Author Topic: eBay danger  (Read 1254 times)

0 Members and 1 Guest are viewing this topic.

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 15677
eBay danger
« on: Tuesday, 23 September, 2014 @ 08:11:26 »
Quote
Leading security researchers have called on eBay to take immediate action over dangerous listings, as the problem continues to put users at risk.

The BBC has now identified more than 100 listings that had been exploited to trick customers into handing over personal data.

The vulnerability centres around users' ability to place custom Javascript and Flash content into their listings pages.

Often sellers will use this method to make their pages look more exciting, with animations or other eye-catching techniques.

But use of Javascript and Flash, eBay acknowledged, significantly raised the likelihood that malicious code could be included within the site's pages - due to a hacking technique known as cross-site scripting (XSS).

It meant users clicking on eBay listings that appeared legitimate were being automatically re-directed to harmful websites designed to steal user information, including credit card details.

The problem has affected the site since at least February, the BBC has confirmed - although some experts say it has been an issue for more than a year.
http://www.bbc.com/news/technology-29310042