An Inside Look at eBay Security 165
daria42 writes "This in-depth interview with eBay's Australia/New Zealand security manager is fascinating reading for anyone interested in online security and how the online auctioneer interacts with law enforcement agencies. "Normal people don't get up in the morning and wonder how they can steal or trick someone. I won't rest until we can eliminate wrongdoing," says eBay''s Alastair MacGibbon."
I want my five minutes back. (Score:5, Insightful)
Re:I want my five minutes back. (Score:1, Funny)
This is outrageous! I demand of the goderators your immediate bannation from this discussion group.
Advertisement disguised as information (Score:5, Insightful)
OR
stories from my brother *in Australia* about how he was ripped off by an eBay scammer? Or stories from coworkers and friends that have been ripped off by an eBay scammer? Or the author of a national bestseller telling how he was eBay scammed? [1]
Here's a tip, eBay. Word of mouth goes a lot farther than a fluffy article that tells me nothing. I read a long time back a dissatisfied customer tells ~3x the number of people his experience than a satisfied customer.
I'm honked off because I had to sit through that article, feeling patronized and advertised. Sheesh. What a waste.
[1] _The Paradox Of Choice: Why More Is Less_
by Barry Schwartz ISBN:0060005696
(I think it was the first few paragraphs of chapter 7.)
Re:Advertisement disguised as information (Score:2)
eBay does Care (Score:2)
W/o the tr
Re:Advertisement disguised as information (Score:3)
Couldn't agree more. My issue with eBay is not so much trouble with people breaking the law, but people selling second-hand goods as though they are new. I bought something touted as new a few weeks ago but it arrived looking like it'd been stolen, rolled in mud, slept on by a dog, and then scratched a bit for good measure. Returned it and suffered a bit more bait-and-switch.
Of course, when I left neutral feedback, the seller hit me with negative feedback accusing me of all sorts of things.
As you've suggest
Re:I want my five minutes back. (Score:1)
in-depth? (Score:5, Insightful)
Sample "in-depth" response for those who didn't RTFA:
Re:in-depth? (Score:2)
All words, and harsh sentences for the few that get caught, but no real preventive work or actual innovation.
Re:in-depth? (Score:1)
LOL!
Colleague sold some stuff on there recently the 'latest' trick/scam it seems is to pay via paypal - cancel it, and then give a cheque that may or may not bounce
Like the law enforcement agencies care.
Re:in-depth? (Score:2)
It's interesting how "Bush-speak" has made it into everyday vocab.
Re:in-depth? (Score:2)
Fat chance of eliminating wrongdoing
Re:in-depth? (Score:2)
Re:in-depth? (Score:2)
Re:in-depth? (Score:2)
PR Fluff (Score:5, Insightful)
I've never seen a more PR-fluff article in my life.
(Okay, that was an exaggeration. I follow the SCO saga as much as the next guy
Security my ass (Score:1, Offtopic)
Re:Security my ass (Score:2)
I visited HongKong a long time ago when DVDs were becoming popular. They sold bootleg movies for $2 US all over the streets. Versus the real copies for $30-$40 in US currency comparison. Note, prices might have fallen alot more now, since DVD is now the new standard there over Laserdisc. China is supposedly worse, since that equals to a monthly salary for a freaking DVD.
Re:Security my ass (Score:1, Offtopic)
I especially love the Asian sellers with software who say "Disc Only" in order to "Save on shipping."
Re:PR Fluff (Score:1)
All they need to do is remove any artical that it not as described
e.g. goto laptops, look for anything with more that 64MB or ram, remove the hundreds of 'bogus were not selling laptops' entries.
They should also give you the address of the person selling the item once you have 'won', and force the seller to use tracked mail and send you the tracking number.
if E-BAY were serious... (Score:5, Insightful)
If tehy were serious, they would do some sort IP address localization, and post not only where the person said they were from but also where their IP says they are from.
If they were serious they would not allow first time sellers to use western-union on new items over $100.
