Interesting People mailing list archives
IP: eBayla virus
From: Dave Farber <farber () cis upenn edu>
Date: Fri, 23 Apr 1999 08:14:33 -0400
Date: Thu, 22 Apr 1999 17:34:41 -0700 From: "Jeff E. Kinzli" <kinzli () cisco com>From http://www.tbtf.com/index.html..eBayla Canadian security enthusiast Tom Cervenka, who goes by the handle Blue Adept, has invented a new flavor of virus: he has created an infected eBay auction item [1] that he calls eBayla. The exploit works because eBay allows JavaScript in the member-authored pages describing an item offered for sale. When an eBay member bids on an infected item, his/her username and password are emailed to Cervenka. EBay's response [2] to the exploit sets a new low for bone-headedness. Not only does eBay downplay the seriousness of the security hole; not only do they get the technical details of the exploit's workings wrong; but they also make vague threats in Cervenka's direction, because he brought this vulnerability to their attention. EBay deserves to get slapped, hard, by its mem- bers -- nothing else will make them rethink their cluelessness. Thanks to Michael Sanders <msanders at confusion dot net> for the prod on this story. [1] http://www.because-we-can.com/ebayla/default.htm [2] http://www.news.com/News/Item/Textonly/0,25,35321,00.html
Current thread:
- IP: eBayla virus Dave Farber (Apr 23)