Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

eBay Scrambles to Fix Phishing Bug

Zonk posted more than 9 years ago | from the watch-where-you-click dept.

Privacy 131

Paul Laudanski writes "c|net is reporting that eBay is scrambling to fix a software glitch which opens doors to phishing attacks via one of its own valid URLs. "The flaw may have already allowed individuals to use one of eBay's URLs to trick unsuspecting parties into visiting malicious sites, the company representative said.""

Sorry! There are no comments related to the filter you selected.

In other news... (1, Insightful)

Anonymous Coward | more than 9 years ago | (#11854714)

In other news, ex-hacker warns that social engineering (aka end-user profound dumbness) is the most serious security flaw of computer systems.

Re:In other news... (0)

Anonymous Coward | more than 9 years ago | (#11854778)

Offtopic? no.

The article is about ebay scrambling to fix something that could be used in social engineering.

ex-hacker warns that social engineering ... is the most serious security flaw of computer systems.


Steps to moderating:
1) READ
2) THINK
3) THINK SOME MORE
4) Moderate

outlook! NOT GOOD (2, Funny)

thundercatslair (809424) | more than 9 years ago | (#11854720)

I lost 100$ because of I thought it was ebay.

Re:outlook! NOT GOOD (0)

Anonymous Coward | more than 9 years ago | (#11854730)

A fool and his money...

Re:outlook! NOT GOOD (1)

CammieCrookston (865194) | more than 9 years ago | (#11854801)

Will soon party!

Re:outlook! NOT GOOD (1)

BrianGa (536442) | more than 9 years ago | (#11854739)

This is Outlook's fault?

Outlook Settings (1)

wasted (94866) | more than 9 years ago | (#11854774)

Outlook (like many mail clients,) displays HTML by default, which makes it easier to hide redirects.

I have my email client at home (Kmail) set to Text instead of HTML. It makes it easier to spot redirects and such, so phishing schemes are more obvious.

I don't use Outlook, so I don't know if it can be set to Text view for incoming messages. It would be very helpful for someone to post the steps needed to set Outlook for text view.

Re:Outlook Settings (0)

Anonymous Coward | more than 9 years ago | (#11855209)

You can't. There is a "text" setting in 2003, but it just flattens the HTML rather than showing your the text/plain part.

Re:Outlook Settings (1)

Almost-Retired (637760) | more than 9 years ago | (#11855628)

Likewise, kmail to the rescue.

I have rx'd probably 50 of these ebay phishing messages here. I forwarded the first couple of them to abuse at ebay, but never got a bounce or a reply other than the usual boilerplate , and came to the conclusion that officially, they could care less.

So why are they now, damned near 6 months later, finally admitting it?

--
Cheers, Gene

Re:Outlook Settings (0)

Anonymous Coward | more than 9 years ago | (#11856435)

Dear Retard, They're not "admitting" to a previously known phishing scheme -- they have made their customers aware of the problem for a long time. The article, if you'd bother to read it or the summary, clearly states that there's a flaw in ebay's own system that is opening door for phishing.

Not the first time (2, Insightful)

KingOfTheNerds (706852) | more than 9 years ago | (#11854721)

This is not the first time this has happend to a huge company, in the summer of 2002 amazon had a similarly large security hole. Can consumers trust large companies anymore? I think so, but you are always taking your chances with security. Sometimes companies become so large that things get easily overlooked.

Re:Not the first time (1)

scsscs (669925) | more than 9 years ago | (#11854782)

This is not a large security hole, its not even a medium sized security hole.

Re:Not the first time (2, Insightful)

lonb (716586) | more than 9 years ago | (#11854826)

"Can consumers trust large companies anymore?"
This is exactly the type of non-sensical question that frightens would be ascenders of the technology curve. First of all it begs the question, "large companies" versus who? Small companies? Do you think small companies are any more capable of defending themselves against attacks? Or even doing the type of advanced testing that can be done by large company with large company resources?

If not, are you then suggesting no one should do business at all? Obviously that is out the window. So what's the point here?

Large companies, online, are leading the way towards advanced web applications that are changing the way we live our lives and conduct business. And as the MS defector [slashdot.org] implied in his blog, web applications are living software. Changing in (almost) real-time to meet the needs of the market and security/functionality needs.

Phishing EBay (2, Interesting)

BrianGa (536442) | more than 9 years ago | (#11854723)

Can anyone enlighten me as to the benefit of phishing for EBay accounts? Assuming the ultimate goal is profit, what can the attacker really do with one, as long as the EBay account information isn't the same as the Paypal?

Re:Phishing EBay (5, Insightful)

X0563511 (793323) | more than 9 years ago | (#11854794)

Lots of people use the same password for everything. If i were to net a bunch of Ebay account passwords, i could stand a decent chance of getting into the paypal accounts of at least a few of them.