If they were serious they would bar private auctions for first time sellers.
ergo, they are not serious
"Normal"? (Score:3, Insightful)
That's amazing that this guy can define a "normal" person since psychiatrisys and psychologists have been trying to do this for many, many years. I happen to disagree with him, in fact.
Re:"Normal"? (Score:2)
Re: (Score:2)
Re:"Normal"? (Score:3, Funny)
Normal people aren't ambidextrous aardvark afficionados either.
If you were an afficionado of aardvarks, would you talk about it?
Decision, decisions (Score:2)
Hey, you better watch it, or the AAAAA (American Association Against Alliteration Abuse) will get you!
(Hey, it was either that, or an "insensitive clod" joke.)
Re:"Normal"? (Score:2)
I think he meant average, and by average he means people who are more likley to be stolen from than to steal.
Personally, I feel that as a possible solution anyone who commits fraud should be sterilized and their children taken away from them in order to preven such habbits from being passed on to them, but that tends to lead to slippery slopes which social engineer
From the article: (Score:4, Insightful)
MacGibbon: eBay does not endorse any particular browser.
Is Linux really more secure than Windows?
MacGibbon: eBay does not endorse any particular platform.
Then he really will not be able to get sleep, promoting a browser with some anti phishing techniques in it would help his job, and people listen to him based on his role.
On the other hand, I understand his reasoning behind the remarks: If you promote something, and it still goes wrong, people will try to blame it on you.
Interview continued (Score:1, Funny)
Q: Is Linux really more secure than Windows? A: MacGibbon: eBay does not endorse any particular platform. ''
Q: Should children eat pellets of rat poison, or should they eat a healthy balanced diet?
A: eBay does not give advice on nutrition.
Q: Should I vacation in the Sunni Triangle, or in Cancun?
A: eBay does not give vacation advice.
Re:From the article: (Score:3, Insightful)
That's part of it, but you're missing the bigger picture.
Even though their are various security issues on the user's end, it's not his job to ensure that security is tight on the user's desktop. In fact, he can't control what happens on a user's desktop at all. All he can control is what his servers present to the user and what happens on his servers. Wha
Re:From the article: (Score:2)
Re:From the article: (Score:2)
More generally, the cost of any reasonably broad problem with users' security
Mod parent Interesting (Score:2)
There are so many legal and policy matters, but auctions have been around for eons. The difficulty may be the sheer number of jurisdictions that eBay touches. This may bring about some uniformity in global law regarding certain p
Re:From the article: (Score:3, Insightful)
There are a countermeasures that people can use already, but with so many options out there -- and not all of them work equally well -- I'm not surprised that eBay is sitting this one out.
Re:From the article: (Score:2)
Re:From the article: (Score:1)
Re:From the article: (Score:2)
Re:From the article: (Score:2)
Re:From the article: (Score:2)
MacGibbon: less than 1/100th of one percent of all items listed result in a confirmed case of fraud
The "confirmed" came up a few more times. Talk about reading from a script. I must assume that "alleged" cases are fraud nicely do not register on this impressive statistic.
Normally speaking, I'm fairly trusting, but when I see something like this being spun this hard, I makes me very suspicious.
Re:From the article: (Score:2)
1. Do not send what you were supposed to send, so just get the check.
2. Claim not to have received what you were supposed to receive and try get your money back.
To bad the article does not give any details on how they research it though.
An Inside Listen to eBay Security (Score:4, Funny)
"Hellloooooooooo.....!"
"llloooooooooo.....!"
"lloooooooo.....!"
"loooooo....."
"oooooo...."
"oo....."
Not so in depth (Score:2, Informative)
1) We work closely with law enforcement agencies
2) Less than 1/100th of 1% of cases are fraud
No new information. No techniques the rest of us can use to prevent on-line crime. No reason to read it
Channelling Futurama... (Score:2, Funny)
"I won't rest, until we can..." *snore*
Normal people (Score:2, Funny)
Normal people don't get up in the morning and wonder how they can steal or trick someone.
