An instructive non-phish

• From: Hal Lockhart <hlockhar@bea.com>
• Date: Mon, 12 Feb 2007 14:25:24 -0800
• To: <public-wsc-wg@w3.org>
• Message-ID: <D0C847B2BD75414090045D8C7EA3D594032DC7B0@repbex01.amer.bea.com>

This email exchange just happened and I had to share it. (see below)

Notice Liberty Alliance is a security aware organization and Colin is an
experienced security professional.

The follow up is equally interesting. Just for fun I tried the link
(with Firefox). It pops up a Basic Auth username/password box which
says:

Enter username and password for "Members [17:15:37:82]" at
https://members.projectliberty.org

There is nothing on the URL bar and no padlock displayed.

If you enter anything (or nothing) other than a correct
username/password combination, every time you click OK, you are
re-prompted. 

Only if you click Cancel (or close the box) and get a 401 error will you
see the URL and padlock. At this point you can inspect the certificate.

I wonder how many users would guess you need to get an error to check to
see if it is safe to go back and put in your password.

Hal

-----Original Message-----
From: lap-all-bounces@projectliberty.org
[mailto:lap-all-bounces@projectliberty.org] On Behalf Of Vidyut Luther
Sent: Saturday, February 10, 2007 5:08 PM
To: colin@fulvens.com; lap-admin@projectliberty.org;
lap-all@projectliberty.org
Cc: Michael Lee
Subject: Re: [Lap-all] [Lap-admin] Major change to the intranet - action
may be required

Hi Colin,
 This is not a phishing attempt :).

Most phishing attempts show you one url, but have the 'evil' url hidden
in
the link, you can see with this message, that there is no such ulterior
url.
Secondly, you can compare the SSL certificates for
https://members.projectliberty.org and https://files.projectliberty.org,
both have the same credentials, just the certificate is different for
the
different hosts.

Lastly, what you have done is awesome, the only way you can trust this
message, is if Joni Brennan, Brett McDowell, or someone else you trust,
re-enforces my message, and can back up the email.

You have no reason to trust me yet, but hopefully someone you trust, and
with a position of authority can calm your fears. :)

Yours innocently
 Vidyut Luther



On 2/10/07 3:44 PM, "colin mallett" <colin.mallett@btinternet.com>
wrote:

> Hello folks,
> 
> Having just come back from the RSA conference ant thoroughly enjoyed
the
> sessions on Spam and Phishing, can somebody I know in the Liberty team
mail
> me a personal email assuring me this is not an attack?
> 
> Otherwise I will not respond to what looks like a fairly sophisticated
> attempt to obtain my login details.
> 
> Yours suspiciously
> 
> Colin Mallett
> 
> PS if it is Phishing, could somebody please run through the technical
> details of what is being attempted. Similarly, if it is not,  please
could I
> have a technical explanation of why it its not.
> 
> -----Original Message-----
> From: lap-all-bounces@projectliberty.org
> [mailto:lap-all-bounces@projectliberty.org] On Behalf Of Vidyut Luther
> Sent: 10 February 2007 20:06
> To: lap-all@projectliberty.org
> Cc: Michael Lee
> Subject: [Lap-all] Major change to the intranet - action may be
required
> Importance: High
> 
> 
> Good Afternoon,
>  We would like everyone to be aware of a major change that has taken
place
> on the Intranet. This change affects all users trying to read or write
to
> the documents tree, on any platform. If you are trying to access the
> documents tree using Windows/ OS X/ Linux/Unix, you need to read this
> message, and change settings as described. Unless you do so, you will
> receive an error message, and you will be unable to work.
> 
> The URL to access the document repository has changed. The new URL is:
> 
> https://files.projectliberty.org/files/members/
> 
> If you need a refresher on the steps needed to do this, you can see
the
> online help here:
> 
> https://members.projectliberty.org/wiki/index.php/Help:Contents#Docs
> 
> We apologize for any inconvenience, but we believe this change will
improve
> your productivity with the system considerably.
> 
> If you have any concerns or questions, send an email to
> lap-admin@projectliberty.org, we will get back to you as soon as
possible.
> 
> Thank you for your time and patience.
> 
> 
> Sincerely,
>  Vidyut Luther
>  Neustar Secretariat Services
>  
> 
> _______________________________________________
> Liberty Alliance Confidential
> 
> The contents of this message are considered confidential to the
Liberty
> Alliance per the Membership Agreement and should not be shared outside
of
> the Alliance unless otherwise noted in the body of this email by the
> original sender.
> 
> Lap-all mailing list
> Lap-all@projectliberty.org
> https://members.projectliberty.org/mailman/listinfo/lap-all
> 
> _______________________________________________
> Liberty Alliance Confidential
> 
> The contents of this message are considered confidential to the
Liberty
> Alliance per the Membership Agreement and should not be shared outside
of the
> Alliance unless otherwise noted in the body of this email by the
original
> sender.
> 
> Lap-admin mailing list
> Lap-admin@projectliberty.org
> https://members.projectliberty.org/mailman/listinfo/lap-admin

_______________________________________________
Liberty Alliance Confidential

The contents of this message are considered confidential to the Liberty
Alliance per the Membership Agreement and should not be shared outside
of the Alliance unless otherwise noted in the body of this email by the
original sender.

Lap-all mailing list
Lap-all@projectliberty.org
https://members.projectliberty.org/mailman/listinfo/lap-all

Received on Monday, 12 February 2007 22:25:44 UTC