ebay Hacked! Attack of the 1335 Apple iPhones wareagie

ebay Hacked! Attack of the 1335 Apple iPhones wareagie

Anyone out there still believe ebay is NOT hacked?

Anyone out there still believe ebay is safe, honest, or trustworthy?

Here is yet another hack attack of immense proportions. 1335 iPhones, all listed with in a matter of a couple minutes or so.
Meet the seller/victim
Seller: wareagie (34)
Feedback: 97.2% Positive
Member: since Aug-28-00 in United States

Meet the hacker’s email address:
vanila3456@gmail.com

Here is just one listing details:
20 – 8GB Apple iPhone- Brand New- Never Used
Item number: 300147916089
Starting time: Sep-03-07 16:34:50 PDT
Starting bid: US $1.00
Duration: 1-day listing

Further documentation of the ongoing massive hack attack upon ebay.
I have screencaps to further document this sad event.

http://tinyurl.com/ytatds

http://tinyurl.com/ytpr4o

http://tinyurl.com/ys7p3e

related story/issue:

Apple iPhone ebay Scam Article from digg dot com Resurrected

Also be sure to see the Cappnonymous youtube channel for more shocking documentation of hacker pwnage of ebay. Be sure to expand the descriptions and follow suggested links.

The videos document a clear and consise pattern of troubles, pointing all the way back to the first Vladuz incidents.

Ebay HACKED! Massive Hack Attack 4js2 60K items listed

Hacked! jimmy.cry Attacks ebay & cmptgal1 with Big Balls

Ronny.Scott90 Butchers ebay AGAIN Run Zombies Run

ebay is Hacked! Fake Alienware Auction Babies Not Included

And then, folks…

Boycott ebaY and PayPal

Lastly, I am looking for some input with a new Boycott ebay and Paypal vid.

Please have a look and consider leaving your thoughts and suggestions.

It should be readily apparent to the most casual observers that ebay is not safe, not trustworthy, nor honest, nor will they ever be.

Better is time and money spent “Elsewhere”

Here is a really good example of what I mean. Follow the links back to the yahoo finance ebay message board and see how what appears to be a group of paid shills constantly harass, use “copycat” or look-alike” IDs to deride, belittle, indeed even threaten anyone who dares speak ill of the almighty ebay.

Looks like that may be against the law, it most certainly is sleazy.

We just saw a prime example of such similar activity.

read more | digg story

 

Apple iPhone ebay Scam Article from digg dot com Resurrected

In the course of conducting a bit of research for something, I referred to my digg.com account. I had posted a link to it here in a post entitled “Looks like the ebay hackers are using PayPal to collect” , at a new consumer rights oriented website forum, Screw-PayPal.com. The article I sought was:

http://digg.com/apple/Apple_iPhone_SCAMS_alert_eBay_unlocked_iPhone_scam_iPhone_store_scam

Which pointed here to this.

Lo & behold, it took me to a page which said:

“Oops! What youre looking for isn’t here!”

Good thing I was able to find that article still on google.

At the moment, it can still be found in the cache.

Here is a screencap of the google search for the article.

Update 09-04-2007

I see that reference , for the exact terms has now completely vanished from google too.

Again, here is the search.

http://tinyurl.com/2zfggb

The original article was gone.

But for anyone wishing to see the content, I have here the text and screencaps.

If you want to cut to the quick, here is the page, as full sized screencap png format

http://tinyurl.com/2ahlxs

Apple iPhone SCAMS alert: eBay “unlocked” iPhone scam, iPhone store scam

Due to the fact that Apple ’s iPhone became a hot selling item, a variety of scams based around it popped up online. Here are two of the most popular ones at the time of writing. eBay “unlocked iPhone” scam – iPhone “online store” scam. While the “iPhone online store” scam is more malicious than the “unlocked iPhone” scam, both of them will hit..

Submitted:

19 days ago

Submitter:

iDionysus (news: submissions, diggs, comments)

Topic:

News » Technology » Apple

Source:

www.iphoneworld.ca

by willynilly on 07/30/2007

Yeah, I called an eBay guy on this bullshit just the other day.