I agree. It would definitely be an odd person that got up in the morning and wondered "Hmm... how can I steal someone today?"
Re:Normal people (Score:1)
Heh heh heh.
Really? (Score:2, Insightful)
Marketing waffle (Score:4, Insightful)
Q: How much (in dollar terms) and how many subscribers have made claims to eBay's buyer protection program?
A: I cannot put a dollar amount on this figure.
Q: How does eBay weed out unscrupulous sellers on your site?
A: We have zero tolerance for wrongdoing and are committed to making eBay as safe as possible for our members.
Q: Is Linux really more secure than Windows?
A: eBay does not endorse any particular platform.
And so on.
Re:Marketing waffle (Score:3, Insightful)
He says he won't rest until he can eliminate wrongdoing. Between children cheating at Old Maid and people not rewinding videos before returning them to the store, he'll be busy for the rest of his life.
Re:Marketing waffle (Score:2)
I presume that wrongdoing is that which is done by wrongdoers. A "wrongdoer" is sort of an evildoer Lite . So, what can we do about these "wrongdoers"? George Bush won't bomb and invade them (they're not the fully fledged evil, remember), but he might send Donald Rumsfeld to give them a wedgie.
Re:Marketing waffle (Score:2)
Is this like that nasty person who didn't rewind that DVD I hired last week? Man that's annoying when they do that.
Eliminate wrongdoing? (Score:3, Informative)
Mod Parent Up. (Score:4, Insightful)
1) Realize purchased item is missing & seller not replying to email & contact number is bogus.
2) Report it to PayPal
3) Get canned response that you have to wait untill the getaway is made (3-4 weeks?) before you make the report.
4) Wait & re-make the report.
5) PayPal Sits on the investigation for two weeks.
6) PayPal Makes investigation
7) PayPal says: "The seller appears to be fradulent, but has withdrawn all funds from their account so we have no recourse: file a claim with your insurance."
If Ebay had any thought about fraud, they would start with PayPal. This is just PR fluff.
Consider the fight against regulating some types of Ebay Sellers (drop off points) like Pawnbrokers. Pawnbrokers are regulated so that their is a paper trail of who sold what (possibly hot) items. Some high crime areas have what are essentially Hot Item ebay resellers: They take items, and sell them on ebay. They then return ~66% to the "owner" who requested their services. Florida (god help me for using them as suggesting a good law) attempted to regulate this type of drop-off store, but was beaten down.
oh, yes. PayPal bad.
How can I take this seriously? (Score:3, Funny)
Someone give this guy a lightsaber...
(Or a gun and a map to an Al-Quaida training camp)
Re:How can I take this seriously? (Score:2)
In-Depth? (Score:1, Insightful)
And since when has slashdot stopped letting lynx users post comments!! Captcha's discriminate against me and my shell session.
Re:In-Depth? (Score:2)
Since the begining of journalism. There have always been lazy reporters who will take a press release, slap their name on it, and call it a news story.
Anyone want to bet that the so-called reporter and the interviewee never even met?
eBay marketing (Score:1)
Percentage this, eBay is striving hard to do that...
I won't rest until we can eliminate wrongdoing.
My god, he's the "Trust and Safety Director" at eBay, not a homicid
In depth my arse (Score:2)
Oh and eBay thinks crime is like really and totally bad and stuff - my world is still rocking from the news.
Re:In depth my arse (Score:2)
Actually, it was *over* 1,000 Trust and Safety employees.
See, 1,000 is a lot.. that's a lot of Safety and Trust employees, and they've got even more than that! How many Safety and Trust employees do you think they actually have? 2,000? 5,000? Whatever it is, it's over 1,000 - and that's a lot of Safety and Trust employees.
The work of a lifetime (Score:5, Funny)
Yes. That confirms it: he thinks he's Batman.