Re:Phishing EBay (2, Informative)

rednip (186217) | more than 9 years ago | (#11854848)

Conducting fraudulent auctions with you "good name", buying stuff and then not paying for it with your "good name". Many people depend on seller and buyer ratings and reports for clues as to how much to trust someone. It can be so valuable that some people have set up businesses in Ebay which captalize on their good seller's reputation.

Re:Phishing EBay (1)

Bozzio (183974) | more than 9 years ago | (#11855032)

This doesn't make sense! If this was the reason, then tracing the theif would only be a matter of determining the mailing information! The buyer would need to physically pick up the goods at one point or another.

Re:Phishing EBay (1)

KiloByte (825081) | more than 9 years ago | (#11855149)

I guess that if you knocked on the first door in a bad part of your town, a helpful soul would help you for a small cut.

Re:Phishing EBay (4, Informative)

John Miles (108215) | more than 9 years ago | (#11855279)

Um, no, that's the whole thing... there aren't any goods to mail.

The idea is, I use your account to post an auction for an expensive piece of equipment with a glowing description stolen from another successful auction, photos courtesy of Google Image Search, and a Buy It Now price around 20% of retail. The victim hits the BIN button and, at my request, sends me a Western Union transfer to pay. That's the last anyone hears from me.

Typically this scam is operated from Internet cafes in Eastern European countries with twentieth-century technology and twelfth-century ethics.

Re:Phishing EBay (0)

Anonymous Coward | more than 9 years ago | (#11854857)

I'd say that the primary benefit would be to hijack an account that already has a high feedback rating. It's much easier to scam bidders when you've got a feedback rating of 10,000 positive comments!

Re:Phishing EBay (2, Informative)

wotevah (620758) | more than 9 years ago | (#11854912)

As in my previous post [slashdot.org] , page two of the fake website asks for credit card. Since the sheep never wonder why a certain piece of private information is "required" on a form, I bet a lot of people actually filled that in too.

Fraud (1)

Sycraft-fu (314770) | more than 9 years ago | (#11855273)

One way to try and scam some money out of people is to pretend to sell something on eBay, and never deliver. SOP is for the buyer to pay beofre the seller ships the item, so it can work.

Now the thing is, if your reputation sucks, nobody will do that for bigger ticket items. Some scammers pump their rating up by buying lots of small things, but peopel look for that now. So, if you manage to get a password for an account that has a long, real history on eBay, you can use it to scam people. They look at the feedback, see a reputable person, and get duped.

Re:Phishing EBay (1)

MerlinTheWizard (824941) | more than 9 years ago | (#11855663)

Don't assume that every hacking attempt has financial profit as a goal. Don't even assume that they always have a goal at all. Most of the time, just hacking "something big" is a nice endeavor in itself for the average hacker joe, or even for a bunch of them. Being able to "shake the big tree" is a power trip.

Re:Phishing EBay (1)

dleifelohcs (777508) | more than 9 years ago | (#11856066)

I could, for example, list an automobile for sale. The ebay fees on an automobile alone would cost the lister a decent amount of money. Maybe there is no money in it for me (Mr. Joe Phisher) but I can screw a bunch of people over pretty easily.

That's the problem with e-mail correspondence. (4, Insightful)

Sheetrock (152993) | more than 9 years ago | (#11854729)

Companies are so quick to doll up their e-mails with the latest HTML -- images, links, and tables -- that their customers are getting used to using e-mail as a portal to company sites.

It should be a text-only medium, period. No attachments, no graphics, no opportunity to get someone to click before they think.

Re:That's the problem with e-mail correspondence. (1)

ThomasFlip (669988) | more than 9 years ago | (#11854775)

Maybe for an ultra paranoid administrator it should, but email is used by regular everyday people who send photos, videos, files etc... and probably don't give two shits of a damn about bullet proof security. I can see your point, but I think the solution to that would be a completely separate software package designed scrictly for primitive communications (Not something the public is interested in).

Re:That's the problem with e-mail correspondence. (1)

JudgeFurious (455868) | more than 9 years ago | (#11857207)

For everyone it should. They're just "regular everyday people" and don't give two shits about security (nevermind bullet proof security) right up until that moment when they call and say "I think I might have clicked something bad".

Fucktards. They deserve it. They don't deserve to have ultra paranoid administrators coming along behind them trying to clean up the mess they make. I've long complained about the balancing act we have to do trying to keep things secure at my place of employment but our management insists (I mean that, the literally insist) on being able to send anything and everything via email. They listen to nothing they're told by the people they pay to know about their network. Hell they'd keep every single mail message ever sent to them if we let them. The initial buttmonkey who set up Exchange 5.5 here never bothered to place any limits on their mailbox size. The database had to reach 16GB and shut us down before they would even consider letting us limit their mailbox size and even then it was like pulling teeth just getting these lazy fuckers to drag their mail from the inbox to a personal folder.

I hate users. I want them all dead. They slowly suck your brains out over time and I dread working here long enough to get that stupid.

They should be given text only email with a 256 character limit. No fuck that, they shouldn't even get that. They'd find some way to screw that up too.

Stick and a clay tablet. That's the ticket.

Re:That's the problem with e-mail correspondence. (1, Insightful)

Anonymous Coward | more than 9 years ago | (#11854806)

I thought the SCO lawsuit was the dumbest thing to ever be suggested, but then I read your post. Jesus H. Christ, what a stupid thing to say. Do you shake your rake at the neighborhood kids on their skateboards, old man? Hey, I have another idea that you might like, how about we just get rid of links altogether on the Internet, that way no phishing can ever happen! Perhaps in your lonely and cold little crevice under the bridge somebody might even disallow all images on web pages, that way there can be no question about the source of information. I have another idea. Why don't you put on some pants, get off the chair, and go look for another pale, misshapen fucktard to date! Yeah!

Re:That's the problem with e-mail correspondence. (1)

Sheetrock (152993) | more than 9 years ago | (#11854905)

Perhaps in your lonely and cold little crevice under the bridge somebody might even disallow all images on web pages, that way there can be no question about the source of information.

You'll be wanting to set your web browser to allow images from the originating server only if you've seen some of the abuses of <IMG SRC ...> I have. Unless you don't mind a malicious individual building some "interesting" web browsing history for you when you visit a public forum that lets anyone post images as part of their messages.

Re:That's the problem with e-mail correspondence. (0)

Anonymous Coward | more than 9 years ago | (#11854993)

Heh. I'm always a little hesitant to visit otherwise work-safe Photoshop contest threads on Fark for that very reason.

taking things personally (0)

Anonymous Coward | more than 9 years ago | (#11855244)

You are taking things a bit too personally. What happened, did you just recommend your company to "enrich the user experience" by sending friendly multimedia messages to your customer base and are now afraid it wouldn't bode too well if your boss sees this ?

Re:taking things personally (0)

Anonymous Coward | more than 9 years ago | (#11856590)

Didn't I tell you to put some pants on, little girl? Crawl back under that bridge! Why don't you tell us your real name so we can make sure you don't ever get another job in the technology business. Dipshit. You can be the new postertroll for Trojans instead.

hit a nerve, eh ? (0)

Anonymous Coward | more than 9 years ago | (#11856901)

haha

Re:That's the problem with e-mail correspondence. (1)

CammieCrookston (865194) | more than 9 years ago | (#11854863)

I wonder if we could convince Microsoft to write an addon to Outlook Express that converts embedded gifs into ascii art before the email gets sent? Now that is something I could get behind.

Re:That's the problem with e-mail correspondence. (1)

kurzweilfreak (829276) | more than 9 years ago | (#11857199)

I can just imagine the viagra and cU/\/\ E471ng l0n3ly h0u23\/\/1f3 ads now... in new ascii art! u = 8==D hA haHA lolomfgwtfmatebbq!!11111ten u wif ci_a11is = 8========================D

Re:That's the problem with e-mail correspondence. (1)

magiluke (629097) | more than 9 years ago | (#11855339)

That's absolutely right!

I actually got about 7 of these fake e-mails from ebay. My instinct told me that they were fake, even though they took me to ebay's website.

The way I managed to figure out that they were fake was to go to ebay.com and try to find the page linked. When there was no mention at all of the linked page anywhere, I knew it was a fake. Just to make sure, I sent it to spoof@ebay.com, and they said it was fake!

Anyway, I'd suggest this method for following any links in any e-mail. I feel much safer doing it =)

Re:That's the problem with e-mail correspondence. (0)

Anonymous Coward | more than 9 years ago | (#11856557)

Only on Slashdot would something so Luddite get moderated up.

There are a lot of problems with 80-column fixed width text for email, the main one being the inability to separate form from content, something even basic HTML can do.

If people were forced to use a 1983 terminal compatible format for their email, they would quickly use something with a lot more potnetial for flash and pizazz.

The real problem is that email has no real authentication. If emails were, by habit, digitally signed, phishes would be a lot harder to pull off.

While my article might not have prevented this (2, Informative)

MichaelCrawford (610140) | more than 9 years ago | (#11854731)

Use Validators and Load Generators to Test Your Web Applications [goingware.com] is likely to help you find a lot of problems with your web software, and some of those problems would be security holes.

It is Free Documentation, under the GNU FDL.

It's at GoingWare's Bag of Programming Tricks [goingware.com] .

SELF-SERVING SPAMMER (0)

Anonymous Coward | more than 9 years ago | (#11854917)

The links are irrelevant. The fact that it is under GNU FDL doesn't make it anymore relevant. And to put it in your sig so you can spam for a book store with your referrer id later on... desparate.

I am a shameless link whore, in fact, but... (1)

MichaelCrawford (610140) | more than 9 years ago | (#11854948)

... that doesn't mean my article is irrelevant. If you actually read it, you would see why it will likely help the web application programmers reading this story who wonder what eBay's problems might mean for their own businesses.

Re:I am a shameless link whore, in fact, but... (0)

Anonymous Coward | more than 9 years ago | (#11855105)

How does a validator or a load generator help find security holes?

Totally irrelevant to this story, mang.

By exposing bugs, you ninny! (1)

MichaelCrawford (610140) | more than 9 years ago | (#11855205)

Most security holes aren't simple dumbshit design flaws like the ebay redirector, but programming errors like the failure to check boundary conditions.

Re:By exposing bugs, you ninny! (0)

Anonymous Coward | more than 9 years ago | (#11856807)

Oh boy! Yes, validators and load generators sure will help expose those!

Can you post a list of sites you may have worked on? I'd like to avoid them.

Scrambling? (5, Interesting)

Ulric (531205) | more than 9 years ago | (#11854732)

Maybe they are scrambling, but it sure seems like it is still working:

http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPIComm and=RedirectToDomain&DomainUrl=http://siag.nu/ [ebay.com]

That's a link to ebay.com which redirects to siag.nu. And it doesn't look like a glitch, it looks like it's on purpose.

Re:Scrambling? (1, Informative)

Anonymous Coward | more than 9 years ago | (#11854776)

Hey! What a coincidence! I just *just* got a fishing attack at my yahoo.com email.

Here's the email, minus where the URL actually goes to:

eBay NewYears User Agreement Update

It's that time of year again! With 2005 now upon us, we have updated the eBay user agreement. As a result of the update, your account will be restricted until you have followed the link below and reconfirmed your contractual agreement with eBay. We apologize for any inconvience as a result of the update, but as a large e-commerce entity we are required to receive an updated agreement at the beginning of each year.

After agreeing to the contract linked below, please feel free to check out some of the new auction styles for 2005. eBay now features pre-set auction details making selling easier than ever! Simply have eBay find your item, and it will present you with a preset information block regarding your product.

Here at eBay, we are constantly working harder to make your auctions this year better then ever. We will be continuously adding features to improve your eBay experience like never before, and your eBay account is a first row seat to the action! So dont let your account expire, update your settings today, its a simple process, and will only take a few moments. All accounts not verified by March 30, 2005, will be subject to deactivation, and it may be required to register again to continue using eBay services.

To update your account now, please follow the link below, validate your information, and confirm your acceptance of the updated agreement.

https://signin.ebay.com/ws/eBayISAPI.dll?UpdateA gr eement

Copyright © 2004 eBay Inc. All Rights Reserved.
Designated trademarks and brands are the property of their respective owners.
eBay and the eBay logo are trademarks of eBay Inc.
eBay is located at 2145 Hamilton Avenue, San Jose, CA 95125.

Re:Scrambling? (0)

Anonymous Coward | more than 9 years ago | (#11854810)

Er, i don't see a redirect in that URL.

Re:Scrambling? (3, Informative)

ericspinder (146776) | more than 9 years ago | (#11854943)

Ok, I'm not your parent poster, but I got it too. He didn't re-add the link, which was lost in the paste https://signin.ebay.com/ws/eBayISAPI.dll?SignIn&Us ingSSL=1&pUserId=&co_partnerId=2&siteid=0&ru=http% 3A%2F%2Fcgi4.ebay.com%2Fws%2FeBayISAPI.dll?MfcISAP ICommand%3dRedirectToDomain%26DomainUrl=http%3A%2F %2F62.193.211.236%2FeBayISAPI.php&pageType=1883 [ebay.com] , and it still works! Just for the really incredable stupid... this is the Phishing attack. The page is a valid Ebay sign in page, but the action will send you to the phisher's site. I'm not sure what they do there, I'd guess that they just say that your password was invalid and to try again. Anyone got a throw away Ebay account they would like to try on it?

Re:Scrambling? (0)

Anonymous Coward | more than 9 years ago | (#11855421)

I deliberately didn't post the link. I was thinking I would only be compounding the problem if I started spreading the link around.

