hacking, and they are the ones directly using
that information, well, they could be in a lot of trouble depending on
where in the world they are.

Thanks,
Ash
http://www.ashleysheridan.co.uk

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Warning: OutsourcingRoom.com

am 05.08.2009 16:20:31 von Ashley Sheridan

On Wed, 2009-08-05 at 15:14 +0100, Ashley Sheridan wrote:
> On Wed, 2009-08-05 at 11:10 -0300, Martin Scotta wrote:
> > Nobody can actually do anything. This happen all the time.
> >
> > Sites like facebook or myspace send invitations to all your mail's
> > contacts, but that's not the problem. What I can't understand is why
> > do they do pre-signup just you for the "easy" of you.
> > I have _created_ an account just to edit my personal data, that's nonsense!!!
> >
> > If you give your contact info you are allowing this kind of "issues",
> > but if you don't... well, you can't use internet if you don't.
> >
> >
> > On Wed, Aug 5, 2009 at 10:56 AM, Ashley
> > Sheridan wrote:
> > > On Wed, 2009-08-05 at 09:54 -0400, Eric Butera wrote:
> > >> On Wed, Aug 5, 2009 at 3:06 AM, Ashley Sheridan wrote:
> > >> > On Tue, 2009-08-04 at 20:49 -0700, Steve wrote:
> > >> >> Daniel Brown wrote:
> > >> >> > Just as a heads-up, in case you guys weren't yet aware (cross-posting):
> > >> >> >
> > >> >> > Elance.com was the victim of an SQL injection attack earlier this
> > >> >> > summer (they apparently missed our billions of threads on sanity).
> > >> >> > According to their folks, only names, company names, phone numbers,
> > >> >> > and email addresses were taken. Whether or not that's true, I don't
> > >> >> > know, but that's beyond the scope of this warning.
> > >> >> >
> > >> >> > The most recent attempt to get more of your personal information
> > >> >> > comes from a (*possibly* legitimate) website named
> > >> >> > OutsourcingRoom.com. If you have been a member of Elance, you may
> > >> >> > have already received the message from OSR that claims that you signed
> > >> >> > up with them, and gives you a username and password. Now, I'm not
> > >> >> > here to tell you guys and gals what to do, but taking the facts into
> > >> >> > account - the stealing of private information by breeching the
> > >> >> > security of a competitor - it's entirely up to you as to whether or
> > >> >> > not you'll consider OSR a trustworthy business. Chances are, they'll
> > >> >> > not only charge you for using the service, but will also be so kind as
> > >> >> > to reuse (or redistribute) your private and financial information,
> > >> >> > should you be willing to give it to them.
> > >> >> >
> > >> >> > We've already received numerous hits on our network for
> > >> >> > OutsourcingRoom.com and one or two other shoddy attempts to gain more
> > >> >> > information. Today the emails seem to have picked up significantly,
> > >> >> > and appear to be not only valid, but professionally-crafted.
> > >> >> > Thankfully, we were anticipating such, after being alerted to the
> > >> >> > attack by Elance themselves. Perhaps a bit embarrassing for them, but
> > >> >> > it was a good move to mitigate the damage post-fact, in my opinion.
> > >> >> >
> > >> >> > That's it. Just trying to keep everyone from getting scammed and
> > >> >> > screwed. For more information, check Google, as always. ;-P
> > >> >> >
> > >> >> >
> > >> >>
> > >> >> I got that email. I was wondering what that was about. Thanks for the info!
> > >> >>
> > >> > Well, I try not to give out my details to too many people each month,
> > >> > and this month they were beat to it by a nice fellow in Nigeria who I'm
> > >> > helping out by letting him put some money into my account. Next month I
> > >> > had originally planned to invest in those berrys everyone is talking
> > >> > about and some watches, and then after that, I need to update my account
> > >> > details on Ebay (I forgot I even had an account with them!) as they keep
> > >> > asking me to go and do it because of a security update they've made.
> > >> >
> > >> > Ho hum...
> > >> >
> > >> > Thanks,
> > >> > Ash
> > >> > http://www.ashleysheridan.co.uk
> > >> >
> > >> >
> > >> > --
> > >> > PHP General Mailing List (http://www.php.net/)
> > >> > To unsubscribe, visit: http://www.php.net/unsub.php
> > >> >
> > >> >
> > >>
> > >> Har har. This was not a mindless 411 scam. It is a bit different
> > >> when an actual site people use gets hacked and their personal
> > >> information stolen. I too received one of these emails and it was
> > >> very convincing. It has my exact username from the Elance site and
> > >> was crafted in such a way that it seems this new site was a partner
> > >> with Elance somehow.
> > >>
> > >> --
> > >> http://www.ericbutera.us/
> > >>
> > > Is there nothing that anybody can actually do about this? Where is the
> > > new company based? Are there laws in that country about this sort of
> > > thing?
> > >
> > > Thanks,
> > > Ash
> > > http://www.ashleysheridan.co.uk
> > >
> > >
> > > --
> > > PHP General Mailing List (http://www.php.net/)
> > > To unsubscribe, visit: http://www.php.net/unsub.php
> > >
> > >
> >
> >
> >
> > --
> > Martin Scotta
> >
> Nicely said, but doesn't answer the question.
>
> Sites like that will send out emails all the time as invites, because
> they have the permission of whoever they are sending the emails on
> behalf of, hence why they can access the contacts list.
>
> This is a different situation, where the site was hacked, and the
> company is not only sending out invite links to all the email addresses
> it found, but it is including other personal information, i.e. the
> username and password on the original site. Also, as it got that
> information as a result of hacking, and they are the ones directly using
> that information, well, they could be in a lot of trouble depending on
> where in the world they are.
>
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
>
>
FYI, it looks like the company responsible for outsourcingroom.com is
based in the UK, but the owner is based in the Ukraine. As the site is
hosted in the UK, there are actions that can be taken, as whatever
hosting company they use must take action if this sort of illegal
behaviour is brought to their attention, afaik.