Reply to this comment

by giovanni666 on 07/30/2007

You need to be very careful with the iphone listings (or anything) on ebay. The site is hacked and the scammers are listing fake auctions. It is very well documented. In particular, watch for the misspelling “unloked”
http://www.youtube.com/results?search_query=ebay+hacked+iphone&search=
http://budmalcolm.bravejournal.com/entry/23679

Reply to this comment

by drethedog on 07/31/2007

I got scammed from a guy on Ebay last week, he had 180 100% positive feedback, apparently somebody hacked in his account and listed the phone, i used pay pal and the money was sent to someone else, now I’m waiting for pay pal to review my case and I’m down 5 hundos…

—————————————————————–

Note that the last comment indicates that a consumer sent payment for his/her iPhone via Paypal, and found that the account had been hacked.

The innocent consumer lost 500 dollars.

Clear evidence that the hackers are into Paypal the same way they are into ebaY.

Now, full page screencap of the cached article

(full page screencaps created with FireFox extension “save as image“)

Another screencap, the rest of the over-wide page, taken with MWSnap.

Note the url. Note the time & Date it was cached.

I do not know why, but I notice a lot of things dealing with ebaY / Paypal security and related issues are “evaporating”.

I also get the feeling people reading this may wish to see this hacked iphone video which was removed from Youtube for alleged copyright infringement, by a mysterious, unidentified “3rd party” no less:
ebaY Hacked Live! kcrunchymunch APPLE iPHONE bogus auction

Well I hope everyone has a good chance to see these screencaptures of the compromised account pages:

http://img238.imageshack.us/img238/7153/paypalsrupfq0.png

(if image fails to load, look here: paypalsrupfq0 )

http://img355.imageshack.us/img355/3781/paypalkawakamirc2.png

http://img117.imageshack.us/img117/4752/paypalwelkje4.png

http://img523.imageshack.us/img523/6960/paypalballardtv2.png

http://i12.tinypic.com/4056v5z.png

http://i11.tinypic.com/2yv8f9i.png

http://i7.tinypic.com/2mdmas9.png

http://i12.tinypic.com/42ksef6.png

Along with the preserved threads which dealt with the subject:

The infamous “Gephishte Accounts die eBay nicht interessieren” thread, archived as png images: 

Seite 1

(original file loocation was

http://img366.imageshack.us/img366/2875/seite01lz1.png )

Seite_2
original file location was:

Seite 3

Also, the follow-up thread “Gephishte Accounts die eBay nicht interessieren *zensiert*” has been likewise archived:

German language

English translation

(the embedded youtube video you see in the German language screencap is from FireFox browser Greasemonkey extension VideoEmbed Script)

*Thanks to imageshack.us for free photo hosting

**Thanks to tinypic.com for free image hostimg

If they should happen to disappear, I will repost them from here to BFE and back again.

Also, see the related videos at youtube regarding the iPhone scams on ebay, and 3 videos where the massive compromised account problem at Paypal are, along with approximately 80 video documentaries of the hack attack upon ebay.

I just happen to have many more examples of hacked accounts with bogus iPhone listings which I have not uploaded or posted anywhere (yet.) I suppose I will be doing so now though, along with every last bit of information which points to the facts about just how dangerous, unsafe, and untrustworthy ebay/ PayPal is/are.

For more documented horror stories, see the Cappnonymous 2010 Blog

 

Security company launches eBay for 0days

Security vulnerabilities hit the open market

Robert McMillan

July 05, 2007 (IDG News Service) — Psst. Want to buy a zero-day?

A Swiss startup called WabiSabiLabi Ltd. has some for sale, but to qualified buyers only.

On Tuesday, the company launched a security vulnerability marketplace, where details on unpatched software flaws can be bought and sold. By Thursday, the site was offering details on four bugs in products such as the Linux kernel and Yahoo Messenger. No bids had yet been registered, and asking prices for the research ranged between $681 and $2724.

An 0day vulnerability is a previously undisclosed bug that has not been fixed by the vendor.

WabiSabiLabi argues that the computer industry’s ethical disclosure policies have led to a raw deal for security researchers, who typically are not paid for disclosing vulnerabilities. “Nobody in the pharmaceutical industry is blackmailing researchers (or the companies that are financing the research), to force them to release the results for free under an ethical disclosure policy,” the WabiSabiLabi Web site states. Representatives from WabiSabiLabi could not immediately be reached for comment.

The company bills its marketplace as a way for “security researchers to get a fair price for their findings and ensure that they will no longer be forced to give them away for free or sell them to cyber-criminals.”