Re:The work of a lifetime (Score:2)
Oh, if only we could all be normal like Alistair MacGibbon.
is it just me? (Score:2)
i was hoping for SOME information, not just marketing talk
Some REAL experiences: (Score:4, Interesting)
Re:Some REAL experiences: (Score:1)
Re:Some REAL experiences: (Score:1)
And that doesn't even include the various scam emails I get with auctions running from various shady types offering to buyout for ridiculous prices providing I send the item immediat
Re:Some REAL experiences: (Score:2)
Years of usenet, classifieds2000, ebay activity with little problem (a buyer that refused an item he'd bought and had me send COD being the worst).
On the other hand, 3 yrs ago, someone created a bogus aol account, a bogus ebay account, and etc. in my name. Bought 2 used laptops using a visa of mine that was near it's limit (dumb luck!) and I got a call from VISA. I suspect the visa data came from buying VCD's from an international vendor (futurama before it came out on DVD).
Here's my scorecard:
A
Re:Similar experience (Score:2)
Re:Some REAL experiences: (Score:2)
Wow. (Score:4, Funny)
That's going to be one tired fella. I think I just heard the price of coffee, Mountain Dew, and Jolt cola going up slightly in his locale.
Bingo (Score:1)
eBay = pirate friendly? (Score:5, Interesting)
I was recently looking to purchase a VHS tape of a classic TV show off eBay. I know this one exists as a regular commercial release, and I wanted to buy the legit copy. I found a certain seller listing it, and was poised to bid until I looked at his feedback.
In the feedback, I found several negative feedback complaints that the seller shipped the buyer a crappy tape taped off of TV. The vague wording in the listing I was interested in (and lack of an image) implied that this, too, was just a copy off of TV. I asked him him if the tape was legit, but got no response.
After this, I would look for this episode, and always find the guy selling his pirated copies. His negative feedback which mentioned the copies being pirated grew. I reported him to eBay a few times. They did nothing. At one time, they said they had no policy against anyone taping commercial shows off TV and selling them.
Re:eBay = pirate friendly? (Score:1)
Re:eBay = pirate friendly? (Score:2)
You checked the feedback on the guy (as everyone should but not everyone does) and decided it wasn't legit.
I'd say that's a plus to eBay!
Troll post NOT Insightful Interesting Informative (Score:2)
If it's eBay's goal to 'wipe out wrongdoing', then why don't they even enforce their own policies? Title spamming on eBay runs contrary to policy, yet is so rampant as to make many searches useless.
Of all the simple things eBay could do to clean up the end-user experience, building a crawling engine to sniff out and flag this kind of nonsense might be among the most trivial. But yet, nothing is done about it.
But of course.. it's a simple fact that eBay benefits any time a sale occurs. If title spamming
Failing to ignore a Troll (Score:2)
Short term only. Not trying to deal with such practices that degrade the customer experience (by, for example, making searches harder) makes it easier for competing services that figures out how to address those problems to establish themselves. Of course, barring a software or business methods patent, Ebay could simply re-implement the technique themselves.
The
True eBay security is... (Score:1)
SDF Effect ! (Score:2)
Typical ZDnet article though
*googles* (Score:2)
Some have criticised the AHTCC because there haven't been any noticeable prosecutions to date. How come?
MacGibbon: These things take time. The way I would describe our investigative policy to date is that, in the last year since we opened the doors, we needed to know what the criminal environment was...#blah blah#
Well he gave that job (or it gave him) 18 months - either way I suspect the 15 year olds down under don't have muc
It's a bird, it's a plane... (Score:1)
MacGibbon: Wrongdoing upsets me. It did when I was in the Australian Federal Police for 15 years and upsets me still: normal people don't get up in the morning and wonder how they can steal or trick someone. I won't rest until we can eliminate wrongdoing.
Yep, this is one huge PR session for eBay and "how they're doing everything to bring down fraudulent activity". The statistic of 1/100 of 1% is bullshit too. I've been scammed
Did anyone really expect "in-depth" from ZDNet? (Score:1)
ZDNet is most definitely not a news source -- nothing more than a PR organ imho.
