General Cycling Discussion - Specialized's Privacy Policy

This is a copy of an e-mail I sent to Specialized's IT guy regarding a port scan attack that was blocked by my firewall this morning.


My fire wall blocked a port scan attack on my PC when I accessed your website.

McAfee Firewall blocked an attempt to attack your machine using a "Port Scan" attack. The remote address associated with the traffic was 12.22.53.38. The remote port was 80 [HTTP]. The local port on your PC was 1412 [ephemeral].

McAfee Visual Trace Version 3.27 Results
Target: 12.22.53.38
Date: 3/5/04 (Friday), 2:57:35 AM
Nodes: 6


Node Data
Node Net Reg IP Address Location Node Name
6 1 - 12.22.53.38 San Francisco


Packet Data
Node High Low Avg Tot Lost
6 ---- ---- ---- 174 174


Network Data
Network id#: 1
AT&T WorldNet Services ATT (NET-12-0-0-0-1)
12.0.0.0 - 12.255.255.255
Specialized Bicycle Components SPECIALIZED-53-0 (NET-12-22-53-0-1)
12.22.53.0 - 12.22.53.63

ARIN WHOIS database, last updated 2004-03-04 19:15


Registrant Data
_____
Copyright © 1997-2002 Networks Associates Technology, Inc. All Rights Reserved


I performed a trace on this address and found it associated with your company and / or website. I do not feel that a port scan is truly in keeping with a "Privacy Policy" nor do I feel any attempt to scan or access data from my computer to be an ethical nor legal. As a longtime customer of your company I was quite distressed to find that the attack originated from an address associated with your company.

I await your response.

Respectfully,

<name withheld>

I expect this crap out of Adult sites as they look for any useful data that they can exploit. I do not expect it out of a company that I have been a loyal customer of for years.

I will keep you posted as to any response I receive from Specialized.

Could be the work of a few bored hackers.

This is a copy of an e-mail I sent to Specialized's IT guy regarding a port scan attack that was blocked by my firewall this morning.



Just because the firewall calls it an attack that doesn't make it so.

A port scan is not an attack... it's the equivalent of checking if a door is locked. Besides, you're gonna be a busy person treating every knock on port 80 as an attack. It's part of being connected to the internet.

There is much, much worse out there just waiting for you.

Just because the firewall calls it an attack that doesn't make it so.

A port scan is not an attack... it's the equivalent of checking if a door is locked. Besides, you're gonna be a busy person treating every knock on port 80 as an attack. It's part of being connected to the internet.

There is much, much worse out there just waiting for you.
They get all the info they need from my IP address and the session cookies that I do allow. They don't need to "knock" on my ports for any reason. I visit any number of sites per day and this is the first time that a company that I know and trust has pulled this

I'm sorry but i rather agree with Raiyn, a port scan is a fairly serious thing, its like a strip search and instead of a hand shake. I donno what they wanted ouf of it but i dont think its the best thing for them to do. All else fails just dont go to their site.

They get all the info they need from my IP address and the session cookies that I do allow. They don't need to "knock" on my ports for any reason. I visit any number of sites per day and this is the first time that qa company that I know and trust has pulled this


Be careful this is a very serious thing, you should immediately stop liking specialized, sell your bikes, and become a cannondale lover.




And I am being 100% serious.


Seriously.

Be careful this is a very serious thing, you should immediately stop liking specialized, sell your bikes, and become a cannondale lover.




And I am being 100% serious.


Seriously. I think you should go take a swim.

Right now.

Had you been to Specialized's site recently before you got this? I am going to guess this is a Specialized glitch and McAfee overreaction. My guess is Specialized's server thought you still had a connection open with them and sent you a few packets. McAfee knew you didnt and interpreted this as an attack.

Had you been to Specialized's site recently before you got this? I am going to guess this is a Specialized glitch and McAfee overreaction. My guess is Specialized's server thought you still had a connection open with them and sent you a few packets. McAfee knew you didnt and interpreted this as an attack.I have visited Specialized in the past on many occasions and have never had this happen. This occurred when I clicked a link on their site so it wasn't a server asking "are you still there" as I had an established connestion.

bg, If this was a question as to whether he was still there or not they would have pinged him. Trying to open a port "on the sly" is wrong.
I also use a McAfee personal firewall. I have never had a company I do business with attempt to open a port, pings yes, port attacks no.
Raiyn I would go for the throat, the least I can see is you getting some "schwag" from them to cool you off.

Raiyn I would go for the throat, the least I can see is you getting some "schwag" from them to cool you off.



