Slashdot Mirror

← Back to Stories (view on slashdot.org)

An Inside Look at eBay Security

Posted by Hemos on from the looking-under-the-hood dept.

daria42 writes "This in-depth interview with eBay's Australia/New Zealand security manager is fascinating reading for anyone interested in online security and how the online auctioneer interacts with law enforcement agencies. "Normal people don't get up in the morning and wonder how they can steal or trick someone. I won't rest until we can eliminate wrongdoing," says eBay''s Alastair MacGibbon."

16 of 165 comments (clear)

  1. I want my five minutes back. by Anonymous Coward · · Score: 5, Insightful

    All that I got out of this article is that they have a phishing toolbar, an email address to test spoofs on, and that they are "committed" to a bunch of crap. This is not an in-depth look at anything.

  2. in-depth? by jbellis · · Score: 4, Insightful
    Wow. Isn't Monday morning a bit early to be hitting the crack pipe that hard?

    Sample "in-depth" response for those who didn't RTFA:

    How does eBay weed out unscrupulous sellers on your site?
    MacGibbon: We have zero tolerance for wrongdoing and are committed to making eBay as safe as possible for our members. We also work closely with law enforcement agencies to help them to bring offenders to justice.
  3. PR Fluff by Chmarr · · Score: 4, Insightful

    I read the article.

    I've never seen a more PR-fluff article in my life.

    (Okay, that was an exaggeration. I follow the SCO saga as much as the next guy :)

  4. "Normal"? by NineNine · · Score: 2, Insightful

    "Normal people don't get up in the morning and wonder how they can steal or trick someone."

    That's amazing that this guy can define a "normal" person since psychiatrisys and psychologists have been trying to do this for many, many years. I happen to disagree with him, in fact.

  5. From the article: by jurt1235 · · Score: 3, Insightful

    There's been numerous stories about the security aspects of browsers. Would you recommend Internet Explorer or other browsers such as Firefox and Opera for eBay members?
    MacGibbon: eBay does not endorse any particular browser.

    Is Linux really more secure than Windows?
    MacGibbon: eBay does not endorse any particular platform.

    Then he really will not be able to get sleep, promoting a browser with some anti phishing techniques in it would help his job, and people listen to him based on his role.

    On the other hand, I understand his reasoning behind the remarks: If you promote something, and it still goes wrong, people will try to blame it on you.

    --

    My wife's sketchblog Blob[p]: Gastrono-me
    1. Re:From the article: by morgan_greywolf · · Score: 2, Insightful

      On the other hand, I understand his reasoning behind the remarks: If you promote something, and it still goes wrong, people will try to blame it on you.

      That's part of it, but you're missing the bigger picture.

      Even though their are various security issues on the user's end, it's not his job to ensure that security is tight on the user's desktop. In fact, he can't control what happens on a user's desktop at all. All he can control is what his servers present to the user and what happens on his servers. What happens on your desktop doesn't matter to him or to e-Bay, because, frankly, any security issues on your end are YOUR problem, not theirs.

      --
      My blog
    2. Re:From the article: by generic-man · · Score: 2, Insightful

      Firefox is no more secure than Internet Explorer if the user is gullible and if no "anti-phishing" toolbar is running. I can type my personal information and send it to some Pakistani web site in Internet Explorer, Safari, Firefox, you name it.

      There are a countermeasures that people can use already, but with so many options out there -- and not all of them work equally well -- I'm not surprised that eBay is sitting this one out.

      --
      For more information, click here.
  6. Really? by hayalci · · Score: 2, Insightful
    I won't rest until we can eliminate wrongdoing
    Then this guy will not have rest for a looooooong time...
    --
    hayalci
  7. Marketing waffle by badfish99 · · Score: 3, Insightful
    This reads to me like a marketing exercise by Ebay: it's all buzz-words and vague empty statements:

    Q: How much (in dollar terms) and how many subscribers have made claims to eBay's buyer protection program?
    A: I cannot put a dollar amount on this figure.
    Q: How does eBay weed out unscrupulous sellers on your site?
    A: We have zero tolerance for wrongdoing and are committed to making eBay as safe as possible for our members.
    Q: Is Linux really more secure than Windows?
    A: eBay does not endorse any particular platform.

    And so on.

    1. Re:Marketing waffle by dr_dank · · Score: 2, Insightful

      and this guy also has a hardon against.... WRONGDOING!

