Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacker May Be Exposing eBay Back Door

Posted by Zonk on from the maybe-buy-a-hackerproof-door dept.

pacopico writes "A hacker specializing in eBay cracks has once again managed to masquerade as a company official on the site's message boards, according to The Register. A company spokesman denies that 'Vladuz's' repeated assaults on eBay point to a larger problem with the site's security. Of course, eBay two days ago claimed to have found a way to block Vladuz altogether, only to see him pop up again. The hacker himself made comments indicating that the company's email servers are connected somehow to the financial information eBay hosts."

4 of 73 comments (clear)

  1. Not an auction site... by Radon360 · · Score: 5, Insightful

    ...eBay is just a venue for people to exchange items, such as malicious code into an unexpecting user's browser.

    When will they learn to do something simple like disallow META tags in item descriptions to stop redirects to sites with malicious code, rather than to hide such things and disavow any responsibility.

  2. Maybe Not by AKAImBatman · · Score: 4, Insightful

    Maybe they should use OpenBSD once and for all...

    Your choice in Operating System does little to mitigate bad coding. eBay has never been known for their technical wizardry and coding sophistication. It wouldn't surprise me if their back doors were wide open. (If you knew where to look.) For example, instead of having secure B2B messaging channels between different offices and departments, they might use machine formatted Internet Email that gets decoded by machine on the other side. Which would mean that a lot of "financial information" could be travelling over "their email system".

    10:1 says the guy is an employee who lost his gruntles.
    --
    Javascript + Nintendo DSi = DSiCade
  3. Re:Time for a new plan.... by needacoolnickname · · Score: 5, Insightful

    Isn't that frowned upon?

    Breaking in. Taunting someone and then getting paid to fix things? Bad precendece I would think.

  4. Re:FUD by Antique+Geekmeister · · Score: 4, Insightful

    Publishing this sort of thing privately often doesn't work. I've had numerous security vulnerabilities ignored for years: the use of public FTP sites with user's private passwords is one of the most common. Publicly write-able home directories used by both bosses and their secretaries is another: so are password free SSH keys and software that stores passwords locally in clear text, then NFS export those directories.

    In practice, nothing forces a change faster than an obvious break-in that discomfits the boss's secretary: the second fastest is something that affects the stock price. Even something that is being actively used for break-ins is often ignored due to recalcitrant developers and users who cannot be troubled to use secure practices, or to invest in keeping their software upgraded. The worst of them are those who think "we're inside a firewall, we trust the people we work with!". Then they sneak in a laptop from home and expect it to just work.