Wow:eek:

Maybe we should all go to http://www.webopedia.com/TERM/P/port_scanning.html and read the definition of a port scan. Then think to ourselves, "hmm, would specialized want to do anything malicious to my computer?" Probably not huh.

KleinMP99 this is in honor of you! You are so very right and I am sure the link was of *some* help. Here is my $.02 solution for the rest of ya that disagree with him *smile* Good luck with your Specialized replying to ya. No hard feelings..only good humor. Oldie, but Goodie.

"Ridge Hall computer assistant, may I help you?"
"Yes, well, I'm having trouble with WordPerfect."
"What sort of trouble?"
"Well, I was just typing along, and all of a sudden the words went away."
"Went away?"
"They disappeared."
"Hmm. So what does your screen look like now?"
"Nothing."
"Nothing?"
"It's blank. It won't accept anything when I type."
"Are you still in WordPerfect, or did you get out?"
"How do I tell?"
"Can you see the C: prompt on the screen?"
"What's a sea-prompt?"
"Never mind. Can you move the cursor around on the screen?"
"There isn't any cursor. I told you, it won't accept anything I type."
"Does your monitor have a power indicator?"
"What's a monitor?"
"It's the thing with the screen on it that looks like a TV. Does it have a little light that tells you when it's on?"
"I don't know."
"Well, then look on the back of the monitor and find where the power cord goes into it. Can you see that?"
"Yes, I think so."
"Great. Follow the cord to the plug, and tell me if it's plugged into the wall."
"...Yes, it is."
"When you were behind the monitor, did you notice that there were two cables plugged into the back of it, not just one?"
"No."
"Well, there are. I need you to look back there again and find the other cable."
"...Okay, here it is."
"Follow it for me, and tell me if it's plugged securely into the back of your computer."
"I can't reach."
"Uh huh. Well, can you see if it is?"
"No."
"Even if you maybe put your knee on something and lean way over?"
"Oh, it's not because I don't have the right angle - it's because it's dark."
"Dark?"
"Yes - the office light is off, and the only light I have is coming in from the window."
"Well, turn on the office light then."
"I can't."
"No? Why not?"
"Because there's a power cut."
"A power... A power cut? Aha, OK, we've got it licked now. Do you still have the boxes and manuals and packing stuff your computer came in?"
"Well, yes, I keep them in the closet."
"Good. Go get them, and unplug your system and pack it up just like it was when you got it. Then take it back to the store you bought it from."
"Really? Is it that bad?"
"Yes, I'm afraid it is."
"Well, all right then, I suppose. What do I tell them?"
"Tell them you're too freaking stupid to own a computer."

Klein, the bottom line and basic question is; have you EVER had a company you do business with attempt to open ports on your computer without consent. Never happened to me. Though I will admit a fairly large amount of Asians seem to be mighty interested in what I have and if they can get in.
Anything that a company may and/or may not be interested in would be in any cookies they installed. Can you explain the port scan when all the info they could possibly want or need is on the cookies?

I'm about 99% sure that a port scan without permission is illegal. I don't know how large the possibility is that McAffee was mistaken, as bg4533 suggested, but it is possible that Specialized's server has been compromised, in which case they need to look at their security.

A portion of the article Klein linked to:

"Port scanning in and of itself is not a crime. There is no way to stop someone from port scanning your computer while you are on the Internet because accessing an Internet server opens a port, which opens a door to your computer. There are, however, software products that can stop a port scanner from doing any damage to your system."

KleinMP99 this is in honor of you! You are so very right and I am sure the link was of *some* help. Here is my $.02 solution for the rest of ya that disagree with him *smile* Good luck with your Specialized replying to ya. No hard feelings..only good humor. Oldie, but Goodie.


So am I supposed to be mad?

No, silly. I was agreeing with You..pretty much only you, by the looks of the other replies so thus far. :D

No, silly. I was agreeing with You..pretty much only you, by the looks of the other replies so thus far. :D


ahahhahah, I just wasnt sure. BTW.....Why arent you on AIM or YIM?:D

WOW. I want some of that fancy firewall software too.

Klein, the bottom line and basic question is; have you EVER had a company you do business with attempt to open ports on your computer without consent. Never happened to me.

Anything that a company may and/or may not be interested in would be in any cookies they installed. Can you explain the port scan when all the info they could possibly want or need is on the cookies?
Exactly my point.

I'm Asian and i can assure you i have no interest in what's on your computer, georgesnatcher.
:-p

Do you live in Beijing or Guangzhou? If so I do not believe you. :D

You're not paranoid if THEY really are out to get you!

I'm Asian and i can assure you i have no interest in what's on your computer, georgesnatcher.
:-p

LOL! You're great ... :D