Hacker May Be Exposing eBay Back Door

pacopico writes "A hacker specializing in eBay cracks has once again managed to masquerade as a company official on the site's message boards, according to The Register. A company spokesman denies that 'Vladuz's' repeated assaults on eBay point to a larger problem with the site's security. Of course, eBay two days ago claimed to have found a way to block Vladuz altogether, only to see him pop up again. The hacker himself made comments indicating that the company's email servers are connected somehow to the financial information eBay hosts."

FUD

The hacker himself made comments indicating that the company's email servers are connected somehow to the financial information eBay hosts.

$100 says this guy has a huge short on ebay stock.

Re:FUD

I think you forgot, "This message (and house) will self-destruct in 10 seconds. 9... 8..."

Re:FUD

Publishing this sort of thing privately often doesn't work. I've had numerous security vulnerabilities ignored for years: the use of public FTP sites with user's private passwords is one of the most common. Publicly write-able home directories used by both bosses and their secretaries is another: so are password free SSH keys and software that stores passwords locally in clear text, then NFS export those directories.

In practice, nothing forces a change faster than an obvious break-in that discomfits the boss's secretary: the second fastest is something that affects the stock price. Even something that is being actively used for break-ins is often ignored due to recalcitrant developers and users who cannot be troubled to use secure practices, or to invest in keeping their software upgraded. The worst of them are those who think "we're inside a firewall, we trust the people we work with!". Then they sneak in a laptop from home and expect it to just work.

Time for a new plan....

Maybe ebay should just pay the guy to tell them how to fix their system and be done with it. You know that this will all end with an exploit for ebay being discovered and someone getting sued.

Re:Time for a new plan....

Isn't that frowned upon?

Breaking in. Taunting someone and then getting paid to fix things? Bad precendece I would think.

ridiculous

wow, that's quite an interested technical statement to say they found a way to block ANYONE forever. Anyone can sit down at any computer and you can't tell the difference. The only way would be if he's in jail and apparently he's not so I wonder but genius at eBay wrote up that statement. Btw in case you didn't know, eBay owns Paypal so obviously their general IT and technical designing isn't so great already.

Not an auction site...

...eBay is just a venue for people to exchange items, such as malicious code into an unexpecting user's browser.

When will they learn to do something simple like disallow META tags in item descriptions to stop redirects to sites with malicious code, rather than to hide such things and disavow any responsibility.

Where is your mind at?

A hacker specializing in eBay cracks... may be exposing eBay Back Door"

Sounds like the author has an anal fixation to me!

Not the place to talk about exposed backdoors

You just know what's gonna get posted soon...

I can solve this for EBAY

I told EBAY I could resolve this for them once they send the PS3 to my address in Nigeria. The payment through Paypal will not post to their account until after they have mailed the package. What don't they understand about this?

ebay is a haven...

Proof: http://havenforscammers.com/ [havenforscammers.com]

What a Loser

I know I cannot be the only person thinking "what a loser." Maybe this guy has some motive behind his actions, but if you're in the world of IT Security you are relatively familiar with Romanian whackers. They can take the most mundane abuse of something and claim it as hacking. This is a perfect example. Is someone cracking, phishing, or scamming their way onto eBay's message boards that much of a "prank" or "hack"? I do not think so. Does it spell out that there is a security weakness somewhere? Absolutely. You will find this in almost any large organization when someone specifically targets them, their employees, and/or users. I cannot begin to account for how many times various ISP have been publicly hacked/owned/pranked, far worse than this.

Do that many people really get their news from eBay message boards? This guy is getting on account and posting messages. What is his next hack going to be? Use a stolen or fraudulently created account to post a *FAKE* auction? This guy can hardly penetrate systems at will. I think there's a reason he only seems to pop up at certain times. Classify this guy as another moron that needs to find something better to do.

Hopefully this loser will join the ranks of Victor Faur [zdnet.com]. Not so much in notoriety, but in the loss of the right to use a computer or travel internationally. :)

Their sign-in server needs some work too

I posted this a few days ago. E-bay customer service still hasn't shown any indication they intend to fix this problem: E-Bay's sing in server can assist phishers [jjncj.com].

He is right..

e-bay Has alot of issues.. What ever this individual is exposing,, Take it with integrity.. All they want to do is throw money at it, and find ways to screw anybody and everybody as much as possible.. 1 out of 6 people are millionaires on "paper", because of this e-bay engourages them to work at a significantly reduced pay rate. They do this because they are borde, and e-bay allows them to act accordingly. Meaning, because they have nothing to loose that they can make everyone's life hell around them, with out any quantifiable reprimand.. This corporate culture comes from above, like shit rolling down hill.

explanation for ebay credit card fraud?

Security breaches on ebay servers might explain the rampant theft of people's credit card info on ebay. In most cases ebay are apparently still trying to make customers and sometimes banks pay for the losses rather than admit to their servers being compromised.

Balkanisation

FTA "but insist the servers that administer those functions are balkanized from databases" That proves it - he IS from Romania! But seriously, if Ebay's servers really are Balkanized, (http://en.wikipedia.org/wiki/Balkanize), "Balkanization is a geopolitical term originally used to describe the process of fragmentation or division of a region into smaller regions that are often hostile or non-cooperative with each other", maybe it's no wonder they have problems.

Wonder why ?

Is it the hacker is getting more experts or the system admin is less brilliant??

Maybe Not

Maybe they should use OpenBSD once and for all...

Your choice in Operating System does little to mitigate bad coding. eBay has never been known for their technical wizardry and coding sophistication. It wouldn't surprise me if their back doors were wide open. (If you knew where to look.) For example, instead of having secure B2B messaging channels between different offices and departments, they might use machine formatted Internet Email that gets decoded by machine on the other side. Which would mean that a lot of "financial information" could be travelling over "their email system".

10:1 says the guy is an employee who lost his gruntles.

Re:Don't blame bad coding for bad architecture.

Funny how MS gets criticism on /. even though eBay has run on Java and Solaris since 2005.

http://www.theregister.co.uk/2005/07/13/ebay_sun_i bm/ [theregister.co.uk]

and

http://sun.ebay.com/odcs/custom.htm?template=popup [ebay.com]

So, yeah I'l agree with you - its probably bad architecure that's at fault.