Expired domains expose eBay security glitch

Friday, 16 May 2003, 11:32 AM EST

eBay's security was called into question twice this week as separate sources reported loopholes in the "log-in" system that allowed hackers to gain access to users' accounts.

The first report, by Europe's largest computer magazine COMPUTERBILD, charges a vulnerability exists involving the "secret" security question eBay users set up when first registering on the site. The secret question is used if a person has forgotten their password, and purportedly includes a question that only the user would know, such as a pet's name.

COMPUTERBILD reports that they were able to quickly find instances where the answer to the secret question was included in a user's "About Me" page.

The second eBay log-in vulnerability was discovered this week by AuctionBytes and confirmed by two Internet security experts.

[ Read more ]

Related items




Spotlight

USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //