Need Help!!!! I think I was Almost DNS Scammed while shoping at newegg?

[newnameman]

Originally posted by: aphex

Originally posted by: Shaker8
Should I contact newegg to see if they do actually use AKamai?

http://www.google.com/search?h...mai&btnG=Google+Search

His next post:

Should I contact Google to see if they really say Newegg uses Akamai?

 

[apac]

Originally posted by: Cdubneeddeal

Originally posted by: Shaker8
Should I contact newegg to see if they do actually use AKamai?

I wouldn't worry about it. After I did the auto notify I could see the data being routed through Akamai.

Maybe you've been DNS poisoned as well! ha-HA!

 

[TridenT]

-_- It's ok... So many websites use akamai.

 

[Cdubneeddeal]

Originally posted by: newnameman

Originally posted by: aphex

Originally posted by: Shaker8
Should I contact newegg to see if they do actually use AKamai?

http://www.google.com/search?h...mai&btnG=Google+Search

His next post:

Should I contact Google to see if they really say Newegg uses Akamai?

Don't be an ass.

And Shaker, no worries. With all the hoopla about the DNS it pays to be safe.

Good luck with your build.

 

[Shaker8]

Originally posted by: newnameman

Originally posted by: aphex

Originally posted by: Shaker8
Should I contact newegg to see if they do actually use AKamai?

http://www.google.com/search?h...mai&btnG=Google+Search

His next post:

Should I contact Google to see if they really say Newegg uses Akamai?

Like I said sorry for the bother I didn't see aphex link everything was moving kinda fast

 

[Shaker8]

Originally posted by: Cdubneeddeal

Originally posted by: newnameman

Originally posted by: aphex

Originally posted by: Shaker8
Should I contact newegg to see if they do actually use AKamai?

http://www.google.com/search?h...mai&btnG=Google+Search

His next post:

Should I contact Google to see if they really say Newegg uses Akamai?

Don't be an ass.

And Shaker, no worries. With all the hoopla about the DNS it pays to be safe.

Good luck with your build.

Thanks Mate,

Was just being paranoid never had firefox tell me that on newegg site ever and the first thing that came to my mind was the DNS posioning thing I had read on here

Once again thank you all for you help, you guys rock!!!

 

[Shaker8]

Hey Guys,


Last night I had a little scare while shopping on newegg. You can read about here in this thread

Thread from last night

Amazingly despite the time that morning alot of Anandtech people helped me out and belayed my fears.....and I listened, I thank them for there help but it appears they were wrong.

This afternoon I returned home form work to find the shopping cart that I had selected from newegg was empty, also the headphones in the thread above were not on auto notify as I had set them to be.

My suspicions aroused I called Newegg.

I talked to a representative called Ileana who checked up on my concern about the certificate from "a248.e.akami.net" with her supervisor and the IT department.

After a very long time waiting I was told that Newegg does not use Akima and that the only certificate valid was from VERISIGN!!!!!!

After being told this I immediately checked to see if I had any orders placed using my credit card. Luckily for me it has been awhile since my last bill and the credit card on file with newegg is not valid anymore. Since my cart was empty I only assume that they had unsuccessfully tried to make a purchase since Ileana couldn't tell me.

I have changed my password for my newegg account and will definitely check the certificate in the future.

Ileana assured me that the IT department would be looking into the other site and that Newegg might put a warning up on there homepage.

Beware guys whether this was DNS Poisoning or a bad link in the forums I don't know(not going to hit that headphone link in the thread referenced in my first thread about this to check it) According to the link in the DNS in the wild thread I am safe from DNS Posioning but this happened anyways so beware!!!

This was what I was told buy the newegg rep if I am in any way wrong then I apologize but she told me not to trust any Akima certificate only ones that said Newegg and were from VERISIGN!!!!

Hope this helps you all


I'm merely moving this thread into the other thread with the same topic by the same poster. Everything below this point with the same time stamp was merged. -Anandtech Moderator DrPizza. Also, knock it off with the name calling.

 

[Shaker8]

Just so you all know what the fake certificate looks like I posted this in the DNS in the Wild thread as it was happening to me.

Here is the other info on the Certficate Viewer

This certificate has been verified for the following uses:

SSL Server Certficate
Email Recipent Certificate
-----------------
Issued to
Common Name(Cn) a248.e.akami.net
Organization(O) Akamai Technologies, Inc.
Organizational Unit (OU) <Not Part Of Certificate>

Issued By
Common Name(CN) GTE CyberTrust Global Root
Organization (O) GTE Corporation
Organizational Unit (OU) GTE Cyber Trust Soulutions, Inc

Validity 5/21/2008
Issued On 2/21/2009

Fingerprints 6A:79:36:1A:ED:C4:E9:11F:A4:00:C5:42:FA:B1:28:04:6C:63:1A
SHA1 Fingerprint EE:11:EF:09:71:B1:3E:F8:2A:68:45:7E:12:8D:B6:73

edit: don't think there are any mistakes but had to hand type it since Firefox wouldn't let me highlight to copy and paste it

 

[TehMac]

Interesting, and scary...so just by visiting the site you were endangered?

