eBay plugs hole in sign-on page
A week or more after it was brought to its attention, eBay has plugged a hole in its sign-on page that was being exploited by phishers.
The vulnerability was noteworthy because it led users to eBay's official login page first, unlike most phishing attacks, which direct victims to a spoofed URL. Once a user entered a valid user name and password on the eBay site, however, the exploit redirected the person to a third-party site of an attacker's choosing.
At The Register.
[ Read more ]