eBay Scrambles to Fix Phishing Bug 131
Paul Laudanski writes "c|net is reporting that eBay is scrambling to fix a software glitch which opens doors to phishing attacks via one of its own valid URLs. "The flaw may have already allowed individuals to use one of eBay's URLs to trick unsuspecting parties into visiting malicious sites, the company representative said.""
In other news... (Score:1, Insightful)
Not the first time (Score:2, Insightful)
That's the problem with e-mail correspondence. (Score:5, Insightful)
It should be a text-only medium, period. No attachments, no graphics, no opportunity to get someone to click before they think.
Re:Phishing EBay (Score:5, Insightful)
Re:That's the problem with e-mail correspondence. (Score:1, Insightful)
Re:Not the first time (Score:2, Insightful)
This is exactly the type of non-sensical question that frightens would be ascenders of the technology curve. First of all it begs the question, "large companies" versus who? Small companies? Do you think small companies are any more capable of defending themselves against attacks? Or even doing the type of advanced testing that can be done by large company with large company resources?
If not, are you then suggesting no one should do business at all? Obviously that is out the window. So what's the point here?
Large companies, online, are leading the way towards advanced web applications that are changing the way we live our lives and conduct business. And as the MS defector [slashdot.org] implied in his blog, web applications are living software. Changing in (almost) real-time to meet the needs of the market and security/functionality needs.
My advice... (Score:5, Insightful)
Bookmark all the financial sites you use, and whenever you receive emails with such "friendly" links, use your bookmark instead, to log in to the site. If it was important, you will see it on the next page there.
I never click on the links even when I know they are legit (to avoid forming a habit).
Re:Hooray for eBay and c|net - or not? (Score:1, Insightful)
It would take literally 2 minutes for them to fix this.
This was reported a while ago (Score:4, Insightful)
Seems that they're only 'scrambling' now there is media attention.
Re:not hard (Score:4, Insightful)
For some phishes, I take the time to login with fake
id's and passwords making sure to insult the scumsucking bastards.
Then I do a network lookup on them and try to
email the corresponding isp. Very easy to do
and protects others.
Vigalantism at its best! Everyone do the same.