Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacker May Be Exposing eBay Back Door

Posted by Zonk on from the maybe-buy-a-hackerproof-door dept.

pacopico writes "A hacker specializing in eBay cracks has once again managed to masquerade as a company official on the site's message boards, according to The Register. A company spokesman denies that 'Vladuz's' repeated assaults on eBay point to a larger problem with the site's security. Of course, eBay two days ago claimed to have found a way to block Vladuz altogether, only to see him pop up again. The hacker himself made comments indicating that the company's email servers are connected somehow to the financial information eBay hosts."

10 of 73 comments (clear)

  1. FUD by User+956 · · Score: 4, Interesting

    The hacker himself made comments indicating that the company's email servers are connected somehow to the financial information eBay hosts.

    $100 says this guy has a huge short on ebay stock.

    --
    The theory of relativity doesn't work right in Arkansas.
    1. Re:FUD by AKAImBatman · · Score: 4, Funny

      I think you forgot, "This message (and house) will self-destruct in 10 seconds. 9... 8..."

      --
      Javascript + Nintendo DSi = DSiCade
    2. Re:FUD by Antique+Geekmeister · · Score: 4, Insightful

      Publishing this sort of thing privately often doesn't work. I've had numerous security vulnerabilities ignored for years: the use of public FTP sites with user's private passwords is one of the most common. Publicly write-able home directories used by both bosses and their secretaries is another: so are password free SSH keys and software that stores passwords locally in clear text, then NFS export those directories.

      In practice, nothing forces a change faster than an obvious break-in that discomfits the boss's secretary: the second fastest is something that affects the stock price. Even something that is being actively used for break-ins is often ignored due to recalcitrant developers and users who cannot be troubled to use secure practices, or to invest in keeping their software upgraded. The worst of them are those who think "we're inside a firewall, we trust the people we work with!". Then they sneak in a laptop from home and expect it to just work.

  2. Time for a new plan.... by CasperIV · · Score: 5, Interesting

    Maybe ebay should just pay the guy to tell them how to fix their system and be done with it. You know that this will all end with an exploit for ebay being discovered and someone getting sued.

    1. Re:Time for a new plan.... by needacoolnickname · · Score: 5, Insightful

      Isn't that frowned upon?

      Breaking in. Taunting someone and then getting paid to fix things? Bad precendece I would think.

  3. Not an auction site... by Radon360 · · Score: 5, Insightful

    ...eBay is just a venue for people to exchange items, such as malicious code into an unexpecting user's browser.

    When will they learn to do something simple like disallow META tags in item descriptions to stop redirects to sites with malicious code, rather than to hide such things and disavow any responsibility.

  4. Where is your mind at? by Anonymous Coward · · Score: 4, Funny
    A hacker specializing in eBay cracks... may be exposing eBay Back Door"

    Sounds like the author has an anal fixation to me!

  5. Not the place to talk about exposed backdoors by spun · · Score: 4, Funny

    You just know what's gonna get posted soon...

    --
    - None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
  6. Maybe Not by AKAImBatman · · Score: 4, Insightful

    Maybe they should use OpenBSD once and for all...

    Your choice in Operating System does little to mitigate bad coding. eBay has never been known for their technical wizardry and coding sophistication. It wouldn't surprise me if their back doors were wide open. (If you knew where to look.) For example, instead of having secure B2B messaging channels between different offices and departments, they might use machine formatted Internet Email that gets decoded by machine on the other side. Which would mean that a lot of "financial information" could be travelling over "their email system".

    10:1 says the guy is an employee who lost his gruntles.
    --
    Javascript + Nintendo DSi = DSiCade
  7. Re:Don't blame bad coding for bad architecture. by gbjbaanb · · Score: 4, Informative

    Funny how MS gets criticism on /. even though eBay has run on Java and Solaris since 2005.

    http://www.theregister.co.uk/2005/07/13/ebay_sun_i bm/

    and

    http://sun.ebay.com/odcs/custom.htm?template=popup

    So, yeah I'l agree with you - its probably bad architecure that's at fault.