Perception of security is needed to get more users (Score:1, Informative)
My personal experience is that eBay does very little to stop the thieves. My girlfriend bought some collectables for about $26 (inc. shipping). The guy she bought from had a very goo
zdnet.com.au doesn't like IE6 (Score:1)
I've heard this before... (Score:2, Informative)
Sort of like how "we" (the US) won't rest until we eliminate terrorism?
Ebay fraud (Score:1)
Most ebay fraud involves chump change and law enforcement will not bother with it. It is like calling your local police and yelling: "My bicycle was stolen." You expect to ever get it back?
I won't rest until we can eliminate wrongdoing (Score:4, Funny)
Re: (Score:2)
MacGibbon the superhero (Score:2, Funny)
Who talks like that? I can imagine Batman or Judge Dredd coming out with some heroic gibberish, but the guy works for eBay. What is he going going to do? Wear his underwear on the outside and stomp out crime in time for tea?
Re:MacGibbon the superhero (Score:2)
"We will rid the world of evildoers."
Normal people and their morning wish on eBay ... (Score:1)
Good place to start: (Score:2)
1) "Get your free iPod/Macmini/flatscreen" _as long as you sign up to several monthly direct debits and become a spammer to get many more people to do likewise
2) Sellers with massive favourable credit histories accumulated by selling penny-cost items to a handful of people, all of whom have traded with each other similarly to amass a good score at no expense - and who then turn up with a batch of expensive consumer goods.
3) eBay customers that suddenly change location
Thieves (Score:3, Insightful)
Right, they call it "portfolio management" or "marketing" instead, or use any other term for acceptable theft and trickery.
I've seen some - and worked in - a few perfectly legal businesses which had all the trappings of a scam operation, except that they weren't illegal.
Looks Like They Missed This One (Score:5, Interesting)
Phishers Steal Trust From Ebay Sign In Pages [netcraft.com]
"Fraudsters have exploited a flaw in the eBay web site that allows them to orchestrate phishing attacks using eBay's own Sign In page. ... By including special parameters at the end of the URL, the fraudster has changed the behaviour of the Sign In page so that when a user successfully logs in, they will then be sent to the fraudster's phishing site via an open redirect hosted on servlet.ebay.com."
Because of the "borrowing" of ebay's web site, the EBay toolbar reports the phishing site as legit.
Fraud percentage (Score:3, Insightful)
If Ebay really cared, they'd make it easy to report fakes and frauds, and they'd set up software to triage the reports most likely to result in a real finding and real people would work on those.
On a related subject, when using PayPal... (Score:2)
Every wondered why?
If you use your credit card and the transaction screws up, your CC company will reverse the transaction and PayPal are left to deal with the shit.
If you use your bank account, PayPal arbitrates - heavily in favor of the vendor (especially if a high volume $$ vendor).
Bear that in mind when making a transaction with an untrusted p
Re:On a related subject, when using PayPal... (Score:2)
Uh, reality? (Score:2)
What? They've obviously never bought or sold anything on eBay.
What a crap quote! (Score:2)
This isn't sticking up for the criminal element, but normal people also don't get up daily thinking about how they're going to thwart the criminal element today.
It's that kind of pre-judgement which makes it hell for all of us legitimate consumers these days: Everyone assumes that you're a criminal, and it's up to you to prove otherwise. these days it's the opposite of the old viewpoint of "innocent till proven gu
Phishers steal eBay sign-on page (Score:2)
In defense of eBay.... (Score:2)
Several months ago, my eBay account was hijacked by someone in another country. In under 24 hours after it happened, I received a phone call from someone in "eBay security" about my account, asking me to verify whether or not I was really selling a particular, expensive telephoto lens for a Canon 35mm camera and a couple other similar items. This was before I had even reali
Weak. (Score:2)
What I got, was a couple paragraphs that r