Expired domains expose eBay security glitch
eBay's security was called into question twice this week as separate sources reported loopholes in the "log-in" system that allowed hackers to gain access to users' accounts.
The first report, by Europe's largest computer magazine COMPUTERBILD, charges a vulnerability exists involving the "secret" security question eBay users set up when first registering on the site. The secret question is used if a person has forgotten their password, and purportedly includes a question that only the user would know, such as a pet's name.
COMPUTERBILD reports that they were able to quickly find instances where the answer to the secret question was included in a user's "About Me" page.
The second eBay log-in vulnerability was discovered this week by AuctionBytes and confirmed by two Internet security experts.
[ Read more ]