eBay Knew For 1 Yr.That Security Holes On Its Site Could Lead to Account Hijacks
|
04-05-2006, 07:15 PM,
Post: #21
|
|||
|
|||
Re: eBay Knew For 1 Yr.That Security Holes On Its Site Could Lead to Account Hijacks
i tried to do some javascript on my Me page and ebay rejected it (was a javascript to pull in an RSS feed) so it looks like theyre tightening up in some regards. still, though, way too easy to do malicious code in listings.
|
|||
04-28-2006, 08:13 AM,
Post: #22
|
|||
|
|||
US Government Warns Again That Listings on eBay Web Site May Contain Malware
The US Department of Homeland Security's US-CERT issued another security alert on 27 April 2006 that viewing listings on the eBay web site may be dangerous. This is the same problem eBay has known about for over 1 year and that its spokesperson Catherine England publicly stated it has no intention of fixing. Its users being the possible victims of identity theft is apparently of no concern to the company. :
Quote:US-CERT National Cyber Alert System http://www.us-cert.gov/cas/alerts/SA06-117A.html US-CERT also issued a vulnerability note regarding the eBay web site on 2 April 2006: http://www.kb.cert.org/vuls/id/808921 |
|||
05-18-2006, 04:04 PM,
Post: #23
|
|||
|
|||
Re: eBay Knew For 1 Yr.That Security Holes On Its Site Could Lead to Account Hij
This quote from Auctionbytes 5.18
Quote:Some users had complained they were receiving error messages relating to Javascript, leading one to speculate, "Apparently, eBay is tightening some of its JavaScript rules, and I think today was a harbinger of that." Some scammers have used Javascript vulnerabilities to spoof eBay listings (http://www.auctionbytes.com/cab/abn/y04/m10/i04/s01). An eBay spokesperson did not get back to AuctionBytes by press time to address the Javascript issue. http://auctionbytes.com/cab/abn/y06/m05/i18/s01
Al draagt een aap een gouden ring, het is en blijft een lelijk ding
|
|||
03-13-2008, 12:15 PM,
Post: #24
|
|||
|
|||
Re: eBay Knew For 1 Yr.That Security Holes On Its Site Could Lead to Account Hijacks
It has been 2 1/2 years since this thread started and eBay has yet to fix the cross site scripting vulnerability on its site :blinkie:
Quote:Saying it was tired of waiting for eBay to fix a security problem on its platform that has existed for years, German watchdog group Falle-Internet.de exposed the vulnerability to journalists in a live demonstration on Tuesday. Falle-Internet.de was able to display reporters' eBay account information on a special page once reporters had visited an eBay Germany listing that contained malicious code similar to that used by scammers... full article and screenshots: http://www.auctionbytes.com/cab/abn/y08/m03/i13/s01 |
|||
« Next Oldest | Next Newest »
|
Users browsing this thread: 3 Guest(s)