[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Subject: IP: eBayla virus
>Date: Thu, 22 Apr 1999 17:34:41 -0700 >From: "Jeff E. Kinzli" <kinzli@cisco.com> > > >>From http://www.tbtf.com/index.html > > ..eBayla > >Canadian security enthusiast Tom Cervenka, who goes by the handle Blue >Adept, has invented a new flavor of virus: he has created an infected >eBay auction item [1] that he calls eBayla. The exploit works because >eBay allows JavaScript in the member-authored pages describing an item >offered for sale. When an eBay member bids on an infected item, his/her >username and password are emailed to Cervenka. EBay's response [2] to >the exploit sets a new low for bone-headedness. Not only does eBay >downplay the seriousness of the security hole; not only do they get the >technical details of the exploit's workings wrong; but they also make >vague threats in Cervenka's direction, because he brought this >vulnerability to their attention. EBay deserves to get slapped, hard, by >its mem- bers -- nothing else will make them rethink their cluelessness. >Thanks to Michael Sanders <msanders at confusion dot net> for the prod >on this story. > > [1] >http://www.because-we-can.com/ebayla/default.htm > [2] >http://www.news.com/News/Item/Textonly/0,25,35321,00.html > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Powered by eList eXpress LLC