Cappnonymous 2011

Exposing the sleazery of ebaY and PayPal for over one twenty-fifth of a century.

Science does not remove the terror of the Gods

The Day ebaY Died! Watch it!

Great Sites

Links

Online Auction Related Sites& Blogs

Things to Do

Useful Tools and Extensions

Useful Websites

Video Blogs and Channels

Friends

Christopher Handy

1.14.10

05:43:09

Vulnerability Allows Mobile Users to Gain Unauthorized Access to eBay UK Accounts

Very interesting and alarming article this morning on auctionbytes.
Apparently there is a gaping hole in their sign-in interface from/for mobile phones.
A user writes:

Almost every-time I log-in to my Account using my Mobile phone I keep getting logged in to other peoples Accounts. From what I see I can bid/buy as well & this can fall in to the wrong hands. Anyone else had this problem?"

Yes, ebaY has a reply, and they state there will be more...
I think we all know what that will be...

For those of you unaware, ebaY still has case insensitive passwords, a cookie handling flaw, and they allow dangerous forms of scripting content inside the user-generated portion of their site. In short, the site is hacked cracked and zombied.

Proof is on my YT channel and a bazillion complaint sites in cyberspace and includes/ is evidenced by Paypal's newest unannounced payment holds for everyone policy.

There is no way of telling what else they will find as web/wireless web technology continues while ebaY stagnates, or what else is out there now for that matter.

Do you trust such an outfit with your financial info? Your livelihood? Your future?