Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacker May Be Exposing eBay Back Door

Posted by Zonk on from the maybe-buy-a-hackerproof-door dept.

pacopico writes "A hacker specializing in eBay cracks has once again managed to masquerade as a company official on the site's message boards, according to The Register. A company spokesman denies that 'Vladuz's' repeated assaults on eBay point to a larger problem with the site's security. Of course, eBay two days ago claimed to have found a way to block Vladuz altogether, only to see him pop up again. The hacker himself made comments indicating that the company's email servers are connected somehow to the financial information eBay hosts."

12 of 73 comments (clear)

  1. FUD by User+956 · · Score: 4, Interesting

    The hacker himself made comments indicating that the company's email servers are connected somehow to the financial information eBay hosts.

    $100 says this guy has a huge short on ebay stock.

    --
    The theory of relativity doesn't work right in Arkansas.
    1. Re:FUD by AKAImBatman · · Score: 4, Funny

      I think you forgot, "This message (and house) will self-destruct in 10 seconds. 9... 8..."

      --
      Javascript + Nintendo DSi = DSiCade
    2. Re:FUD by Antique+Geekmeister · · Score: 4, Insightful

      Publishing this sort of thing privately often doesn't work. I've had numerous security vulnerabilities ignored for years: the use of public FTP sites with user's private passwords is one of the most common. Publicly write-able home directories used by both bosses and their secretaries is another: so are password free SSH keys and software that stores passwords locally in clear text, then NFS export those directories.

      In practice, nothing forces a change faster than an obvious break-in that discomfits the boss's secretary: the second fastest is something that affects the stock price. Even something that is being actively used for break-ins is often ignored due to recalcitrant developers and users who cannot be troubled to use secure practices, or to invest in keeping their software upgraded. The worst of them are those who think "we're inside a firewall, we trust the people we work with!". Then they sneak in a laptop from home and expect it to just work.

  2. Time for a new plan.... by CasperIV · · Score: 5, Interesting

    Maybe ebay should just pay the guy to tell them how to fix their system and be done with it. You know that this will all end with an exploit for ebay being discovered and someone getting sued.

    1. Re:Time for a new plan.... by needacoolnickname · · Score: 5, Insightful

      Isn't that frowned upon?

      Breaking in. Taunting someone and then getting paid to fix things? Bad precendece I would think.

  3. Not an auction site... by Radon360 · · Score: 5, Insightful

    ...eBay is just a venue for people to exchange items, such as malicious code into an unexpecting user's browser.

    When will they learn to do something simple like disallow META tags in item descriptions to stop redirects to sites with malicious code, rather than to hide such things and disavow any responsibility.

  4. Where is your mind at? by Anonymous Coward · · Score: 4, Funny
    A hacker specializing in eBay cracks... may be exposing eBay Back Door"

    Sounds like the author has an anal fixation to me!

  5. Not the place to talk about exposed backdoors by spun · · Score: 4, Funny

    You just know what's gonna get posted soon...

    --
    - None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
  6. Maybe Not by AKAImBatman · · Score: 4, Insightful

    Maybe they should use OpenBSD once and for all...

    Your choice in Operating System does little to mitigate bad coding. eBay has never been known for their technical wizardry and coding sophistication. It wouldn't surprise me if their back doors were wide open. (If you knew where to look.) For example, instead of having secure B2B messaging channels between different offices and departments, they might use machine formatted Internet Email that gets decoded by machine on the other side. Which would mean that a lot of "financial information" could be travelling over "their email system".

    10:1 says the guy is an employee who lost his gruntles.
    --
    Javascript + Nintendo DSi = DSiCade
    1. Re:Maybe Not by unboring · · Score: 3, Informative

      That might have been true in the past. But not so now.
      Read this which is a presentation from one of eBay's technical architects. It outlines the evolution of the technology and the challenges they face, as well as the huge volume of data!

  7. Re:Don't blame bad coding for bad architecture. by gbjbaanb · · Score: 4, Informative

    Funny how MS gets criticism on /. even though eBay has run on Java and Solaris since 2005.

    http://www.theregister.co.uk/2005/07/13/ebay_sun_i bm/

    and

    http://sun.ebay.com/odcs/custom.htm?template=popup

    So, yeah I'l agree with you - its probably bad architecure that's at fault.

  8. What a Loser by madsheep · · Score: 3, Informative

    I know I cannot be the only person thinking "what a loser." Maybe this guy has some motive behind his actions, but if you're in the world of IT Security you are relatively familiar with Romanian whackers. They can take the most mundane abuse of something and claim it as hacking. This is a perfect example. Is someone cracking, phishing, or scamming their way onto eBay's message boards that much of a "prank" or "hack"? I do not think so. Does it spell out that there is a security weakness somewhere? Absolutely. You will find this in almost any large organization when someone specifically targets them, their employees, and/or users. I cannot begin to account for how many times various ISP have been publicly hacked/owned/pranked, far worse than this.

    Do that many people really get their news from eBay message boards? This guy is getting on account and posting messages. What is his next hack going to be? Use a stolen or fraudulently created account to post a *FAKE* auction? This guy can hardly penetrate systems at will. I think there's a reason he only seems to pop up at certain times. Classify this guy as another moron that needs to find something better to do.

    Hopefully this loser will join the ranks of Victor Faur. Not so much in notoriety, but in the loss of the right to use a computer or travel internationally. :)