Expired domains expose eBay security glitch
eBay's security was called into question twice this week as separate sources reported loopholes in the "log-in" system that allowed hackers to gain access to users' accounts.
The first report, by Europe's largest computer magazine COMPUTERBILD, charges a vulnerability exists involving the "secret" security question eBay users set up when first registering on the site. The secret question is used if a person has forgotten their password, and purportedly includes a question that only the user would know, such as a pet's name.
COMPUTERBILD reports that they were able to quickly find instances where the answer to the secret question was included in a user's "About Me" page.
The second eBay log-in vulnerability was discovered this week by AuctionBytes and confirmed by two Internet security experts.
[ Read more ]
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.