I am making my way through the previous links as well.

 

[Shaker8]

Originally posted by: TehMac
Interesting, and scary...so just by visiting the site you were endangered?

I am making my way through the previous links as well.

It was either using Google to lookup newegg.com (yeah I am lazy) or clicking the headphone link for the Senns HD555 in a thread on these forums(linked in the first thread). Either way I just wanted everyone to know and be careful especially considering how many of us on here use Newegg

 

[IEC]

Are you using OpenDNS? My SSL cert info for Newegg most certainly says it is a Verisign Class 3 Extended Validation.

 

[BigJ]

Originally posted by: TehMac
Interesting, and scary...so just by visiting the site you were endangered?

I am making my way through the previous links as well.

Take a look at the DNS Exploit thread at the top of the forums.

 

[RESmonkey]

Originally posted by: Spartan Niner
Are you using OpenDNS? My SSL cert info for Newegg most certainly says it is a Verisign Class 3 Extended Validation.

x2 I checked and it said Verisign.

 

[Shaker8]

Originally posted by: Spartan Niner
Are you using OpenDNS? My SSL cert info for Newegg most certainly says it is a Verisign Class 3 Extended Validation.

Mine say the same thing now as yours but last night it was Akima, and it almosted costed me alot of headache.

Right after I put those headphones on auto notify, I was going to purchase my new build to do so I would of updated my credit card info.

So glad I use Firefox and it warned me.

As to the OPenDNS Question, I don't know I just clicked the http://www.doxpara.com/ link in the DNS in the wild thread and it said I was safe.

Is OpenDNS something I can control? or switch too?

 

[mrSHEiK124]

You say your DNS is safe, but claim it was compromised? And get it straight, you've already spelled it Akima and Akami, it's Akamai and they ARE legit. I think you're overreacting.

 

[IEC]

If your DNS verifies with doxpara or other testing sites, and you manually type in the website address and are on guard to make sure the SSL cert is legitimate, you shouldn't run into trouble.

 

[Shaker8]

Originally posted by: mrSHEiK124
You say your DNS is safe, but claim it was compromised? And get it straight, you've already spelled it Akima and Akami, it's Akamai and they ARE legit. I think you're overreacting.

Dude I can care less wether you believe me, I just spent an hour on the phone with neweeg rep and thats what I was told.

Legit or not that doesn't mean someone can't open up a website with Akamai and have a SSL certifcate and then make a fake site of Newegg.

Straight from Newegg Rep they don't use akamai, akima, or akami however it is spelled. Take it with a grain of salt if you want i will make sure my newegg certificate is from verisign

 

[Jessica69]

Dude, akamai.net has been used by Newegg for years....have always seen that in the secure areas, like account, along the bottom bar as the page loads, and have seen it for a looooooooong time, years before this DNS scare came out. It's NOT fake.....just servers Newegg uses. Always have used them, probably always will.

And here's another thing....when viewing my authorized certs in Firefox, akamai.net is NOT under Authorities (where your SSL-type certs are), like VeriSign (RSA) or COMODO or Equifax or Thawte or any other cert.

It's under Servers, like DirecTV's or Wachovia's or Secure Business Services (NCIXUS's), to name a few in mine......which makes sense because that's what it is....it's being utilized by Newegg as a server.

And according to Firefox, I've had a248.e.akamia.net on my server list for over two years in its current listing......well before your "fake" alert was yelled!

 

[JujuFish]

Akamai is definitely legit. Here's a partial list of customers, although I don't see NewEgg:http://www.akamai.com/html/customers/customer_list.html

 

[Shaker8]

Originally posted by: JujuFish
Akamai is definitely legit. Here's a partial list of customers, although I don't see NewEgg:http://www.akamai.com/html/customers/customer_list.html

Exactly Newegg doesn't use them Therfore the site I was at was not legit!!!

Just becuase a site has an SSL certifcate doesn't mean it's a valid one for the site you are at

 

[OdiN]

http://online.wsj.com/public/a...901597.html?mod=crnews

The Fastest Retail Web Sites in the U.S. Use Akamai for Acceleration
June 11, 2008 6:30 a.m.



