Slashdot Mirror
Hacker May Be Exposing eBay Back Door
pacopico writes "A hacker specializing in eBay cracks has once again managed to masquerade as a company official on the site's message boards, according to The Register. A company spokesman denies that 'Vladuz's' repeated assaults on eBay point to a larger problem with the site's security. Of course, eBay two days ago claimed to have found a way to block Vladuz altogether, only to see him pop up again. The hacker himself made comments indicating that the company's email servers are connected somehow to the financial information eBay hosts."
More likely someone put financial information in an email, or attached a spreadsheet of such, or got email containing their login information for the Accouting systems. Often when a new user gets setup the first thing they get is email and all the system access UIDs and passwords come via email. IF he can read that email he IS that person, the system knows no difference.
Any firm that allows an EXTERNAL user to login to the company LAN or email server w/o a very secure two factor authentication (such as a RSA token or PGP, etc.) is really asking to be hacked. People use very low quality passwords and with a little "social engineering" you can find out lots.
Right, because Apache magically prevents you from misconfiguring your servers and writing bad code?
Both IIS 5.0 and IIS 6.0 can be easily secured, IIS 6.0 is simply more secure "as installed". I ran one of the biggest hacker targets on the Net on IIS, and every single moron who announced giddily that "we are so owned, we are so stupid" walked away with their head hung low. Web site security is a mix of good administration and secure code. Thats it. Choice of OS has surprisingly little to do with it.
Funny how MS gets criticism on /. even though eBay has run on Java and Solaris since 2005.
i bm/
p
http://www.theregister.co.uk/2005/07/13/ebay_sun_
and
http://sun.ebay.com/odcs/custom.htm?template=popu
So, yeah I'l agree with you - its probably bad architecure that's at fault.
That might have been true in the past. But not so now.
Read this which is a presentation from one of eBay's technical architects. It outlines the evolution of the technology and the challenges they face, as well as the huge volume of data!
I know I cannot be the only person thinking "what a loser." Maybe this guy has some motive behind his actions, but if you're in the world of IT Security you are relatively familiar with Romanian whackers. They can take the most mundane abuse of something and claim it as hacking. This is a perfect example. Is someone cracking, phishing, or scamming their way onto eBay's message boards that much of a "prank" or "hack"? I do not think so. Does it spell out that there is a security weakness somewhere? Absolutely. You will find this in almost any large organization when someone specifically targets them, their employees, and/or users. I cannot begin to account for how many times various ISP have been publicly hacked/owned/pranked, far worse than this.
:)
Do that many people really get their news from eBay message boards? This guy is getting on account and posting messages. What is his next hack going to be? Use a stolen or fraudulently created account to post a *FAKE* auction? This guy can hardly penetrate systems at will. I think there's a reason he only seems to pop up at certain times. Classify this guy as another moron that needs to find something better to do.
Hopefully this loser will join the ranks of Victor Faur. Not so much in notoriety, but in the loss of the right to use a computer or travel internationally.
Sorry man, but you're full of it. Apache out of the box _is_ more secure than IIS out of the box.
But both of them can be secured properly.
There are MILLIONS of IIS servers running sensitive information.
You saying otherwise is FUD every bit as disgusting as anything Microsoft produces.
Everyone needs to work together to bust the fud.
Former ebay employee (hence anonymous) here.
The VAST majority of ebay is Windows. Solaris is only used for Oracle on the very back end.