Re:Scrambling? (0)

Anonymous Coward | more than 9 years ago | (#11856729)

I stupidly clicked that link and my browser automatically signed me in because it thought it was an ebay login. I immediately changed my ebay pass but now i also have to go around and change my other passes that were the same =/

Re:Scrambling? (2, Informative)

Adam9 (93947) | more than 9 years ago | (#11855744)

The problem is that there is no throwaway Ebay account since they require a checking account and/or credit card to create your Ebay account.

Re:Scrambling? (1)

BrianGa (536442) | more than 9 years ago | (#11856927)

They didn't when I joined in 1997.

Re:Scrambling? (1)

novakyu (636495) | more than 9 years ago | (#11856762)

Anyone got a throw away Ebay account they would like to try on it?

When I type in a correct password (tried it first with an _incorrect_ password), this is what I get:

404 Not Found:

The requested URL /eBayISAPI.php was not found on this server.

And "this server" is, 62.193.211.236.

Now, only if there's a way to figure out who their ISP is and alert them about this phishing scheme....

PS. Of course, I changed my password immediately afterwards. I'm stupid, but not _that_ stupid.

Re:Scrambling? (2, Informative)

derek_m (125935) | more than 9 years ago | (#11854798)

Scrambling isnt even a slightly valid description.

Its been exploited in phishing attempts since at least Feb 16th: http://lists.surbl.org/pipermail/discuss/2005-Febr uary/004192.html [surbl.org]

Quite why they thought running an open redirector was a good idea is anyones guess.

Re:Scrambling? (0)

Anonymous Coward | more than 9 years ago | (#11855393)

My employer (can't say who, but you've probably done business with us) has had open redirectors exposed for years. The problem was reported to our internal security group at least a year ago. Security wanted to fix it, but like ebay, if it were fixed it would break a thousand different things, the existence of half of which have been forgotten.

These things are all over the internet, too; Yahoo, for example, has had at least three different ones open for ages and has openly declined to fix them.

It's not that difficult to fix -- just use HMAC authentication on the URL -- but to do it you have to find every legitimate reference and either add it to a list of exceptions or add the HMAC hash. For a big company with a large sprawling technical infrastructure, that can be near impossible until the cost of abuse rises above the cost of breaking things.

Re:Scrambling? (0)

Anonymous Coward | more than 9 years ago | (#11856402)

OK, I know this is completely unrelated to the ebay phish problem, but I have been having problems with Pathetic Writer in Fedora Core Three. My problems are:

* PW doesn't seem to see a porpotional font. This causes any non-courier font to look ugly in the PW window.

* There are problems with PW hanging or crashing.

I've tried both the Xaw and the Xaw3d toolkits; same problem in both versions.

Right now, there just isn't a usable Microsoft Wordpad replacement for Linux without at least one incredibly frustrating bug that makes the software nay-to-unusable for me. AbiWord 2.x has problems with extremely slow scrolling times; AbiWord 1.x (which, while having ugly fonts, didn't have this problem) barely compiles after much fiddling and doesn't run at all on FC3; OpenOffice (both 1.1.x and the 2.0 beta) has problems with changing the font to this ugly default font if I hit the right arrow or down arrow key at the end of the document; PW has problems as described above.

Maybe Ted [nllgg.nl] won't have all these problems.

It's not a bug (1, Funny)

Anonymous Coward | more than 9 years ago | (#11854734)

It's a pheature.

In other news... (5, Funny)

Anonymous Coward | more than 9 years ago | (#11854750)

Re:In other news... (0)

Anonymous Coward | more than 9 years ago | (#11855115)

slashdot editor gets the sack for making 5 dupes in 2 months

Re:In other news... (0)

Anonymous Coward | more than 9 years ago | (#11855156)

Each day, more and more people reads slashdot ... (1)

GNUALMAFUERTE (697061) | more than 9 years ago | (#11856852)

The slashdot effect is going to dissapear.
Just noones actually RTFA.

Thanx, i'm here all week.

Working hard to stop fraud? (3, Interesting)

Cylix (55374) | more than 9 years ago | (#11854755)

Maybe they changed their stance.

Not to long ago, I had a co-worker defrauded. Yeah, he wasn't a bright one and really should have consulted me when even the slightest bit of doubt surfaced.

Long story short, it didn't take place on eBay, but originated through a compromised users account. In the end, eBay was fairly useless for help because they had the option to not deal with it.

If they were serious about working hard to stop this activity they could be a bit more pro-active.

Now, I'm not damning them completely, not so long ago I had someone disappear after a transacation. It took a few weeks to get my money back, but in the end the issue was resolved.

They really need to abandon email entirely and just eliminate the elements they can't control. At the very least leave external notifications off by default.

