Computerbild discloses security loophole at eBay

Wednesday, 14 May 2003, 12:32 PM EST

A loophole remains open in the security system of the eBay online auction house according to reports by Europe’s largest computer magazine COMPUTERBILD and the television channel SAT.1/N 24. Without leaving a trace, hackers can slip through the loophole and bid at auctions using member names or evaluate other members.

They gain unauthorized access by answering the so-called password question. Upon initial registration, each eBay user selects a question to which only he knows the answer. If the eBay user has forgotten his password he can create a new one after answering the question which is freely accessible to every internet user. However, even without changing the password users can bid and evaluate other members with a simple mouse click on a particular menu button, since they are registered automatically in the eBay system after answering the password question.

In this way, hackers get to the "secret" answers: unfortunately, many eBay members worldwide are careless with their personal data. On their individual eBay pages (so-called "Me" pages) they leave information in which the answer to the password question can be found. A dozen times and in a matter of minutes, a hacker demonstrated to the COMPUTERBILD magazine how easy it is to crack members’ accounts. He could have auctioned goods worth several million euro without any trouble at all.

[ Read more ]

Related items




Spotlight

Attackers use reflection techniques for larger DDoS attacks

Posted on 17 April 2014.  |  Instead of using a network of zombie computers, newer DDoS toolkits abuse Internet protocols that are available on open or vulnerable servers and devices. This approach can lead to the Internet becoming a ready-to-use botnet for malicious actors.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Apr 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //