eBay Scrambles to Fix Phishing Bug 131
Paul Laudanski writes "c|net is reporting that eBay is scrambling to fix a software glitch which opens doors to phishing attacks via one of its own valid URLs. "The flaw may have already allowed individuals to use one of eBay's URLs to trick unsuspecting parties into visiting malicious sites, the company representative said.""
Phishing EBay (Score:3, Interesting)
Scrambling? (Score:5, Interesting)
http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPIComm and=RedirectToDomain&DomainUrl=http://siag.nu/ [ebay.com]
That's a link to ebay.com which redirects to siag.nu. And it doesn't look like a glitch, it looks like it's on purpose.
Working hard to stop fraud? (Score:4, Interesting)
Not to long ago, I had a co-worker defrauded. Yeah, he wasn't a bright one and really should have consulted me when even the slightest bit of doubt surfaced.
Long story short, it didn't take place on eBay, but originated through a compromised users account. In the end, eBay was fairly useless for help because they had the option to not deal with it.
If they were serious about working hard to stop this activity they could be a bit more pro-active.
Now, I'm not damning them completely, not so long ago I had someone disappear after a transacation. It took a few weeks to get my money back, but in the end the issue was resolved.
They really need to abandon email entirely and just eliminate the elements they can't control. At the very least leave external notifications off by default.
Otherwise, an alright service, but plagued with problems any high profile commerce sight would suffer.
GPG (Score:5, Interesting)
I realize that this somewhat complicates things for Grandma and Aunt Agnes, but the general public is going to HAVE to learn to deal with it in an effective way. GPG is an effective way...and PGP Freeware for Windows/Outlook is pretty idiot proof.
About time... (Score:2, Interesting)
The biggest problem (Score:2, Interesting)
Ebay Idiocy (Score:2, Interesting)
After contacting Customer Support I was
informed that it was legit. !!!!
I tried numerous times to point this out but
Customer service with ebay can sometimes be a
struggle. I take it they assume everybody is
an idiot.
Even Ebay Phishes. Go figure.
At Least a Month Old (Score:4, Interesting)
Below is a copy of what I sent them. The fraudulent email appears before my comment. (For some reason, it was reformatted to all lower-case.)
_________________________________
email header:
from aw-confirm@ebay.com sun jan 30 14:42:29 2005
email body:
<html>
<body>
dear ebay community member,<br><br>
<!--uee-->
it has come to our attention that your ebay billing information records
are out of date.<br>
that requires you to update the billing information if you could please
take 5-10 minutes out of your online experience and update your<br>
billing records, you will not run into any future problems with ebay's
online service.<br>
however, failure to update your records will result in soon account
termination. once you have updated your account records, your ebay<br>
session will not be interrupted and will continue as normal. failure to
update will result in cancellation of service, terms of service<br>
(tos) violations or future billing problems.<br><br>
to update and login to your ebay account, click on the linki sapicommand=3dredirecttodomain&domainurl=3dhttp%3a %2f%2f%32%31%31%2e%32%33%33%2e%33%38%2e%37%3a jbaqqzehaaemwzlhhlwxs2albxvshqahqrfhgtdrferhcurstp aisnrqahqrfhgtdrferhcurstpaisnrpaisnrqahqrfhgtdrfe rhcuqrfqzehaaemwzlhhlwxh">http://cgi4.ebay.com/ws/ </a><br>
below:<br><br>
<!--xr-->
<a href=3d"http://cgi4.ebay.com/ws/ebayisapi.dll?mfc
2%2fupdatecenter%2flogin%2f%3fmfcisapisession%3da
<br>
thank you for using ebay!<br><br>
**this is no-reply message. please do not reply to this email, as you
will receive no response**
<!--i36-->
</body>
</html>
------=_nextpart_000_0068_01c44e5d.dbc9229e--
message: if i'm interpreting the url in the message correctly, it looks
like you have a vulnerable redirector running somewhere. if so, you'll
probably want to fix that.
the above appears to be redirecting to the ip address 211.233.38.72,
which 'whois' says is in korea.
schwab
--_----------=_9502205623000--
------=_nextparttm-000-25ddf14b-7467-4642-9e0d-8 cafc918baf3--
Re:Outlook Settings (Score:2, Interesting)
-- http://freebsd.active-venture.com/handbook/mail-a
Who was the first moron to put HTML in mail clients?
I don't know for sure, but to hazard a guess, I think it might have been America Online. I remember seeing AOL e-mail with pretty (read: "annoying") colors on AOL before anyone else was doing it.
I'm not a net.historian by a long shot, though, so you should probably take that with a spoonful of salt. Google helpfully returns practically every page on the net when searching for "html" so it's fairly difficult to find anything of relevance.