Otherwise, an alright service, but plagued with problems any high profile commerce sight would suffer.

i recieved some spam (0)

Anonymous Coward | more than 9 years ago | (#11854763)

for a perported ebay site wanting me to logon & etc...

i never use fleabay (ebay) so it was deleted unopened since i figure since i dont use ebay it had to be a "spam scam"...

Recommended Reading: Quality Web Systems (1)

MichaelCrawford (610140) | more than 9 years ago | (#11854770)

I haven't read it yet, but it's review [accu.org] at the Association of C and C++ Users [accu.org] says it's good. It emphasizes the importance of validating any data received over the network, especially not to trust it.

[ Buy at Powell's City of Books [powells.com] ]

SELF-SERVING SPAMMER (0)

Anonymous Coward | more than 9 years ago | (#11854933)

See here [slashdot.org] .

How is that wrong? (1)

MichaelCrawford (610140) | more than 9 years ago | (#11854997)

Did you read the review of the book at the ACCU? I learned about it because I might get some contract work writing web applications, and wanted to brush up.

I posted the book because I felt it would be genuinely useful to the people reading this story.

If you're such a hero, why don't you log in under your real name, like I do.

Re:How is that wrong? (0)

Anonymous Coward | more than 9 years ago | (#11855966)

The only reason you're logging in under your real name is so that you can whore your link out in your sig, you stupid advertiser piece of shit. Go fuck yourself, and take your ads with you.

I found it last week (3, Informative)

ericspinder (146776) | more than 9 years ago | (#11854783)

Got in as spam in my old honey pot, and I had a hard time sending to the company, as I didn't want to sign into their system to do it.

Finally I tried abuse@ebay, that sent back an automated reply and in that reply, I found the email spoof@ebay.com

I doubt if I'm the only person who found that scam, but I am glad that they seem to be taking action.

spoof@ebay.com not as useful as it could be (3, Informative)

John Miles (108215) | more than 9 years ago | (#11854853)

Annoyingly, my ISP (Speakeasy) has stopped allowing its customers to forward phishing emails to spoof@ebay.com.

They are doing content filtering on outgoing mail, which is something I really wish they wouldn't do. I have no idea what aspect of the message triggers the filter, but any attempt to forward an HTML phishing mail without converting it to plaintext first (and losing the href fields that would allow eBay to shut down the phishing sites) yields "Server Response: '554 message permanently rejected, you may have a virus (#5.3.0)'."

All attempts to communicate my displeasure to Speakeasy's support department have met with the usual language barrier (I speak English, they speak Moronese). I simply could not find a way to convince them that I wasn't having trouble sending email in the general case. If anybody from Speakeasy is reading this, it would be nice if they got the clue bat after whoever implemented this filter. Customers need to be able to opt out of all content filters, both incoming and outgoing.

Re:spoof@ebay.com not as useful as it could be (1)

Tony-A (29931) | more than 9 years ago | (#11856496)

You can laugh or you can cry. Somehow laughing's better, or at least I thought so.

Anybody's attempts to make the "internet safe" are going to be fairly ineffective at best. In this situation, you are willing to go to a little bit of trouble to try to put a stop to it. The phishers and other malware creators are willing to go to a lot more trouble to ensure it keeps on coming.

There's a reason that Linux comes off as being much more secure than Microsoft Windows. Microsoft tries to reassure it users that everything is safe when there is no way that it can be. As Microsoft tightens things up, it just means that the malware producers will have to work a bit harder.

GPG (4, Interesting)

SamMichaels (213605) | more than 9 years ago | (#11854786)

Not just for ebay...but for everyone. Allow users to download the GPG key from inside their account and sign all the legit email.

I realize that this somewhat complicates things for Grandma and Aunt Agnes, but the general public is going to HAVE to learn to deal with it in an effective way. GPG is an effective way...and PGP Freeware for Windows/Outlook is pretty idiot proof.

Re:GPG (0)

Anonymous Coward | more than 9 years ago | (#11855983)

It's too bad you didn't take any steps to legitimize your own shady rip-off business, eh Sam?

For the uninformed:

http://www.dc.bbb.org/report.html?national=Y&com pi d=70003493

This guy ripped off who knows how many people, and yet he still has a set on him big enough to show his face in public.

About time... (2, Interesting)

SCSi (17797) | more than 9 years ago | (#11854809)

I believe ebay has know about this for a while but sat on it for some unknown reason: SURBL List gave first warning [surbl.org] . Took them almost a month, not bad.

Re:About time... (2, Informative)

ryanjensen (741218) | more than 9 years ago | (#11854870)

I reported this to spoof@ebay.com months ago when I first received it. I included my opinion that running an open redirect is utterly stupid and useless (why the hell would they do this anyway?). I received no response, as expected, but I am dismayed to see that the exploit is still available.

