Expired domains expose eBay security glitch

Friday, 16 May 2003, 11:32 AM EST

eBay's security was called into question twice this week as separate sources reported loopholes in the "log-in" system that allowed hackers to gain access to users' accounts.

The first report, by Europe's largest computer magazine COMPUTERBILD, charges a vulnerability exists involving the "secret" security question eBay users set up when first registering on the site. The secret question is used if a person has forgotten their password, and purportedly includes a question that only the user would know, such as a pet's name.

COMPUTERBILD reports that they were able to quickly find instances where the answer to the secret question was included in a user's "About Me" page.

The second eBay log-in vulnerability was discovered this week by AuctionBytes and confirmed by two Internet security experts.

[ Read more ]

Related items




Spotlight

Free security software identifies cloud vulnerabilities

Posted on 21 October 2104.  |  Designed for IT and security professionals, the service gives a view of the data exchanged with partner and cloud applications beyond the network firewall. Completely passive, it runs on non-production systems, and does not require firewall changes.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Oct 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //