Ok, here we go. Earlier this evening I went to the alleged "Trust & Safety" forum at ebay. Right away started to spot complaints about the numerous scams there you will find in flocks on any given day.

Here is the full page of the original thread. Here is the full sized capture showing the thread in the main T&S page. (Holy sheepdip! Look at all those scams!)

OK, so I get screencaps, make a video, play around with SUPER © and the watermark & time variable settings for quite some time, come back for more screencaps, crop, upload, yhadda yhadda yhadda.

  In it, you see me look at the thread, go to the listing, play around trying to get the redirect to stop with the stop browser load button, play around with page info panel, then dis-allow flash via noscript extension options, allowing me to prevent the redirection have a look at the actual listing and get properties.
Note: The links to posters feedback in the thread screencaps look borked due to my use of ""wrap zap" bookmarklet, for the long links)

OK, so here is a screencap of the phishing page, resized to 640 pixels wide, made immediately after I made the vid. Note the Spoofstick, the url, the lack of the tan color of the url textarea, the lack of the ebay favicon on the active (bolded) tab.

  Here is the full-sized screen capture

(Full sized in this case is the size I made the video in 768x576 pixels where I set ZDSoft Screen Recorder 2.6)

Full-sized screen capture of the actual listing. (again, in the width the vid was created in)

So anyway I go back and the original thread is now gone.  Now that was the work of the Original Poster, more than likely, and probably a halfway good thing in a way... But then...I go back to the listing, lo & behold... the listing is still active! So whatever warning there may have been is now gone.

  This is the thread opened in a separate window, with the properties panel, both overlayed on the still active listing. Note that I still have Macromedia Flash dis-allowed in NoScript

 Now I allow flash again while still on the page, reload, and whaddayaknow, now I get the Mozilla FireFox  anti-phishing warning screen.

  Now, from what I see, everyone is on the ball except ebay. The users take the trouble to report for the good of the "community", then report the thread, so as not to allow anyone to mistakenly get caught (I presume -- of course there is the double edge effect, that now there is no warning.)

  Moving on, the big problem is that ebay shouldn't even allow ANY active scripting. This, they KNOW for a fact is dangerous. Not to them, mind you, only for the users. Your troubles are only numbers floating in cyberspace to them. they have auto-responders to give you the high & mighty "just-a-venue" brush off. They still make gazillions! (while you get screwed)

  But it gets even worse. If you have been paying attention, you know that ebay live does not have the plug-in to view flash, so they cannot even tell it exists. Unbelievable!

 Here is a full sized screen capture I harvested a few days ago. Read post # 8

"it seems like this exploit is very rare - am I right in thinking this?
This is the most common scam on eBay Motors and the problem is growing every day because the scam is invisible to eBay employees and the scammers know it."

I see that Doc at ebaymotorssucks.com has written a great post about that, along with full documentation

  But again, they are too slow to remove the offending listing(s). The report forms are not easy to find or use, in fact they have gone down all the way, or had glitches in the past.

 Bottom line, ebaY cares NOTHING for the well-being of folks on the site. If anyone gets caught in that redirect, or the TONNES of them reported or in the wild each and every day, ebay will cast the blame onto that/those persons, and in effect, call them stupid, naive, whatever. Wash their hands, and whistle a happy tune. (& count the money!)

  Someone needs to go after ebaY for these sorts of flaws. They are not likely to correct this, or anything on the site unless or until it costs THEM. Well, it is high time they pay the piper!
They alone are responsible for security WITHIN their OWN site. They alone have the ability to correct the problems. Using nothing more than common sense, and common courtesy.
 
  Look around, they are being blasted with lawsuits for all manner of terrible behaviors/inactions. This is one situation where they need more than just a lawsuit. At some point, does not negligence become a crime?

Everyone else should Boycott ebay and Paypal. There are far too many other places without ALL the trouble!

Now, for the FINAL KICKER!

  It is now approximately 2:30AM PDT, and that listing is STILL ACTIVE. Full-sized screencap
I hope everyone who clicks on it has FireFox 2.0.0*, because if they don't, chances are they will get scammed, and blamed for it to boot!

Boycott ebay & Paypal!

It is the middle of the night. If there are big mistakes or I rambled too much, who cares?

Manyana

UPDATED 09-10-2007, @21:50

Adding screencap of listing from 08:19:43 on 09-10, 2007

I have no idea how much longer that stayed up, although it is gone now, at the time I edit/update this.

http://budmalcolm.bravejournal.com/entry/24141

There are no comments to this entry.