Ryan

Legal liability for eBay? (1)

PornMaster (749461) | more than 9 years ago | (#11854859)

At what point does enabling fraud get to the point of legal liability?

As soon as they were notified, and failed to act (1)

MichaelCrawford (610140) | more than 9 years ago | (#11855170)

I think the thing to do at this point is to find someone who sufferred actual damages, and help get a lawsuit started.

Maybe an expensive lawsuit, and I expect only a lawsuit, will eBay and their partner-in-crime, PayPal, start paying attention to security.

Scam link (2, Informative)

wotevah (620758) | more than 9 years ago | (#11854894)

The link in the scam email eventually redirects to this IP address in France, *after* ebay verifies your login. Incidentally, the one I received came through a server in Korea.

http://62.193.217.91/eBayISAPI.php [62.193.217.91]

Page two asks for your credit card, which answers the questions about the benefits of ebay phishing.

page two (0)

Anonymous Coward | more than 9 years ago | (#11855043)

Page two:

http://62.193.217.91/eBayISAPI2.php [62.193.217.91]

Go at it.

Re:page two (0)

Anonymous Coward | more than 9 years ago | (#11855700)

Use these test CC numbers, it'll pass the luhn check on the site and make them waste time processing the CC number. Apparently whatever processor they're using (it takes more time when you enter a test number than a random bad number, so some processing is happening) is set to test mode, so it appears that they're taking them.

4111111111111111
5555555555554444
378282246310 005
6011111111111117

Re:Scam link (1)

boa13 (548222) | more than 9 years ago | (#11855161)

The link in the scam email eventually redirects to this IP address in France, *after* ebay verifies your login.

The server is hosted by amen.fr, a company specializing in cheap hosting that does not have an especially bad name. It is likely that things are very automated there, and that it is possible for someone to sign up for an account, pay some money, host the scam for a couple of weeks, gain much more money this way, and then run away.

I was a bit surprised to see this scam is done from France, because once someone files a lawsuit, there's a rather good chance the culprit is found. There's certainly plenty of countries where setting up such a fraud is safer. However, come to think of it, as long as nobody files anything, the culprit doesn't have to worry much. Since the emails and pages are in English, there are fewer chances that French people are defrauded and go to justice because of that.

Anway, I've just sent a polite email to amen.fr, asking them to at least close the offending web site. Hope this helps.

My advice... (5, Insightful)

wotevah (620758) | more than 9 years ago | (#11854979)

...has always been to never click on emailed links pertaining to anything important, especially banking and such.

Bookmark all the financial sites you use, and whenever you receive emails with such "friendly" links, use your bookmark instead, to log in to the site. If it was important, you will see it on the next page there.

I never click on the links even when I know they are legit (to avoid forming a habit).

Re:My advice... (1)

nilbog (732352) | more than 9 years ago | (#11856441)

Too bad mothers of the world don't read slashdot and find helpful tips like this...

Re:My advice... (1)

EnronHaliburton2004 (815366) | more than 9 years ago | (#11856749)

To bad banks of the world don't read Slashdot to find helpful tips like this.

Re:My advice... (1)

tomstdenis (446163) | more than 9 years ago | (#11856818)

Can't bookmarks be inserted via jscript/activex?

I'd say go further [this relies on trusting your DNS and installed CA certs] just type the URL manually. They're usually short and it can save you a lot of hassle.

Tom

misspelling (0)

Anonymous Coward | more than 9 years ago | (#11856925)

Not on Firefox, and at any rate, even on IE I don't think they can do more than just "add a bookmark". If I bookmarked my sites I know where they sit in the list, and are probably in a category like "Financials" or something. JS-added bookmarks probably sit at the end of the list so it would be quite obvious.

I'd do that rather than risk misspelling/not remembering the URL which might happen if I have to type it less often.

Re:misspelling (1)

tomstdenis (446163) | more than 9 years ago | (#11856971)

I actually use the autocomplete of moz to type in addresses ;-) but I can see how something like typing "paypla.com" or something could be exploited.

Tom

I get phishing emails everyday - eBay and PayPal (0)

Anonymous Coward | more than 9 years ago | (#11855053)

I tried to email both companies but they don't make it easy to report these security problems.

they suck and i won't be using PayPal or ebay anymore

Hooray for eBay and c|net - or not? (1)

Lars T. (470328) | more than 9 years ago | (#11855148)

Google-Translated Heise Newsticker article [google.com] from March 1st.

c|net : The problem [...] could be exploited by criminals to create an actual eBay link that redirects customers to a malicious site, the representative said.
Heise: The emails, pretending to come from eBay, circulate on the net since February 12th. eBay was informed about it, however did not react so far.