But to David Perry at Trend Micro Inc., it looks like something else. “It’s going to be eBay for vulnerabilities,” he said.

Although WabiSabiLabi says it will sell details only to legitimate buyers, Perry is concerned that the site could be used to put dangerous information into the hands of criminals. “We’re looking at the potential of cyber warfare coming up,” said Perry, who is Trend Micro’s global director of education. “Now we’re going to peddle vulnerabilities in a winner-takes-all auction. How do we know who’s good and who’s bad when we do this?”

Security researcher Cesar Cerrudo said that while it’s uncommon for researchers to go underground to sell their vulnerabilities, it does happen. “Researchers will try to get money in the easier and faster way, and sometimes that can only be done in the black market,” said Cerrudo, CEO of Argeniss Information Security.

WabiSabiLabi is run by Herman Zampariolo, formerly CEO of Italian networking vendor iLight SpA. It lists Roberto Preatoni, founder of the Zone-h.org cyber-defacement Web site, as its strategic director.

Like eBay Inc., WabiSabiLabi offers sellers a variety of options. Research can be offered at a fixed price, sold at auction, or sold to a number of different buyers in what is known as a Dutch auction.

WabiSabiLabi will test the research to make sure the vulnerabilities operate as advertised, and the company will also vouch for the sellers and buyers, who can remain anonymous and trade under nicknames.

Companies such as 3Com Corp.‘s Tipping Point division and VeriSign Inc.’s iDefense Labs have offered cash for this type of research before, but this is the first time that such an open marketplace has been created, Perry said.

Argeniss’s Cerrudo doesn’t share Perry’s fear of the vulnerabilities being misused. “This is already happening in the underground,” he said, “but with a public service like this, I think things are a little clearer.”

read more | digg story

 

help with frau?!!! ebaY LiveHelp Gives Official Blessing to Obvious Scam!

ABSOLUTELY UN-FREAKING-BELIEVABLE ebay member nip0664 gets SCAMMED, thanks to ebay LiveHelp rep “Shena R.” , and the management for allowing dangerous xss redirect flaw to exist for over 1 year. Just go to the thread and read all about IT yourselves, before IT disappears.

help with frau?!!!!!!!!!!!!!

The thread is locked.

Flaw info: http://www.kb.cert.org/vuls/id/808921

Edit 07-26-07. The thread has now dropped from the ebay forums. Here is a screenshot of the entire thread from Google cache

—————————

Updating now. There is more.

Following the same search term from a cappnonymous video I posted the info at, we see a very interesting thread “Live Help chat question“, wherein it seems that one poster feels that the LiveHelp Link has been hacked apparently:

“These are the words of a Romanian scammer.”

(referring to “Shena R.”, then points out grammatical errors in support of his/her belief.)

So has ebaY LiveHelp been hacked?

No reason to believe not, others in the original thread felt so also.

EDIT – Update 07-26-07

Screenshot of entire thread “Live Help Chat Question” from google, as the original thread has now dropped from the boards at ebay.

BTW, this made it to video, over on youtube:

ebaY LiveHelp Gives Official Blessing to Obvious Scam! OMFG

also, there are over 60 other examples of ebay being hacked, including this capture of the live redirect in action:

EbaY HACKED LIVE! XSS JavaScript Redirect Exploit Flaw Hack

So while everyone wants to play down or ignore the porn on ebay, there looms a more sinister problem, a more obvious problem. That problem is the redirect. The redirect cross-scripting flaw which ebay has ignored for well over a full year now. Possibly even longer.

Let me again refer readers to “eBay’s phishy old problem“, wherein it is writtten:

Robert Schifreen (security expert and author of Defeating the Hacker) said: “If eBay allows [these] tags within item descriptions, it would appear to me that they understand very little about the basic theory behind writing secure web-based applications.

“One of the golden rules is that you must strip out all html tags from user input, apart from a small subset containing any tags that you specifically want to allow (such as bold or italic text). Allowing users to publish their Javascript programs at will on eBay is asking for trouble, and linking to phishing sites is just the start of it.

“Claiming that it’s not a problem because links to phishing sites are quickly removed is, frankly, beyond belief for a high-profile site such as eBay. They should know better.”

Nigel Stanley, security practice leader at Bloor Research took no prisoners either. “eBay need a good kick up the backside for allowing such a vulnerability to persist on their site. The very nature of consumer auction sites means that many inexperienced and naïve users will be spending a lot of money on goods believing that they are safe and secure. If this was a two-bit outfit I may give them the benefit of the doubt, but eBay should know better.”

