Quote:Does this mean Paypal is also vulnerable?
According to The Auction Guild, yes.
Boucher, considering what happened (as you described in your last post), I think you should change both passwords. That may or may not help, but it's worth the effort, IMO.
[quote author=BellisimaJ. link=topic=7538.msg45594#msg45594 date=1172891861]
Quote:Does this mean Paypal is also vulnerable?
According to The Auction Guild, yes.
Boucher, considering what happened (as you described in your last post), I think you should change both passwords. That may or may not help, but it's worth the effort, IMO.
[/quote]
I believe I'm okay. Just signed in and there's no suspicious activity. Also, the auction page where the question was posted had the seller's response:
Quote:Q: Hello, My name is Ace Schmidt. I just saw this item of yours and I remember seeing the same item two days ago, take a look: http://(edited out similar redirect as the one in the OP)
A: I just copy and pasted where you told me to look and my antivirus program told me it was a phishing website, so I didn't open it. Someone obviously must have copied and pasted my pictures in order to get people's email addresses. I've seen it before on ebay. They make a fake auction and when you bid or ask a question about the item they get a hold of your email address to send you spam. They obviously took my picture because it would attract people to click on it. It definately wasn't another auction posted by me.
I remember reading what the seller posted and NOT clicking the link. I don't know how it slipped past me but I never even noticed the redirect.
eBay fixed one redirect security hole - the sign-on page.
Quote:A week or more after it was brought to its attention, eBay has plugged a hole in its sign-on page that was being exploited by phishers.
The vulnerability was noteworthy because it led users to eBay's official login page first, unlike most phishing attacks, which direct victims to a spoofed URL. Once a user entered a valid user name and password on the eBay site, however, the exploit redirected the person to a third-party site of an attacker's choosing...
full article:
http://www.theregister.co.uk/2007/03/02/...n-on_hole/
eWeek has an eArticle on eScams on eBay:
Quote:The auction behemoth is being skewered by Vladuz, the Romanian impaler, and the e-villagers are whispering that he's sucking customer and service rep account lifeblood directly from eBay's internal databases. Is he that spookily talented, or is he just another, albeit talented and lucky, phisher who also stumbled on an e-mail with internal accounts?
The eBay villagers are whispering that he can creep through eBay's internal databases and suck the lifeblood of customer accountsÂlog-ins and passwordsÂright out of their pulsing, 222 million-plus customer heart. He's putting up bogus listings as fast as eBay can take them down, and that proves he's walked through a security hole as big as a barn door...
full article:
http://www.eweek.com/article2/0,1895,2100808,00.asp
TheRegister has another article:
Quote: More than two months after breaching eBay's employee servers, a hacker who calls himself Vladuz remains at large, despite the best efforts of the online auctioneer's security team and officials with law enforcement agencies in the US and eastern Europe.
So far, little public information is known for sure about Vladuz, who on at least two occasions has logged into eBay forums as an official customer service representative and then mocked the company's security. But the net is covered with bread crumbs left by a hacker who goes by that name, brazenly advertises cracking software and talks up his programming prowess. "This scam is perfect in many ways," he wrote on one site about a file he said steals eBay passwords...
full article:
http://www.theregister.co.uk/2007/03/08/who_is_vladuz/
Auctionbytes article on Vladuz:
Quote:Call it the equivalent of neighborhood teens strewing toilet paper on your trees on Halloween, but the nuisance stunts of a Romanian hacker who calls himself Vladuz has quite clearly confounded eBay's attempts to stop him from making his presence known on the online auction site. Confident of his ability to breach eBay's security, Vladuz posted early this morning in eBay Germany's forums, displaying Pinkliner status.
In a year that eBay has dedicated to creating a safer buying experience, Vladuz has gained attention by flagrantly posting on the boards as an eBay forum moderator, or "Pink." How deep Vladuz' access to the site runs is open to speculation...
full article:
http://www.auctionbytes.com/cab/abn/y07/m03/i14/s02