Thanks,
Ash
http://www.ashleysheridan.co.uk

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Warning: OutsourcingRoom.com

am 05.08.2009 16:24:26 von Martin Scotta

What we can do is make a "Report Web Forgery" for this site.
If you use Firefox there is an option in the "help" menu.

Also you can report to search engines like Google or Yahoo (that's what I d=
id)

well... in this thread we are doing something

On Wed, Aug 5, 2009 at 11:14 AM, Ashley
Sheridan wrote:
> On Wed, 2009-08-05 at 11:10 -0300, Martin Scotta wrote:
>> Nobody can actually do anything. This happen all the time.
>>
>> Sites like facebook or myspace send invitations to all your mail's
>> contacts, but that's not the problem. What I can't understand is why
>> do they do pre-signup just you for the "easy" of you.
>> I have _created_ an account just to edit my personal data, that's nonsen=
se!!!
>>
>> If you give your contact info you are allowing this kind of "issues",
>> but if you don't... well, you can't use internet if you don't.
>>
>>
>> On Wed, Aug 5, 2009 at 10:56 AM, Ashley
>> Sheridan wrote:
>> > On Wed, 2009-08-05 at 09:54 -0400, Eric Butera wrote:
>> >> On Wed, Aug 5, 2009 at 3:06 AM, Ashley Sheridan ..uk> wrote:
>> >> > On Tue, 2009-08-04 at 20:49 -0700, Steve wrote:
>> >> >> Daniel Brown wrote:
>> >> >> > =A0 =A0 Just as a heads-up, in case you guys weren't yet aware (=
cross-posting):
>> >> >> >
>> >> >> > =A0 =A0 Elance.com was the victim of an SQL injection attack ear=
lier this
>> >> >> > summer (they apparently missed our billions of threads on sanity=
).
>> >> >> > According to their folks, only names, company names, phone numbe=
rs,
>> >> >> > and email addresses were taken. =A0Whether or not that's true, I=
don't
>> >> >> > know, but that's beyond the scope of this warning.
>> >> >> >
>> >> >> > =A0 =A0 The most recent attempt to get more of your personal inf=
ormation
>> >> >> > comes from a (*possibly* legitimate) website named
>> >> >> > OutsourcingRoom.com. =A0If you have been a member of Elance, you=
may
>> >> >> > have already received the message from OSR that claims that you =
signed
>> >> >> > up with them, and gives you a username and password. =A0Now, I'm=
not
>> >> >> > here to tell you guys and gals what to do, but taking the facts =
into
>> >> >> > account - the stealing of private information by breeching the
>> >> >> > security of a competitor - it's entirely up to you as to whether=
or
>> >> >> > not you'll consider OSR a trustworthy business. =A0Chances are, =
they'll
>> >> >> > not only charge you for using the service, but will also be so k=
ind as
>> >> >> > to reuse (or redistribute) your private and financial informatio=
n,
>> >> >> > should you be willing to give it to them.
>> >> >> >
>> >> >> > =A0 =A0 We've already received numerous hits on our network for
>> >> >> > OutsourcingRoom.com and one or two other shoddy attempts to gain=
more
>> >> >> > information. =A0Today the emails seem to have picked up signific=
antly,
>> >> >> > and appear to be not only valid, but professionally-crafted.
>> >> >> > Thankfully, we were anticipating such, after being alerted to th=
e
>> >> >> > attack by Elance themselves. =A0Perhaps a bit embarrassing for t=
hem, but
>> >> >> > it was a good move to mitigate the damage post-fact, in my opini=
on.
>> >> >> >
>> >> >> > =A0 =A0 That's it. =A0Just trying to keep everyone from getting =
scammed and
>> >> >> > screwed. =A0For more information, check Google, as always. =A0;-=
P
>> >> >> >
>> >> >> >
>> >> >>
>> >> >> I got that email. I was wondering what that was about. Thanks for =
the info!
>> >> >>
>> >> > Well, I try not to give out my details to too many people each mont=
h,
>> >> > and this month they were beat to it by a nice fellow in Nigeria who=
I'm
>> >> > helping out by letting him put some money into my account. Next mon=
th I
>> >> > had originally planned to invest in those berrys everyone is talkin=
g
>> >> > about and some watches, and then after that, I need to update my ac=
count
>> >> > details on Ebay (I forgot I even had an account with them!) as they=
keep
>> >> > asking me to go and do it because of a security update they've made=
..
>> >> >
>> >> > Ho hum...
>> >> >
>> >> > Thanks,
>> >> > Ash
>> >> > http://www.ashleysheridan.co.uk
>> >> >
>> >> >
>> >> > --
>> >> > PHP General Mailing List (http://www.php.net/)
>> >> > To unsubscribe, visit: http://www.php.net/unsub.php
>> >> >
>> >> >
>> >>
>> >> Har har. =A0This was not a mindless 411 scam. =A0It is a bit differen=
t
>> >> when an actual site people use gets hacked and their personal
>> >> information stolen. =A0I too received one of these emails and it was
>> >> very convincing. =A0It has my exact username from the Elance site and
>> >> was crafted in such a way that it seems this new site was a partner
>> >> with Elance somehow.
>> >>
>> >> --
>> >> http://www.ericbutera.us/
>> >>
>> > Is there nothing that anybody can actually do about this? Where is the
>> > new company based? Are there laws in that country about this sort of
>> > thing?
>> >
>> > Thanks,
>> > Ash
>> > http://www.ashleysheridan.co.uk
>> >
>> >
>> > --
>> > PHP General Mailing List (http://www.php.net/)
>> > To unsubscribe, visit: http://www.php.net/unsub.php
>> >
>> >
>>
>>
>>
>> --
>> Martin Scotta
>>
> Nicely said, but doesn't answer the question.
>
> Sites like that will send out emails all the time as invites, because
> they have the permission of whoever they are sending the emails on
> behalf of, hence why they can access the contacts list.
>
> This is a different situation, where the site was hacked, and the
> company is not only sending out invite links to all the email addresses
> it found, but it is including other personal information, i.e. the
> username and password on the original site. Also, as it got that
> information as a result of hacking, and they are the ones directly using
> that information, well, they could be in a lot of trouble depending on
> where in the world they are.
>
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
>
>

