[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] NiX API

To: "full-disclosure@xxxxxxxxxxxxxxxxx" <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] NiX API
From: Haxxor Security <h@xxxxxxx>
Date: Thu, 9 Jun 2011 23:49:00 +0200

This must be a sales-person, since it took 3 emails to tell us it's a proxy
blacklist.
And to use a phrase as "NiX API is effectily blocking 85% of all open
proxies 24/7/365 fully
automatically".
I would like to see a manualy operated proxy-blacklist that only works 6 h a
day in july.


2011/6/9 Thor (Hammer of God) <thor@xxxxxxxxxxxxxxx>

> > Yes. That's the flipside of the coin. However though, any merchant that
> > accepts purchases from user's behind proxies or other anonymizer's is
> > taking a siginificant risk.
>
> Says who other than you?  I use a proxy all the time and have never made a
> fraudulent purchase attempt.  It is nobody's business where I am.  Just
> because you think proxied connections are bad doesn't mean they are.  Your
> "majority of fraud is committed from a proxy" is just some opinion.  How
> about some proof of that?
>
> Besides, you will *never* be able to find out where my proxies are or add
> me to your database.  If I decided to commit fraud, your system would never
> catch me.  You have no way of determining how much fraud it committed from
> other sources, because you don't (and can't) know.
>
> > This happened to us about 50 times in 2.5 months period. Needless to say,
> > im still mad as hell. We lost several hundreds of bucks to those paypal
> > 'reversal fees' + wasted significant amount of our precious times while
> > answering to those disputes.
>
> Ah.  So, one attempt per day or so during that period is what you are
> basing your opinions on?  Depending on what one is selling, all it would
> take is one false positive to screw over the person using your API.  It just
> isn't a good idea.
>
> > The API resolved all issues. There has been few legit customers who
> > wondered why they could not login using the proxy, I said, remove the
> > proxy and try again and then do purchase. They did. A fraudulent user
> > never bother for this, they will leave your site alone.
>
> Nor do you know if a legitimate use would do it.  If I went to buy
> something from you and you assumed I was fraudulent and blocked the
> transaction, I wouldn't even bother telling you - I'd go buy from someone
> else.   The fact that you think the API resolved the issues doesn't prove
> anything.  It just proves that you THINK it did, but you don't know.  I may
> have stopped 1 bad transaction a day, but stopped 10 good ones.  You just
> don't know.  Your main bitch seems to be about a company charging you to use
> their risk management service.   If you don't like PayPal's agreement, then
> don't use them.
>
> You seem to be getting awfully wound up over a "free" tool.  It's free.
>  What do you care what people think?  Or is this just a "get my name in
> links" so that you can try to sell it later?  All my tools are free, and
> I've gotten plenty of "why should I use your tool" emails to which I reply
> "I have absolutely no investment in you using it or not.  If it provides
> value for someone, there it is.  Otherwise, go shit in your hat."
>
> You should wait until you are selling it before you give your sales pitch.
>
> >
> > > --
> > > Aaron Turner
> > > http://synfin.net/         Twitter: @synfinatic
> > > http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix
> &
> > > Windows
> > > Those who would give up essential Liberty, to purchase a little
> temporary
> > > Safety, deserve neither Liberty nor Safety.
> > >     -- Benjamin Franklin
> > > "carpe diem quam minimum credula postero"
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> > >
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] NiX API
  - From: nix
- Re: [Full-disclosure] NiX API
  - From: phocean
- Re: [Full-disclosure] NiX API
  - From: mrx
- Re: [Full-disclosure] NiX API
  - From: nix
- Re: [Full-disclosure] NiX API
  - From: mrx
- Re: [Full-disclosure] NiX API
  - From: nix
- Re: [Full-disclosure] NiX API
  - From: Aaron Turner
- Re: [Full-disclosure] NiX API
  - From: nix
- Re: [Full-disclosure] NiX API
  - From: Thor (Hammer of God)

Prev by Date: [Full-disclosure] Call for Participation: DIMVA 2011
Next by Date: Re: [Full-disclosure] Full-Disclosure Digest, Vol 76, Issue 12
Previous by thread: Re: [Full-disclosure] NiX API
Next by thread: [Full-disclosure] tabnapping
Index(es):
- Date
- Thread