codhead Posted October 11, 2006 Share Posted October 11, 2006 If you use eBay, heres something to worry about. Ill post a couple of screen shots from earlier this evening. I was looking at guitar amps, and the nude picture caught my eye (I airbrushed it prior to posting). Clicking on the item description brought up a standard eBay login screen (which was the first hint that something was wrong). If you look at the URL, it traces to the Turks and Caicos islands. This is the third time Ive personally seen this, and Ive got screen shots of the last two instances. Someone has figured out how to hack eBays category listings, which appears to be a major security flaw. On the first two occasions, clicking the item description simply redirected you to a porn site. Looks like theyve been perfecting their pfishing techniques now that a login screen appears. If these people were a little brighter, theyd host the item listing itself on their offshore server, and link the Buy It Now button to the login screen. Theyd put out some real good bait too. You know, something people would JUMP on. Most people would trust that they got there from within eBay, and never check the URL until after theyd given up their account name and password. Id bet a fair number of people use the same password for eBay and PayPal. So anyway, keep your eye on the URL. The eBay website might just send you somewhere you dont want to be. Quote Link to comment Share on other sites More sharing options...
codhead Posted October 11, 2006 Author Share Posted October 11, 2006 Second screenshot... Quote Link to comment Share on other sites More sharing options...
Guest " " Posted October 11, 2006 Share Posted October 11, 2006 You should probally run counter measures on your PC. Stand alone virus check utilities such as macfee stinger.exe. Quote Link to comment Share on other sites More sharing options...
damonrpayne Posted October 11, 2006 Share Posted October 11, 2006 This is an unfortunate aspect of the HTTP protocal that allows it to LOOK like you are at a site you are not at. HTTP authentication allows the following: user:password@httx://domain.com, the problem is user:password can be made to look like a URL. Chances are the think you clicked on was http://www.ebay.com/?abunchofcraptofillupyourbrowserwindowsoyoucanttellwhereyouareat@http://hacksite.com By the way, Internet Explorer 7 has smarts in it to warn you in a very in your face way if a site looks fishy, as above. Quote Link to comment Share on other sites More sharing options...
Daddy Dee Posted October 13, 2006 Share Posted October 13, 2006 I haven't seen one yet, but I appreciate the heads up. Quote Link to comment Share on other sites More sharing options...
wuzzzer Posted October 13, 2006 Share Posted October 13, 2006 Ill post a couple of screen shots from earlier this evening. I was looking at guitar amps.../ Sure you were. [:$] Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.