eBay Knew For 1 Yr.That Security Holes On Its Site Could Lead to Account Hijacks
|
12-10-2005, 12:34 PM,
(This post was last modified: 12-10-2005, 12:36 PM by Kristijntje.)
Post: #1
|
|||
|
|||
eBay Knew For 1 Yr.That Security Holes On Its Site Could Lead to Account Hijacks
Quote:Scammers have found a new way to try to trick eBay members into giving them their personal information. full article: http://www.miami.com/mld/mercurynews/bus...source=rss&channel=mercurynews_business
Al draagt een aap een gouden ring, het is en blijft een lelijk ding
|
|||
12-10-2005, 03:13 PM,
Post: #2
|
|||
|
|||
Re: Phishers attack eBay using new technique: Malware on eBay Listing Pages
Well this is one case where it is definitely not safe to shop or even browse on the "safe" eBay site.
I think eBay should bear part of the financial burden and compensate anyone who has had their info stolen as a result of this phish because it was their lax security that allowed it to happen. *putting on my web site owner's hat and taking off my seller's hat before this next sentence* Allowing anyone to place javascript in their listings or in anything else that they place/upload on your site is a fr_ck'n security problem waiting to happen...and it looks like eBay's bad judgement has allowed it to happen.
"Well, Jay was so giddy that someone named Jay was involved with this site we posted our first non-eBay listing in 3 years here at Lunarbid (we tried two items at Yahoo once upon a time, they bombed)" -Marie posting in a LunarBid thread at OTWA in 2005 wins the award for 'most moronic reason ever given for choosing a venue"
"thanks twat u must have nothing better 2 do. do u talk to all your members like that. will not be recomending your site. best way to put it is TULIPTOOLS.COM IS REALLY SHIT. DONT JOIN." -pubescent owner of rinky dink off2auction.com in 2011 |
|||
12-10-2005, 10:29 PM,
Post: #3
|
|||
|
|||
Re: Phishers attack eBay using new technique: Malware on eBay Listing Pages
Quote:EBay has tools that automatically scan new listings for computer viruses and malicious JavaScript, spokesman Hani Durzy said. In this instance, the hacker apparently used code that sneaked past the screening process. Your scanner doesn't work, time to find a new programmer http://jobsearch.monster.com/jobsearch.asp?q=programmer&fn=&lid=&re=104&cy=us&x=0&y=0 |
|||
12-11-2005, 02:13 AM,
Post: #4
|
|||
|
|||
Re: Phishers attack eBay using new technique: Malware on eBay Listing Pages
I say the more the BETTER.
F2#%@K ebay. Wonder how many of these problems are from folks who had their PP accounts FROZEN or were suspended without due process from the bay. You GO hackers.
.
|
|||
12-11-2005, 09:41 PM,
Post: #5
|
|||
|
|||
Re: Phishers attack eBay using new technique: Malware on eBay Listing Pages
[quote author=regic link=topic=1668.msg5911#msg5911 date=1134253794]
Quote:EBay has tools that automatically scan new listings for computer viruses and malicious JavaScript, spokesman Hani Durzy said. In this instance, the hacker apparently used code that sneaked past the screening process. Your scanner doesn't work, time to find a new programmer http://jobsearch.monster.com/jobsearch.asp?q=programmer&fn=&lid=&re=104&cy=us&x=0&y=0 [/quote] Anything that comes out of Hani Durzy's mouth is nothing but spin. I have made this comparison before, and I will re-iterate it: Hani Durzy is just like Baghdad Bob (was that his name?). The Iraqi official who insisted the Americans weren't anywhere near Baghdad while the tanks rolled by. |
|||
12-12-2005, 03:40 AM,
Post: #6
|
|||
|
|||
Re: Phishers attack eBay using new technique: Malware on eBay Listing Pages
Hani b.s.ing in a past life http://www.revenews.com/advice/news/060200a.html
|
|||
12-13-2005, 02:16 AM,
Post: #7
|
|||
|
|||
Re: Phishers attack eBay using new technique: Malware on eBay Listing Pages
Quote:Anything that comes out of Hani Durzy's mouth is nothing but spin. Look up Hani Durzy. You will see the
.
|
|||
12-22-2005, 03:42 AM,
(This post was last modified: 12-22-2005, 03:48 AM by bargainbloodhound.)
Post: #8
|
|||
|
|||
eBay Knew For 1 Yr.That Security Holes On Its Site Could Lead to Account Hijacks
eBay's recent attempt to blame lax computer security habits of its users for a sharp rise in account hijackings are a bunch of B.S. eBay shares equal blame for account hijackings because it knew about and ignored warnings that a security hole existed on its site through which a user could place malicious code in a listing on the ebay site or on an about me page that would redirect them from the eBay site to an off ebay phishing site.
Almost 1 year after this vulnerability was pointed out to eBay, hackers did in fact take advantage of this hole in December 2005 to phish users on the ebay site . The GulfTech warning and article below were issued in January 2005...eBay did nothing despite the warnings. Quote:Last year GulfTech Security Research found several security flaws in eBay and the eBay owned half.com. These security flaws could allow attackers to execute malicious code in the context of a victim's browser, and could easily be used to hijack accounts, and in phishing, and other scams. Unfortunately only some of those security flaws were fixed, and the most dangerous of the bunch still remain even after being made public. Additionally, GulfTech Security Research found similar security vulnerabilities in the well known amazon.com website. Like eBay, the amazon.com vulnerabilities still exist. The full article: http://www.gulftech.org/?node=research&article_id=00064-01042005 Based on the fact that eBay knew about this security vulnerability for almost a year and did nothing, I think they would have a hard time defending themselves in court if anyone who was victimized (had their personal info stolen or account hijacked) decided to sue them.
"Well, Jay was so giddy that someone named Jay was involved with this site we posted our first non-eBay listing in 3 years here at Lunarbid (we tried two items at Yahoo once upon a time, they bombed)" -Marie posting in a LunarBid thread at OTWA in 2005 wins the award for 'most moronic reason ever given for choosing a venue"
"thanks twat u must have nothing better 2 do. do u talk to all your members like that. will not be recomending your site. best way to put it is TULIPTOOLS.COM IS REALLY SHIT. DONT JOIN." -pubescent owner of rinky dink off2auction.com in 2011 |
|||
12-22-2005, 05:26 AM,
Post: #9
|
|||
|
|||
Re: eBay Knew For 1 Yr.That Security Holes On Its Site Could Lead to Account Hijacks
Corporate bureaucracy is to blame for their not fixing the software. The programming guys probably need approval from 50 supervisors just to take a piss.
|
|||
12-22-2005, 11:48 AM,
Post: #10
|
|||
|
|||
Re: eBay Knew For 1 Yr.That Security Holes On Its Site Could Lead to Account Hijacks
Quote:Should I Be Worried? I would be worried if I was a member of the site. |
|||
« Next Oldest | Next Newest »
|
Users browsing this thread: 1 Guest(s)