Re:Hooray for eBay and c|net - or not? (2, Insightful)

DiD Roe (812067) | more than 9 years ago | (#11855718)

That just seems really stupid, I mean all it would take is to temporarily remove the redirect feature from the code, or put a couple of regular expressions in there to only allow their hostnames to be used.

It would take literally 2 minutes for them to fix this.

Got these (0)

Anonymous Coward | more than 9 years ago | (#11855168)

I get around 3-5 of these e-mails (from "ebay") a day. They tell me that there is a problem with my billing account or something like that. They want me to go and "change" my credit card number. But the best part about it is that I have never ever shopped at ebay.

~Alan

Phishers don't have international support. (1)

ThreeDayMonk (673466) | more than 9 years ago | (#11855686)

I get them too. I do, however, use eBay, but the Belgian site, so anything that doesn't come from ebay.be is fake. In addition, as all my legitimate eBay emails come in French, it's very easy to spot a phish.

These phishers really need to get their acts together and start supporting international users. There's a whole untapped market out there!

Saw this a week ago. (1)

Dan East (318230) | more than 9 years ago | (#11855474)

I received one of these over a week ago. It caught my eye more than the other phishing attempts because, after looking at the html, it did indeed send me to *.ebay.com. However deep in the url was a redirect to an IP address. They are using some mechanism within ebay itself to redirect traffic to other sites.

So this exploit has been in use for a long time (relatively speaking) for the vulnerability to still be unpatched.

Dan East

The biggest problem (2, Interesting)

sheppos (633308) | more than 9 years ago | (#11855623)

Is that ebay don't care. I've forwarded various emails like this to abuse, webmaster and postmaster and received completely unhelpful automated replies. I've been to the customer service pages on the site and emailed them... To receive completely unhelpful automated replies. Long story short - they don't care, I don't trust them.

Re:The biggest problem (1)

/dev/trash (182850) | more than 9 years ago | (#11856683)

Yes, they should hire one guy to wirte personal emails to everyone who sends mail to postmaster@ebay.com.

scrambles? (1)

Hohlraum (135212) | more than 9 years ago | (#11855959)

I got one of those url redirector trojans like 1.5 months ago. How is that scrambling if its just in the news right now? :)

This was reported a while ago (3, Insightful)

hairykrishna (740240) | more than 9 years ago | (#11856282)

I'm a powerseller on UK eBay. This exploit was reported in the powerseller forum a couple of weeks ago.

Seems that they're only 'scrambling' now there is media attention.

not hard (1)

tomstdenis (446163) | more than 9 years ago | (#11856799)

I recently [and despite my best thoughts on the matter] signed up for PayPal.

I get dozens of "paypal" emails a day. Occasionally some ARE legit.

I *NEVER* click on ANY links in emails for things like paypal/gmail/etc. [And yes, I'm smart enough to actually hover on the link to see the url or just see the source].

You want to goto ebay? simple type

"http://www.ebay.com"

In your browser location bar... wanna login to paypal type

"https://www.paypal.com"

If you get a "notice" from "paypal" just login and see your account first hand...

In otherwords don't be stupid and just randomly enter your password in sites asking for "updates"...

That and the quality of phishes are very low. I'd say a good majority don't use SSL [though they put SSL padlocks on the page] and quite a few have HTML errors [like missing images or malformed layouts]. ...

Tom

Re:not hard (4, Insightful)

fireheadca (853580) | more than 9 years ago | (#11856981)

In otherwords don't be stupid and just randomly enter your password in sites asking for "updates"...

For some phishes, I take the time to login with fake
id's and passwords making sure to insult the scumsucking bastards.
Then I do a network lookup on them and try to
email the corresponding isp. Very easy to do
and protects others.

Vigalantism at its best! Everyone do the same.

sad for customers but.. (1)

Stanneh (775821) | more than 9 years ago | (#11856910)

Im very sad for ebay users who might be effected by this but seriously i am OVER joy'd with this news to hear that Ebay are actually getting up off their fat asses and doing something.

Ebay Idiocy (2, Interesting)

fireheadca (853580) | more than 9 years ago | (#11856939)

I was sent an e-mail from ebay:

PASSWORD POLL

When I create a password for any of my online
accounts, I use:
let me check, it's written beside my computer
a combination of upper & lower case letters and numbers
the same password for all my accounts
the name of my child/pet/spouse/secret crush
some variation on my name or user ID
a random word from the dictionary
123456 or abcdef
the word "password"

After contacting Customer Support I was
informed that it was legit. !!!!

I tried numerous times to point this out but
Customer service with ebay can sometimes be a
struggle. I take it they assume everybody is
an idiot.
Even Ebay Phishes. Go figure.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?