Enjo
Mostly harmless
- Joined
- Nov 25, 2007
- Messages
- 1,667
- Reaction score
- 19
- Points
- 38
- Location
- Germany
- Website
- www.enderspace.de
- Preferred Pronouns
- Can't you smell my T levels?
Hello,
I have an Internet security question. The background is that in the company that I work at, we also sell pet food as an additional work. To help ourselves with the selling, we use some other company's service, which gives an ability to share our prices on their website, so buyers can compare prices of various shops, including ours.
The company has a probably flawed user rating system, where along opinions about shops, they also enter their nicknames.
Lately we've been accused twice by two different workers of this company of entering positive comments about our own shop. Surprisingly, the nickname of the poster was our animal shop's manager's nickname, which is even more intriguing, because it's her very secret nickname which she uses when she doesn't want to be recognised on the Net. The service's workers refused to cooperate with us in means of telling us how they were able to rule that it was our own action. Moreover, they told us that they would cancel their service for us if we continue "our actions".
My question is: assuming that our manager hasn't got dissociative identity disorder (this happens to people but probably not to her...), how do you think they were able to tell that it was "us". My theory is that an unfair competitor spoofed our company server's, or our external webserver's IP and used it to post those comments as "us".
In the opinions form you have the following boxes:
- opinion (1-5) (optional)
- nickname (optional)
- e-mail ("if you want to take part in our competition, blah blah blah") (optional)
- title of comment (optional)
- comment (essential)
Apart from IP spoofing, a weak point is the e-mail address. You could enter an e-mail address of just any company that you want to get rid of.
What do you think? Could there be any other ways of identifying certain people or companies by just a comment on the net and what would be the methods of cracking through such a system (other than IP spoofing)
We want to prepare a punch e-mail to an office (general) address, so that not only those uninformed workers get instructed but hopefully their managers to teach the workers cooperation and security workers to teach them Internet security basics, so I need to sound like I know more than they know
Another thing is that nickname. How the competition (and maybe the company in question) was able to find our manager's secret nickname? It must have been some ID theft practice in my opinion, which is just another reason for using as little social networking sites and sharing as little personal info in general as possible, especially when you're in some sort of business...
Thanks for reading :tiphat:
I have an Internet security question. The background is that in the company that I work at, we also sell pet food as an additional work. To help ourselves with the selling, we use some other company's service, which gives an ability to share our prices on their website, so buyers can compare prices of various shops, including ours.
The company has a probably flawed user rating system, where along opinions about shops, they also enter their nicknames.
Lately we've been accused twice by two different workers of this company of entering positive comments about our own shop. Surprisingly, the nickname of the poster was our animal shop's manager's nickname, which is even more intriguing, because it's her very secret nickname which she uses when she doesn't want to be recognised on the Net. The service's workers refused to cooperate with us in means of telling us how they were able to rule that it was our own action. Moreover, they told us that they would cancel their service for us if we continue "our actions".
My question is: assuming that our manager hasn't got dissociative identity disorder (this happens to people but probably not to her...), how do you think they were able to tell that it was "us". My theory is that an unfair competitor spoofed our company server's, or our external webserver's IP and used it to post those comments as "us".
In the opinions form you have the following boxes:
- opinion (1-5) (optional)
- nickname (optional)
- e-mail ("if you want to take part in our competition, blah blah blah") (optional)
- title of comment (optional)
- comment (essential)
Apart from IP spoofing, a weak point is the e-mail address. You could enter an e-mail address of just any company that you want to get rid of.
What do you think? Could there be any other ways of identifying certain people or companies by just a comment on the net and what would be the methods of cracking through such a system (other than IP spoofing)
We want to prepare a punch e-mail to an office (general) address, so that not only those uninformed workers get instructed but hopefully their managers to teach the workers cooperation and security workers to teach them Internet security basics, so I need to sound like I know more than they know
Another thing is that nickname. How the competition (and maybe the company in question) was able to find our manager's secret nickname? It must have been some ID theft practice in my opinion, which is just another reason for using as little social networking sites and sharing as little personal info in general as possible, especially when you're in some sort of business...
Thanks for reading :tiphat:
Last edited:
