Slashdot Mirror
An Inside Look at eBay Security
daria42 writes "This in-depth interview with eBay's Australia/New Zealand security manager is fascinating reading for anyone interested in online security and how the online auctioneer interacts with law enforcement agencies. "Normal people don't get up in the morning and wonder how they can steal or trick someone. I won't rest until we can eliminate wrongdoing," says eBay''s Alastair MacGibbon."
All that I got out of this article is that they have a phishing toolbar, an email address to test spoofs on, and that they are "committed" to a bunch of crap. This is not an in-depth look at anything.
Sample "in-depth" response for those who didn't RTFA:
I read the article.
:)
I've never seen a more PR-fluff article in my life.
(Okay, that was an exaggeration. I follow the SCO saga as much as the next guy
An Inside Listen to eBay Security:
"Hellloooooooooo.....!"
"llloooooooooo.....!"
"lloooooooo.....!"
"loooooo....."
"oooooo...."
"oo....."
Yes. That confirms it: he thinks he's Batman.
I was recently looking to purchase a VHS tape of a classic TV show off eBay. I know this one exists as a regular commercial release, and I wanted to buy the legit copy. I found a certain seller listing it, and was poised to bid until I looked at his feedback.
In the feedback, I found several negative feedback complaints that the seller shipped the buyer a crappy tape taped off of TV. The vague wording in the listing I was interested in (and lack of an image) implied that this, too, was just a copy off of TV. I asked him him if the tape was legit, but got no response.
After this, I would look for this episode, and always find the guy selling his pirated copies. His negative feedback which mentioned the copies being pirated grew. I reported him to eBay a few times. They did nothing. At one time, they said they had no policy against anyone taping commercial shows off TV and selling them.
Where were you when the voynix came?
Which will I believe in the future? A fluffy piece about how much eBay cares about security ("We weally weally do care about security! Trust us!") which gives me no solid information ("Our toolbar does such-and-such to protect our customer.", "We have X technologies to assist victims of fraud.")
OR
stories from my brother *in Australia* about how he was ripped off by an eBay scammer? Or stories from coworkers and friends that have been ripped off by an eBay scammer? Or the author of a national bestseller telling how he was eBay scammed? [1]
Here's a tip, eBay. Word of mouth goes a lot farther than a fluffy article that tells me nothing. I read a long time back a dissatisfied customer tells ~3x the number of people his experience than a satisfied customer.
I'm honked off because I had to sit through that article, feeling patronized and advertised. Sheesh. What a waste.
[1] _The Paradox Of Choice: Why More Is Less_
by Barry Schwartz ISBN:0060005696
(I think it was the first few paragraphs of chapter 7.)
PayPal is a black mark against financial theives everywhere. My experience with them is about like this:
1) Realize purchased item is missing & seller not replying to email & contact number is bogus.
2) Report it to PayPal
3) Get canned response that you have to wait untill the getaway is made (3-4 weeks?) before you make the report.
4) Wait & re-make the report.
5) PayPal Sits on the investigation for two weeks.
6) PayPal Makes investigation
7) PayPal says: "The seller appears to be fradulent, but has withdrawn all funds from their account so we have no recourse: file a claim with your insurance."
If Ebay had any thought about fraud, they would start with PayPal. This is just PR fluff.
Consider the fight against regulating some types of Ebay Sellers (drop off points) like Pawnbrokers. Pawnbrokers are regulated so that their is a paper trail of who sold what (possibly hot) items. Some high crime areas have what are essentially Hot Item ebay resellers: They take items, and sell them on ebay. They then return ~66% to the "owner" who requested their services. Florida (god help me for using them as suggesting a good law) attempted to regulate this type of drop-off store, but was beaten down.
oh, yes. PayPal bad.
Phishers Steal Trust From Ebay Sign In Pages
"Fraudsters have exploited a flaw in the eBay web site that allows them to orchestrate phishing attacks using eBay's own Sign In page. ... By including special parameters at the end of the URL, the fraudster has changed the behaviour of the Sign In page so that when a user successfully logs in, they will then be sent to the fraudster's phishing site via an open redirect hosted on servlet.ebay.com."
Because of the "borrowing" of ebay's web site, the EBay toolbar reports the phishing site as legit.
RichM
Data Center Knowledge
If they really wanted to eliminate the problem, which they dont really care about by all signs, then they would pay a bounty on fraud reports. They would establish some sort of trust network, simmilar to the feedback system, to cull the whiners from real fraud reports. Finally, they would require all sellers for new items over $100 to either post a 30 day bond with e-bay for cash/western-union payments, or conduct the transaction via VISA credit card. They would post an actual method of contacting pay-pal.
If tehy were serious, they would do some sort IP address localization, and post not only where the person said they were from but also where their IP says they are from.
If they were serious they would not allow first time sellers to use western-union on new items over $100.
If they were serious they would bar private auctions for first time sellers.
ergo, they are not serious
Some drink at the fountain of knowledge. Others just gargle.