Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Security

+ - eBay Still Has Login Vulnerabilities?

Submitted by
Atario
Atario writes "This morning I checked my email to find several apparent eBay-alike spam messages in my Inbox. This reminded me that I needed to leave feedback for something on the actual eBay. So I went there, only to find that I could no longer log in. Long story short, I realized that those "fake" eBay emails were the real thing — and were sent from my eBay account! Horrified, I contacted their help people and got my password reset, and some mass eBay emails following up to those who had been spammed, saying that I hadn't done it. Going to my account, I saw that the attackers had sent a "visit our happy and good-spirit Chinese web site and buy electronics" spam to 30 different people. (Only the first six came to me, because those used a general "contact an eBay-er" mechanism, whereas the rest used a "ask seller a question" one; apparently the latter doesn't automatically send you a copy in email automatically.) At any rate, whoever this was was able to change my password and send messages as me; this, to me, implies that they were able to crack my password and log in as me. This would mean either (1) inside job with DB access or (2) eBay is vulnerable to brute-force login-attempt attacks, which is something so easy to defeat (increasing attempt delays), they would need to be ashamed for about aleph-null years were this the case. So, what does Slashdot think: eBay is infested with Chinese spammers as employees, or they can't get security minimally right after all these years?"
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

eBay Still Has Login Vulnerabilities?

Comments Filter:

Real programmers don't write in BASIC. Actually, no programmers write in BASIC after reaching puberty.

Working...