You Are Not Safe........

[jdabs]

I believe it is an internal FUCK UP with the elite system, and more than likely a worm that hit an elite users email which caused the fuck up. Reason being:

As I stated before, when I receive email to my elite account, it automatically sends me a message to another email account, this is not the case with these 2 emails. Maybe I'm just thinking positive, but I'm guessing that it is just a flaw with the elite system and a virus that started it off.

Of all the people that this has happened to, is there any of you that are not platinum members or that have not purchased anything off this website where you would have to give out your real name for credit card purposes?

Is the name that popped up on the email just first and last name, or is it how your name shows up on your credit card?

There are alot of different possibilities for how and why this happened, I think it is just a security flaw in elites email system that is supposed to be "SECURE", and that it is not law enforcement just getting our first and last names. Do you know how many David Green's their are....if the feds were to do something like this they would want more info than just our names, Elitefitness would have to be made aware of the invasion of privacy (there was a statement on the host servers page saying something about they reserve the right to pass necessary info to law enforcement agencies incase of illegal action taking place) , this is not a terrorist situation or national security therefor they have to have a warrant to take information off each of our computers, or the servers that run the mail system.

I tell you what, IF elite fitness knows about this and is choosing to keep their mouth shut, I pity all of them in the future, what comes around goes around, and I believe Karma really does work even if not on this site.

But then again, I think it's just the lack of not taking the money that is made off all these fucking advertisements and hiring someone that knows how to run an email server and actually make it "SECURE".

Just my 2 pist off cents,

Jdabs

 

[ironmaster]

I think you guys are right. This is a platinum problem (and perhaps a MQ purchaser problem). If your real name was hacked, so is your credit card, passwords, bank info, checking etc. Which means whenever you pay Elite for anything, you are at risk! Not very good for business, there, George. And what worse possible place for a fuck up could there be!!!! Many of us HAVE OUR BALLS HANGING OUT HERE. I just don't fucking believe this shit.
I received another one of these emails as soon as I posted this thread. If we catch the fuck behind this, whoever it is, I will personally stomp a mud-hole in his ass.
Time for a response from the administrator. I predict this will be costly if an adequate explanation and fix isn't presented quickly.
No one should provide personal info or credit card/bank info to this site in the meantime. I love you george, you know I do....but this is bad.
Where's that damn "code" guy when you need him.......over on Chat?

 

[Delinquent]

Yep. I just received my first one a minute ago

Return-Path: <[email protected]>
X-Sieve: cmu-sieve 2.0
Return-Path: <[email protected]>
Received: from smtp3.hushmail.com (smtp3.hushmail.com [64.40.111.33]) ***Is this hushmails ip addy?***
by plimap1.hushmail.com (Postfix) with ESMTP id 3BDB04D54
for <[email protected]>; Fri, 27 Sep 2002 02:01:11 -0700 (PDT)
Received: from mail.caliberdesign.com (www.caliberdesign.com [209.11.101.243])
by smtp3.hushmail.com (Postfix) with ESMTP id 159485AD0
for <[email protected]>; Fri, 27 Sep 2002 02:07:37 -0700 (PDT)
Received: by mail.caliberdesign.com (Postfix, from userid 502)
id 165A11881; Fri, 27 Sep 2002 05:07:34 -0400 (EDT)
To: [email protected]
Subject:
From: <>
X-Sender: <>
Message-Id: <[email protected]>
Date: Fri, 27 Sep 2002 05:07:34 -0400 (EDT)

 

[ironmaster]

Caliberdesign? That's Elite. So what do you make of this, Delinquent?

 

[George Spellwin]

If everyone is getting the same email then its probably virus activity. If its not actually coming from an elite account but just shows the address as an elite then it isn't coming from the elite server being hacked; its coming from another email server that somebody is using for anonymous email.

Hello all,

There is no need to worry, we have received no evidence that the security of our email has been compromised.

Forging the "reply to" address is a very easy thing to do -- if you wanted to, you could forge the "reply to" for anyone -- [email protected] -- for example. This is one of the easiest tricks in the book -- and one of the oldest.

There is no association between Platinum accounts and your email accounts -- unless you used your elitefitness.com email when you registered. Further, if you upgrade your email account for more storage, we would know who owns a particular account, but we would still have no knowledge of the contents of your email. I do not see why this would be a concern.