      He says he won't rest until he can eliminate wrongdoing. Between children cheating at Old Maid and people not rewinding videos before returning them to the store, he'll be busy for the rest of his life.

      --
      Where does the school board find them and why do they keep sending them to ME?
  8. In-Depth? by Anonymous Coward · · Score: 1, Insightful

    Since when does a collection of non-commital answers to vague questions qualify as an 'in-depth interview'.

    And since when has slashdot stopped letting lynx users post comments!! Captcha's discriminate against me and my shell session.

  9. Advertisement disguised as information by iguana · · Score: 4, Insightful

    Which will I believe in the future? A fluffy piece about how much eBay cares about security ("We weally weally do care about security! Trust us!") which gives me no solid information ("Our toolbar does such-and-such to protect our customer.", "We have X technologies to assist victims of fraud.")

    OR

    stories from my brother *in Australia* about how he was ripped off by an eBay scammer? Or stories from coworkers and friends that have been ripped off by an eBay scammer? Or the author of a national bestseller telling how he was eBay scammed? [1]

    Here's a tip, eBay. Word of mouth goes a lot farther than a fluffy article that tells me nothing. I read a long time back a dissatisfied customer tells ~3x the number of people his experience than a satisfied customer.

    I'm honked off because I had to sit through that article, feeling patronized and advertised. Sheesh. What a waste.

    [1] _The Paradox Of Choice: Why More Is Less_
    by Barry Schwartz ISBN:0060005696
    (I think it was the first few paragraphs of chapter 7.)

  10. Mod Parent Up. by amcdiarmid · · Score: 4, Insightful

    PayPal is a black mark against financial theives everywhere. My experience with them is about like this:

    1) Realize purchased item is missing & seller not replying to email & contact number is bogus.
    2) Report it to PayPal
    3) Get canned response that you have to wait untill the getaway is made (3-4 weeks?) before you make the report.
    4) Wait & re-make the report.
    5) PayPal Sits on the investigation for two weeks.
    6) PayPal Makes investigation
    7) PayPal says: "The seller appears to be fradulent, but has withdrawn all funds from their account so we have no recourse: file a claim with your insurance."

    If Ebay had any thought about fraud, they would start with PayPal. This is just PR fluff.

    Consider the fight against regulating some types of Ebay Sellers (drop off points) like Pawnbrokers. Pawnbrokers are regulated so that their is a paper trail of who sold what (possibly hot) items. Some high crime areas have what are essentially Hot Item ebay resellers: They take items, and sell them on ebay. They then return ~66% to the "owner" who requested their services. Florida (god help me for using them as suggesting a good law) attempted to regulate this type of drop-off store, but was beaten down.

    oh, yes. PayPal bad.

  11. Thieves by Tom · · Score: 2, Insightful

    "Normal people don't get up in the morning and wonder how they can steal or trick someone."

    Right, they call it "portfolio management" or "marketing" instead, or use any other term for acceptable theft and trickery.

    I've seen some - and worked in - a few perfectly legal businesses which had all the trappings of a scam operation, except that they weren't illegal.

    --
    Assorted stuff I do sometimes: Lemuria.org
  12. if E-BAY were serious... by goombah99 · · Score: 4, Insightful

    If they really wanted to eliminate the problem, which they dont really care about by all signs, then they would pay a bounty on fraud reports. They would establish some sort of trust network, simmilar to the feedback system, to cull the whiners from real fraud reports. Finally, they would require all sellers for new items over $100 to either post a 30 day bond with e-bay for cash/western-union payments, or conduct the transaction via VISA credit card. They would post an actual method of contacting pay-pal.

    If tehy were serious, they would do some sort IP address localization, and post not only where the person said they were from but also where their IP says they are from.

    If they were serious they would not allow first time sellers to use western-union on new items over $100.

    If they were serious they would bar private auctions for first time sellers.

    ergo, they are not serious

    --
    Some drink at the fountain of knowledge. Others just gargle.
  13. Fraud percentage by pqdave · · Score: 2, Insightful

    I like the "less than of transactions are proven fraudulent". If you look at Ebay/Paypal's protection policies, it's not worth pursuing in most cases. With the combination of all the hoops to jump through and the limits on what Ebay will refund, you could earn more per hour at McDonalds. Meanwhile the fraudster has left you negative feedback just before switching to a new account.

    If Ebay really cared, they'd make it easy to report fakes and frauds, and they'd set up software to triage the reports most likely to result in a real finding and real people would work on those.