Lastly, let us not now overlook the fact that the hackers are full aware that using the redirect in any auction works just as well as, maybe better than porn.

Do you feel safe? Is IT worth the hassle?

There are many other, more safe and trustworthy places to conduct your business. Please consider the facts before you buy or sell anything online.

read more | digg story

 

Making Fraud Go Away, The ebaY WaY

Approximately 23 hours ago, I uploaded this consumer awareness video to youtube: (as the listing was still very live, as most of the time they are)

EbaY Hacked! jorgensen1230 Hijacked! Wanna buy a Tractor?

So that listing ran to within 2 minutes of completion, maybe less.

Here it is with around 14 minutes

Now, a different view at 2 minutes

The bid history at 30 something minutes. (there were many cancellations also)

And finally, when it should have been very close to ending naturally, I got this.

Shucks, they even skipped right through the usual “invalid item” stage on this one.

POOF!! That fraud just disappeared!

(Almost!)

EbaY Hacked! jorgensen1230 Hijacked! Wanna buy a Tractor?

 

Ongoing Massive Worldwide HACK and HIJACKING Attack on ebaY ~ The Torture Never Stops

First off, this past weekend was a massacre on ebay. Obviously someone was asleep at the wheel or “something“!

laketilor@aol.com address was used to hijack gold powerseller beddingcloseouts of Ebay store “Bedding Closouts” and more. Absolute carnage!

Read a bit more here and see the documentary videos.

LAKETILOR@AOL.COM, the UNSTOPPABLE HIJACKER! (address)

Moving on, the ” Sammelliste für gehackte Accounts (Take Over/Hijacked) und verdächtige Nullaccounts mit hochwertiger Ware.” thread where the hacked and hijacked accounts and listings worldwide are being exposed at breakneck rate, in the ebay Germany Sicherheit forum still grows daily. *Here are a couple more fresh made screencaps of the end of it. On the 233rd page now. Translated to Englisch with Google Language Tools, right here

Oh, I believe I did mention Torture, eh?

Here is another repeat hijacker address, First.Power.Sells@gmail , being used, and preserved as an audio/visual/digital document. Again, that is First.Power.Sells@gmail.com.

Also in this video “ebaY HACKED ! ~ dwood10s V First.Power.Sells AT gmail.com

You can see an abundance of such documentation right here on my Cappnonymous Video Page at youtube. Please consider rating, commenting and/or subscribing.

ebaY Hacked! dwood10s V First.Power.Sel ls gmail Part 2

*Thanks to www.imageshack.us for free image hosting

 

Massive Worldwide PayPal and User Data Breach – Accounts Compromised

Update:

Just cut to the quick here.  Some of these old links below are deprecated. Links at video are updated.

/*

 

Fresh Content since 4th May 2007

Truly a massive worldwide event, yet ebay ignores.
Translated and made tiny here.
http://tinyurl.com/2uj79p
Screencaps-a few of the TONNES impacted!

http://img355.imageshack.us/img355/3781/
paypalkawakamirc2.png

Edit: Adding png images of the threads and screencaps of compromised accounts, as they are long since deleted by ebay.

http://img238.imageshack.us/img238/7153/paypalsrupfq0.png

http://img355.imageshack.us/img355/3781/paypalkawakamirc2.png

http://img117.imageshack.us/img117/4752/paypalwelkje4.png

http://img523.imageshack.us/img523/6960/paypalballardtv2.png

http://i12.tinypic.com/4056v5z.png

http://i11.tinypic.com/2yv8f9i.png

http://i7.tinypic.com/2mdmas9.png

http://i12.tinypic.com/42ksef6.png

UPDATE 07-29-07
Nearly all traces of the infamous “Gephishte Accounts die eBay nicht interessieren” thread are now gone.
They have been archived as png images:
Seite 1

Seite 2

Seite 3

Also, the follow-up thread “Gephishte Accounts die eBay nicht interessieren *zensiert*” has been likewise archived:

German language

English translation

(the embedded youtube video you see in the German language screencap is from FireFox   browser  Greasemonkey extension VideoEmbed Script)

*Thanks to imageshack.us for free photo hosting

**Thanks to tinypic.com for free image hostimg
read more | digg story