We have members email us all the time asking us to provide them with their password because they lost it. We cannot and never could. If we had access to your password, we could access your email -- this is the last thing in the world that any of us would want.

There is no security danger from using elitefitness.com email. The real danger is managing your online affairs without using an elitefitness.com email account. Aside from the fact that we the impenetrable encryption, unlike ziplip.com, the elitefitness.com mail servers are located overseas -- making them impervious to subpoena.

If you would post the messages that you received including the entire message headers, I would appreciate it. Then I can comment on them. Please do not post your name.

I appreciate your concern and am eager to look into this with you.

 

[George Spellwin]

Yep. I just received my first one a minute ago

Return-Path: <[email protected]>
X-Sieve: cmu-sieve 2.0
Return-Path: <[email protected]>
Received: from smtp3.hushmail.com (smtp3.hushmail.com [64.40.111.33]) ***Is this hushmails ip addy?***
by plimap1.hushmail.com (Postfix) with ESMTP id 3BDB04D54
for <[email protected]>; Fri, 27 Sep 2002 02:01:11 -0700 (PDT)
Received: from mail.caliberdesign.com (www.caliberdesign.com [209.11.101.243])
by smtp3.hushmail.com (Postfix) with ESMTP id 159485AD0
for <[email protected]>; Fri, 27 Sep 2002 02:07:37 -0700 (PDT)
Received: by mail.caliberdesign.com (Postfix, from userid 502)
id 165A11881; Fri, 27 Sep 2002 05:07:34 -0400 (EDT)
To: [email protected]
Subject:
From: <>
X-Sender: <>
Message-Id: <[email protected]>
Date: Fri, 27 Sep 2002 05:07:34 -0400 (EDT)

caliberdesign.com designs and manages this site along with our ISP. It looks like one of our systems is trying to send you a message. Many of the features of this site send out email:

For example:
When your mailbox is full -- we send out messages.
When you subscribe to a thread, we send out an email.
When you purchase something, we send out an email.
When you join our affiliate program.
When you get a free website here.
When you use our dating service.

I apologize if one of our systems here sent you a message in error, but I do not see how this is a security issue. Please help me understand your logic.

I could go on and on

 

[ironmaster]

George.......forget that johnboy stuff.....that isn't the problem, has nothing to do with anything for christ sakes.
We are getting Elitemail email that addresses us by our real name. Like "Dear **** ****** and then a blank message box. I have never used anything but my screen name at elite except when BUYING something from you. This could only come from your database of people that pay for things like platinum and use credit cards, checks, etc.
You've been hacked, or worse!
Would you like me to forward a copy? It'll show my correct name.

 

[ironmaster]

Bumping....what say yee to that, Sir George?
Happy to send you a copy for analysis. You already know who I am.

 

[George Spellwin]

Another question, and comment.

This site is run on about eight servers. The encrypted mail servers are not run by us (hushmail.com runs them) and are not even in the USA.

Is everyone getting strange messages from [email protected]? This would indicate that our WEB server is trying to send a message out, but is doing something wrong or encountering a problem. If you will post the messages, we can get on it and try to fix the issue, but our sending you mail would not indicate that there is a security issue with the elitefitness.com email accounts.

Please accept my apologies for my delay in responding.

 

[George Spellwin]

George.......forget that johnboy stuff.....that isn't the problem, has nothing to do with anything for christ sakes.
We are getting Elitemail email that addresses us by our real name. Like "Dear **** ****** and then a blank message box. I have never used anything but my screen name at elite except when BUYING something from you. This could only come from your database of people that pay for things like platinum and use credit cards, checks, etc.
You've been hacked, or worse!
Would you like me to forward a copy? It'll show my correct name.

Ok, please post the email and you must include the Message Headers.

You are supposed to get a weekly email from us -- this is our free e-Magazine -- Elite Fitness News. It has all kinds of hardcore bodybuilding information in it. The message should be personalized and it should say something like Dear YourFirstName, For example, you should have gotten a message about ALA recently.

It appears that your messages may be missing the actual body of the message. If we send you a weekly site update, how does that indicate that there is a security issue?

I appreciate your bringing this to my attention, because I want to get to the bottom of this.