--=20
Martin Scotta

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: Warning: OutsourcingRoom.com

am 06.08.2009 14:20:55 von abdulazeez alugo

--_886eac3b-7abd-45d3-908b-203c6800539e_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

> > > Well=2C I try not to give out my details to too many people each mont=
h=2C
> > > and this month they were beat to it by a nice fellow in Nigeria who I=
'm
> > > helping out by letting him put some money into my account.=20

Hello Ash=2C
Could that be termed as "aiding and abetting" that 'nice fellow from Nigeri=
a'?. Let me know your term for it and while you're at it=2C could you not s=
pend the money?
Cheers.

Alugo Abdulazeez
Greetings from Nigeria.

____________________________________________________________ _____
Share your memories online with anyone you want.
http://www.microsoft.com/middleeast/windows/windowslive/prod ucts/photos-sha=
re.aspx?tab=3D1=

--_886eac3b-7abd-45d3-908b-203c6800539e_--

Re: Warning: OutsourcingRoom.com

am 06.08.2009 15:05:20 von Andrew Ballard

On Thu, Aug 6, 2009 at 8:20 AM, abdulazeez alugo wrote:
>
>> > > Well, I try not to give out my details to too many people each month,
>> > > and this month they were beat to it by a nice fellow in Nigeria who I'm
>> > > helping out by letting him put some money into my account.
>
> Hello Ash,
> Could that be termed as "aiding and abetting" that 'nice fellow from Nigeria'?. Let me know your term for it and while you're at it, could you not spend the money?
> Cheers.
>
> Alugo Abdulazeez
> Greetings from Nigeria.
>

I believe the term you are looking for is "fraud victim."

I also believe Ash was being quite facetious. :-)

Andrew

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Warning: OutsourcingRoom.com

am 06.08.2009 19:14:51 von Nate Benes

--0016e6497f2000f45904707c421a
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Hey guys,

Did some digging... looks like the host for http://outsourcingroom.com is
http://hosting.ua/. Also, outsourcingroom looks to be owned by
http://www.cbsystematics.com. The host for this company website is
http://parking.ru. Hopefully this information can be of use to someone a
little more legal-eagle than myself.

Nate
nate@grapepudding.com

On Thu, Aug 6, 2009 at 8:05 AM, Andrew Ballard wrote:

> On Thu, Aug 6, 2009 at 8:20 AM, abdulazeez alugo
> wrote:
> >
> >> > > Well, I try not to give out my details to too many people each
> month,
> >> > > and this month they were beat to it by a nice fellow in Nigeria who
> I'm
> >> > > helping out by letting him put some money into my account.
> >
> > Hello Ash,
> > Could that be termed as "aiding and abetting" that 'nice fellow from
> Nigeria'?. Let me know your term for it and while you're at it, could you
> not spend the money?
> > Cheers.
> >
> > Alugo Abdulazeez
> > Greetings from Nigeria.
> >
>
> I believe the term you are looking for is "fraud victim."
>
> I also believe Ash was being quite facetious. :-)
>
> Andrew
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--0016e6497f2000f45904707c421a--