Supportfolio scam...

Open forum for security issues and info.
Forum rules
Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.
User avatar
Hakimoto
Moderator
Moderator
Posts: 2580
Joined: Sun Mar 30, 2003 4:29 am
Location: Nijmegen, Netherlands, Europe
Contact:

Supportfolio scam...

Unread postby Hakimoto » Mon Nov 07, 2005 6:37 am

Dear All,

by popular request, here's an alert regarding an unusual and maybe isolated scam piece, involving none other than SGI's supportfolio website.

The message looks something like this:

Code: Select all

Fecha: Wed, 2 Nov 2005 14:59:07 -0800 (PST)
De: "SGI Supportfolio" <supportfolio@sgi.com>
A: XXXX@XXXX.XXX
Asunto: Supportfolio Notification


Dear Valued Customer,

This is an auto-generated response. Please do not reply to this e-mail.

The following item has become available on Supportfolio:

Patches: IRIX Patch 5664: 6.5.23 GRIOv2 Rollup #2

This item is related to the following Operating System versions:
6.5.23

View it here: https://support.sgi.com/content_request/704635/index.html

Login to https://support.sgi.com for further information.


Sincerely,
SGI Technology Solutions

SGI Managed Services offers expert installation, reconfiguration,
deinstallation, and relocation services. Visit
www.sgi.com/services/managed_services/deployment.html or call your local SGI office for more
information.



======================================================================
To unsubscribe or change your email notification, please

1) Go to https://support.sgi.com
2) Click on 'My Profile'
3) Click on update your Notification Information


NOTE: Your Supportfolio Account Information
----------------------------------------------------------------------
Username : XXXX
E-mail : XXXX@XXXX.XXX


Of course, the patch is made up and the dangerous linkie is the first one. A fully cloaked, all-walls-up venture gave these results:

---



---

yeah, that's a blank page, but I'm not going to bother trying this with less secure settings on the proxy I used. But one can assume that data is being mined when you get there.

Of course, we're all IT minded educated people here, but you never know, this might just end up in your mailbox and then at least you're not at risk from ignorance. ;-)

Thanks to Diego for providing initial infos, all tests (all one of them :D) done by Hakimoto.

In the interest of proper conduct on the board, this thread is pre-emptively locked. If you really want to discuss the implications of this (just another scam really...) then please do it in an orderly fashion in Everything Else. Thanks in advance. :)

So long.
The Bandito wrote:In a few years, no doubt, you'll be able to buy a computer,
software and operating system that will match the capabilities
of your current Amiga at about the price you paid for the
Amiga way back when. But you can smile to yourself, knowing
that you were touching the future years before the rest of
the world. And that other computers and operating systems
will do with brute force what the Amiga did years before with
grace, elegance and style.


Eroteme.ch - my end of the internet...

User avatar
nekonoko
Site Admin
Site Admin
Posts: 8145
Joined: Thu Jan 23, 2003 1:31 am
Location: Pleasanton, California
Contact:

Re: Supportfolio scam...

Unread postby nekonoko » Thu Nov 17, 2005 3:55 am

Hakimoto wrote:Of course, the patch is made up and the dangerous linkie is the first one.


But that patch does exist. I was able to find it on Supportfolio with a simple search. Furthermore, support.sgi.com is a real site (it's Supportfolio, guys!). The reason you receive a blank page is because it's only available to those with a support contract.

Unlocking :)
Twitter: @neko_no_ko
IRIX Release 4.0.5 IP12 Version 06151813 System V
Copyright 1987-1992 Silicon Graphics, Inc.
All Rights Reserved.

User avatar
GeneratriX
Posts: 4250
Joined: Tue Oct 21, 2003 2:07 am
Location: Rosario / Santa Fe / República Argentina

Re: Supportfolio scam...

Unread postby GeneratriX » Thu Nov 17, 2005 7:05 am

nekonoko wrote:
Hakimoto wrote:Of course, the patch is made up and the dangerous linkie is the first one.


But that patch does exist. I was able to find it on Supportfolio with a simple search. Furthermore, support.sgi.com is a real site (it's Supportfolio, guys!). The reason you receive a blank page is because it's only available to those with a support contract.

Unlocking :)


Neko; the patch does exist, but not at these URL...
Also, the reason why you get a blank page has nothing to do either with/if you have a support contract or not. In such case you'll get a message advertising you about this. No: these is a COMPLETELY blank page, without even a banner.

Even more, check the date of the notification eMail, and the date of release of the original 5664 patch available right now for download at Supportfolio...

IRIX Patch 5664: 6.5.23 GRIOv2 Rollup #2 29-Jul-2004


And as a last question... Why I can't get these page from the eMail URL, and I can enter perfectly from the Supportfolio patch search?

Nahhh... something wrong is actually happenning with these eMail...

[EDIT]
...Another question:
Why it jumps the "Supportfolio ONLINE Sign In" page even if your system it is not configured to recall passwords... conducting you directly to these weird blank page? :roll:
[/EDIT]
Last edited by GeneratriX on Thu Nov 17, 2005 7:27 am, edited 1 time in total.

User avatar
GeneratriX
Posts: 4250
Joined: Tue Oct 21, 2003 2:07 am
Location: Rosario / Santa Fe / República Argentina

The Real One!!!

Unread postby GeneratriX » Thu Nov 17, 2005 7:12 am

BINGO!!! :shock:

This probes my theory perfectly:

https://support.sgi.com/content_request/243577/index.html

...These is the real one!!! ...These is the real one!!!
I don't know if these was just an error on the SGI Supportfolio's system, or maybe just a typo from an admin... but there you have the real Content Request URL! :shock:

User avatar
Hakimoto
Moderator
Moderator
Posts: 2580
Joined: Sun Mar 30, 2003 4:29 am
Location: Nijmegen, Netherlands, Europe
Contact:

Unread postby Hakimoto » Thu Nov 17, 2005 3:19 pm

Fait accompli. :)

I was wondering what had become of this.
The Bandito wrote:In a few years, no doubt, you'll be able to buy a computer,
software and operating system that will match the capabilities
of your current Amiga at about the price you paid for the
Amiga way back when. But you can smile to yourself, knowing
that you were touching the future years before the rest of
the world. And that other computers and operating systems
will do with brute force what the Amiga did years before with
grace, elegance and style.


Eroteme.ch - my end of the internet...

User avatar
GeneratriX
Posts: 4250
Joined: Tue Oct 21, 2003 2:07 am
Location: Rosario / Santa Fe / República Argentina

Fait Accompli

Unread postby GeneratriX » Thu Nov 17, 2005 3:40 pm

Hakimoto wrote:Fait accompli. :)

I was wondering what had become of this.


These is one of the expressions that does not translates too clearly to the Spanish language... could we say "Un Hecho Irreversible"? :roll:

...mmmhhh ...But we'll not find an explanation for it! :P :roll:


Return to “SGI: Security”

Who is online

Users browsing this forum: No registered users and 1 guest