-- Data from Gomez(R) ExperienceFirst(SM) Benchmark for Retail

Product Order transactions shows that web sites such as

Newegg, Circuit City, Victoria's Secret, Best Buy, LL Bean and

Overstock.com have the retail industry's best response times

in May 2008

-- All ten of the top fastest retail web sites leverage Akamai

for improving site performance and responsiveness

Akamai Technologies, Inc. (NASDAQ: AKAM), the leader in powering rich media, dynamic transactions and enterprise applications online, today announced that the top and fastest retail web sites in the Gomez ExperienceFirst Benchmark for Retail Product Order are leveraging Akamai acceleration services. These retail web sites are using Akamai for accelerating their site performance and page response times, providing their customers a superior, engaging online shopping experience.



The Gomez ExperienceFirst Benchmark for Retail Product Order measures the speed and availability of a typical product search and order transaction across the nation's largest online retail firms. According to Gomez's data for May 2008, the industry's fastest was Newegg.com, followed by other retailers such as Circuit City, Victoria's Secret, Best Buy, LL Bean and Overstock.com. All the top performers serve their sites through Akamai and have the retail industry's best web page response times, an indication of how fast those retail sites are downloading each web page in the entire multi-step transaction process - including navigating to the home page of the retailer, search results page, product description page, shopping cart page, login page and order review page.

..


"Akamai provides us a platform for accelerating end-to-end e-commerce transactions - including page display, search, add-to-cart, and check out processes - allowing us to deliver a fast, reliable and superior shopping experience for our online customers," said Bernard Luthi, vice president of merchandising, Newegg, the second-largest online-only retailer in the United States. "Aligning ourselves with first-class partners such as Akamai, who value the same principles of quality service and customer satisfaction, has been crucial for our leadership role in the U.S. e-market today."

Originally posted by: Shaker8

Originally posted by: JujuFish
Akamai is definitely legit. Here's a partial list of customers, although I don't see NewEgg:http://www.akamai.com/html/customers/customer_list.html

Exactly Newegg doesn't use them Therfore the site I was at was not legit!!!

Just becuase a site has an SSL certifcate doesn't mean it's a valid one for the site you are at

I think that the VP of Merchandising at Newegg would know better than you who they do and do not use.

 

[JujuFish]

Originally posted by: Shaker8

Originally posted by: JujuFish
Akamai is definitely legit. Here's a partial list of customers, although I don't see NewEgg:http://www.akamai.com/html/customers/customer_list.html

Exactly Newegg doesn't use them Therfore the site I was at was not legit!!!

Just becuase a site has an SSL certifcate doesn't mean it's a valid one for the site you are at

Akamai is legit. Also, note that I said partial list.

 

[JujuFish]

Originally posted by: OdiN
http://online.wsj.com/public/a...901597.html?mod=crnews

The Fastest Retail Web Sites in the U.S. Use Akamai for Acceleration
June 11, 2008 6:30 a.m.

Another link about the same thing: http://www.akamai.com/html/abo...2008/press_061108.html

According to Gomez's data for May 2008, the industry's fastest was Newegg.com, followed by other retailers such as Circuit City, Victoria's Secret, Best Buy, LL Bean and Overstock.com. All the top performers serve their sites through Akamai

 

[Jessica69]

When viewing my authorized certs in Firefox, akamai.net is NOT under Authorities (where your SSL-type certs are), like VeriSign (RSA) or COMODO or Equifax or Thawte or any other cert.

It's under Servers, like DirecTV's or Wachovia's or Secure Business Services (NCIXUS's), to name a few in mine......which makes sense because that's what it is....it's being utilized by Newegg as a server.

And according to Firefox, I've had a248.e.akamia.net on my server list for over two years in its current listing......well before your "fake" alert was yelled!


PS.....It's REAL!!!!!

But no amount of bashing Shakey, errrr....Shaker.....in the head with facts will ever convince him that his "It's fake!" rant is nothing but a lot of Chicken Little yelling about the sky falling.

 

[Shaker8]

Originally posted by: Jessica69
Dude, akamai.net has been used by Newegg for years....have always seen that in the secure areas, like account, along the bottom bar as the page loads, and have seen it for a looooooooong time, years before this DNS scare came out. It's NOT fake.....just servers Newegg uses. Always have used them, probably always will.

Look I am just telling people what happened to me!!! Newegg verified the certificate I typed above was not valid.

They also told me that they don't use Akamai.

If you don't believe me fine I was just posting this here to help other out.

Call Newegg if you want to confirm what I am telling you, or go ahead and use Akamai.net when shopping at Newegg.

What would interest me is if you can find a certificate from Newegg not using verisign but Akamai and whether it looked like the one I typed up there or had www.newegg.com somewhere in the cert. Which the one I type up there doesn't have.

Like I said I am sorry if I am wrong but this is what the newegg rep told me and thats what I am going with.