Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Privacy IT

eBay Scrambles to Fix Phishing Bug 131

Posted by Zonk from the watch-where-you-click dept.
Paul Laudanski writes "c|net is reporting that eBay is scrambling to fix a software glitch which opens doors to phishing attacks via one of its own valid URLs. "The flaw may have already allowed individuals to use one of eBay's URLs to trick unsuspecting parties into visiting malicious sites, the company representative said.""
This discussion has been archived. No new comments can be posted.

eBay Scrambles to Fix Phishing Bug More

eBay Scrambles to Fix Phishing Bug

Comments Filter:

  • In other news... (Score:1, Insightful)

    by Anonymous Coward on Saturday March 05, 2005 @05:23PM (#11854714)
    In other news, ex-hacker warns that social engineering (aka end-user profound dumbness) is the most serious security flaw of computer systems.

  • Not the first time (Score:2, Insightful)

    by KingOfTheNerds ( 706852 ) on Saturday March 05, 2005 @05:24PM (#11854721) Homepage
    This is not the first time this has happend to a huge company, in the summer of 2002 amazon had a similarly large security hole. Can consumers trust large companies anymore? I think so, but you are always taking your chances with security. Sometimes companies become so large that things get easily overlooked.

  • That's the problem with e-mail correspondence. (Score:5, Insightful)

    by Sheetrock ( 152993 ) on Saturday March 05, 2005 @05:25PM (#11854729) Homepage Journal
    Companies are so quick to doll up their e-mails with the latest HTML -- images, links, and tables -- that their customers are getting used to using e-mail as a portal to company sites.

    It should be a text-only medium, period. No attachments, no graphics, no opportunity to get someone to click before they think.

  • Re:Phishing EBay (Score:5, Insightful)

    by X0563511 ( 793323 ) * on Saturday March 05, 2005 @05:36PM (#11854794) Homepage Journal
    Lots of people use the same password for everything. If i were to net a bunch of Ebay account passwords, i could stand a decent chance of getting into the paypal accounts of at least a few of them.

  • Re:That's the problem with e-mail correspondence. (Score:1, Insightful)

    by Anonymous Coward on Saturday March 05, 2005 @05:38PM (#11854806)
    I thought the SCO lawsuit was the dumbest thing to ever be suggested, but then I read your post. Jesus H. Christ, what a stupid thing to say. Do you shake your rake at the neighborhood kids on their skateboards, old man? Hey, I have another idea that you might like, how about we just get rid of links altogether on the Internet, that way no phishing can ever happen! Perhaps in your lonely and cold little crevice under the bridge somebody might even disallow all images on web pages, that way there can be no question about the source of information. I have another idea. Why don't you put on some pants, get off the chair, and go look for another pale, misshapen fucktard to date! Yeah!

  • Re:Not the first time (Score:2, Insightful)

    by lonb ( 716586 ) * on Saturday March 05, 2005 @05:41PM (#11854826) Homepage
    "Can consumers trust large companies anymore?"
    This is exactly the type of non-sensical question that frightens would be ascenders of the technology curve. First of all it begs the question, "large companies" versus who? Small companies? Do you think small companies are any more capable of defending themselves against attacks? Or even doing the type of advanced testing that can be done by large company with large company resources?

    If not, are you then suggesting no one should do business at all? Obviously that is out the window. So what's the point here?

    Large companies, online, are leading the way towards advanced web applications that are changing the way we live our lives and conduct business. And as the MS defector [slashdot.org] implied in his blog, web applications are living software. Changing in (almost) real-time to meet the needs of the market and security/functionality needs.

  • My advice... (Score:5, Insightful)

    by wotevah ( 620758 ) on Saturday March 05, 2005 @06:07PM (#11854979) Journal

    ...has always been to never click on emailed links pertaining to anything important, especially banking and such.

    Bookmark all the financial sites you use, and whenever you receive emails with such "friendly" links, use your bookmark instead, to log in to the site. If it was important, you will see it on the next page there.

    I never click on the links even when I know they are legit (to avoid forming a habit).

  • Re:Hooray for eBay and c|net - or not? (Score:1, Insightful)

    by DiD Roe ( 812067 ) on Saturday March 05, 2005 @08:06PM (#11855718)
    That just seems really stupid, I mean all it would take is to temporarily remove the redirect feature from the code, or put a couple of regular expressions in there to only allow their hostnames to be used.

    It would take literally 2 minutes for them to fix this.

  • This was reported a while ago (Score:4, Insightful)

    by hairykrishna ( 740240 ) on Saturday March 05, 2005 @09:47PM (#11856282)
    I'm a powerseller on UK eBay. This exploit was reported in the powerseller forum a couple of weeks ago.

    Seems that they're only 'scrambling' now there is media attention.

  • Re:not hard (Score:4, Insightful)

    by fireheadca ( 853580 ) on Sunday March 06, 2005 @12:15AM (#11856981)
    In otherwords don't be stupid and just randomly enter your password in sites asking for "updates"...

    For some phishes, I take the time to login with fake
    id's and passwords making sure to insult the scumsucking bastards.
    Then I do a network lookup on them and try to
    email the corresponding isp. Very easy to do
    and protects others.

    Vigalantism at its best! Everyone do the same.

Slashdot Top Deals

"A car is just a big purse on wheels." -- Johanna Reynolds

Close