To: WSFAlist at keithlynch.net
Date: Thu, 5 Feb 2004 02:24:59 -0500
Subject: [WSFA] Re: Re: WSFA web site up again
From: ronkean at juno.com
Reply-To: WSFA members <WSFAlist at keithlynch.net>

On Wed, 4 Feb 2004 22:48:46 -0500 (EST) "Keith F. Lynch"
<kfl at KeithLynch.net> writes:

> Ron Kean wrote:
> > It seems unlikely that a prankster caused the problem; more
> > likely it was a mistake.  A prankster would more typically deface the

> > site, or alter or delete content subtly.
>
> And how would he be able to do that?  By making a lucky guess at
> the password?
>

On the face of it, given that editing the page is password-protected, it
would seem almost impossible for a prankster to alter the page.  But
hackers do alter webpages, and your webpage was altered, and your point,
well taken, is that it is unlikely to have been done by a hacker because
it would have been difficult to accomplish.  My point, which I should
have been more clear about, was that, given that the page was altered, it
seems unlikely to have been a prankster, because a prankster would have
done something 'fun' like making prairie dogs dance across the screen,
rather than just make a set of duplicate files, or perhaps something more
malicious than just making duplicate files.

I set up a couple of tripod webpages for some people I know who are
running small businesses, and I remember that the tripod webmaster
interface seemed to default to putting the contents in some folder under
the root folder, as opposed to just putting all the files in the root
folder, as I, a neophyte, was inclined to do.  I don't know how to write
html, so I was stuck with using the tripod webpage construction tool for
dummies.  In the case of your webpage, the host seems to have added a
'wsfa' folder and copied the content to that folder, which seems very
similar to what tripod tries to do.  Perhaps it was done automatically as
part of the migration process.

...They didn't do anything to ensure that I was who I
> claimed to be when I asked them to turn it back on.  Of course if I
> was simply pointing out that it was broken, there'd be no reason
> to. But how do they know that it wasn't the *real* Keith Lynch who
> asked them to close the account, and a prankster who asked them to
reopen
> it?
>
> It's happened to me before.  A prankster claiming to be me closed
> my clark.net account.  (In retrospect I should have left it closed, as
> the service went downhill shortly after that.)
>

It suggests a casual attitude towards security.  Perhaps the hosting
service hasn't yet had a problem involving a telephone impostor.

Years ago, The Washington Post accepted classified advertising phoned in,
and the identity verification consisted routinely of asking the caller if
the advertised phone number was listed in their name.  They normally did
not even bother to call back to the given number to verify the legitimacy
of the original call.  Perhaps the Post still works on that basis.
Because I had roommates sharing my phone line, I was concerned about the
possibility that a roommate might advertise, say, a car for sale, and
then neglect to pay the advertising bill.  So, I arranged with the Post
(by phone!) to put a hold on advertising under my phone number, so that
placing an ad billed per my phone number required a password.

> I recently read, in the RISKS digest:
>   From: "Terry A. Ward" <terrywa at elp.rr.com>
>   Subject: [WSFA] "Loss of Identity" theft
>
>   I was recently the executor of a relative's estate and was
> shocked
>   to discover that I was able to cancel his private health
> insurance,
>   his veteran's health benefits, one dozen credit cards, and all of
>   his retirement direct deposit payments with simple phone calls.

It's not all that surprising, considering that it's rare that impostors
call up to cancel accounts, and the executor supplied the correct SSN.
If an impostor were to call, the damage could be repaired by restoring
the accounts.  In the case of accounts such as those mentioned above,
presumably confirming letters would have been promptly sent out to the
address of record, so if the calls had been made by an impostor, the
deception would have become quickly evident, assuming the victim was
alive and monitoring his mail, or that the executor was doing so.

> > Also, the webmaster should be able to edit the website directly
> > via its control interface
>
> Right.  But since it's NT rather than Unix, this would entail
> copying each file, one at a time, twice each.  There are thousands of
> files, so this would have taken me most of a day.
>

Oh.  I thought all that needed to done (to save storage space) was to
delete the wsfa folder.

> > But the hosting service did offer an explanation of sorts
> (something
> > about 'migrating'), which further suggests the problem was not
> > malicious.
>
> No, "migrating" was the reason why it wasn't restored right.

That's what I thought you meant, that the migrating was done incorrectly.
 But I did not understand that the migrating was occasioned by the
cancellation.  I thought it meant they were changing servers, that they
were migrating many accounts to a new server.

...probably what happened is some *other* customer
> asked that *their* account be closed, and hosting.com confused them
with
> us.
>

Quite possibly.  If it is difficult for you to fix the page the way you
want it, perhaps you could ask the hosting service to fix it, if it is
easy for them to do so.  Could you perhaps fix it more easily by simply
erasing the contents of the page, then uploading the data anew from your
mirror site or other backup?

Ron Kean

.

________________________________________________________________