Slashdot Mirror

← Back to Stories (view on slashdot.org)

eBay Scrambles to Fix Phishing Bug

Posted by Zonk on from the watch-where-you-click dept.

Paul Laudanski writes "c|net is reporting that eBay is scrambling to fix a software glitch which opens doors to phishing attacks via one of its own valid URLs. "The flaw may have already allowed individuals to use one of eBay's URLs to trick unsuspecting parties into visiting malicious sites, the company representative said.""

2 of 131 comments (clear)

  1. Scrambling? by Ulric · · Score: 5, Interesting
    Maybe they are scrambling, but it sure seems like it is still working:

    http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPIComm and=RedirectToDomain&DomainUrl=http://siag.nu/

    That's a link to ebay.com which redirects to siag.nu. And it doesn't look like a glitch, it looks like it's on purpose.

  2. GPG by SamMichaels · · Score: 4, Interesting

    Not just for ebay...but for everyone. Allow users to download the GPG key from inside their account and sign all the legit email.

    I realize that this somewhat complicates things for Grandma and Aunt Agnes, but the general public is going to HAVE to learn to deal with it in an effective way. GPG is an effective way...and PGP Freeware for Windows/Outlook is pretty idiot proof.