ebay hacked


Romanian Detained Over eBay Cyber Fraud

Romanian detained over a $3 million cyber fraud against eBay Inc.

Very interesting article from abc news:

Romanian authorities have detained a man suspected of committing cyber fraud worth $3 million against the company eBay Inc.

Organized crime prosecutors say Liviu Mihail Concioiu is being investigated for “phishing” attacks against 3,000 of eBay Inc. employees.

They said Thursday that Concioiu allegedly stole the employees’ IDs and passwords in 2009 and accessed company files, including an application with the data base of eBay clients and their transactions. Concioiu then used “phishing” sites to access the accounts of about 1,200 eBay users.

It would appear the ebay database has been hacked, cracked, and zombied AGAIN.

(or is that still?)

Also notice how the term ‘phishing’ is constantly used.  ebaY doesn’t like the “H” word it seems. But “phishing” alone does not get you access to the files and data described. We call that “HACKING

rotflmao! Who could imagine?

It also tells us that ebay employees must not be too savvy if they are falling for whatever tricks are being used to gain the logins etc.

No mention of any response from ebay.

With IT’s long and repeated history of such events, you should ask yourself whether you trust this unsafe outfit with your personal and financial data?

Who could imagine?

The long uncorrected xss flaw rears it’s ugly head again!

Auctionbytes reporting that falle-internet.de has again discovered listings with the malicious coding, this time with a virus twist.

The most important and telling quote of the article:

“They used javascript and java to address a known vulnerability; user’s computers were affected by just viewing the respective listings,”

See that part about “…just viewing the respective listings…” ?

That is one of the main reasons I advocate avoiding ebaY at all costs. Another is that they BLAME the USER for their own failures! Furthermore, they refuse to correct the flaw! Make no mistake, ebaY is a dangerous, untrustworthy, and dishonest website. Of that there is proof beyond the slightest shadow of a doubt!

ebaY is HACKED! Yes! ebaY is still HACKED!!!

Here is the report, with screencapture images, in English at falle-internet

My research indicates this issue has been onging at ebaY for about 10 full years now. Perhaps not under the same name, but indeed cross-scripting has been exploited on ebaY since before it even had that name. Ebay has been aware of the issue for that long also.  Since looooong before the US-CERT warning was posted. Bear in mind there are many variants of this exploit possible to use. It’s been used also for the redirects, and for cookie-stealing etc. The possibilities are only limited by the hacker’s imagination and ebay’s steadfast refusal to secure it’s festered site

I’ll be posting another video demonstrating the +/- 10 year longevity of the xss flaw on ebaY before long at the Cappnonymous channel

ebaY Crafty Hackers and iPhone Scams

by Cappnonymous

Update: 09-2-2007 =/- 16:30 PDT.

More Hacking kits found on ebay…

Online auction site, eBay, is unwittingly selling software that is used to hack eBay user accounts and steal personal information, according to research from online security experts PC Tools.

A number of software items for sale on the worlds leading online auction site contain a variety of programs including keyloggers, trojans and other malware making devices that are aimed at helping users hack computers, websites and even individual user accounts.

Despite eBays excellent reputation for ensuring that it protects both consumer safety and privacy, its almost impossible to police every item, said Mike Greene, VP Product Strategy at online security experts PC Tools.

I am certain that the sale of this sort of software on eBay comes as a surprise to most, but the success eBay has also meant that the worlds leading online auction site can also attract the wrong kind of attention, said Greene.

It is ironic that something intended ultimately to steal a consumers identification and financial information is being sold via what is one of the worlds number one targets for the ID theft, said Greene.

continues, with url of now invalid listing.

screen capture of the invalid item page, 640 pixels wide.

Click here for a full sized view

Following a search for the exact terms found in the article,

Hacking-cracking-programs-best-on-ebay

I quickly located a listing with that exact title.

Here I have a screen capture of what appears most likely to be an identical item for sale

For a full-sized view, click here.

Here is the screencap of that search, in 640 width

For a full sized view, click here

Note a couple of the hilarities such as payment via Paypal and the Square Trade seal.

The seller’s feedback is 100%, so he/she must have some very happy buyers.

Further, whoever wrote that article seems to be a bit out of touch with the sad facts.

Edit

09-19-2007 +/- 19:30 PDT

I have located what appears to be the original listing mentioned in the article in Google cache. Here 360 pixels wide. remove _360 to see it full size.

Hacking&Cracking programs best on ebay!

read more | digg story

ebay Hacked! Attack of the 1335 Apple iPhones wareagie

Anyone out there still believe ebay is NOT hacked?

Anyone out there still believe ebay is safe, honest, or trustworthy?

Here is yet another hack attack of immense proportions. 1335 iPhones, all listed with in a matter of a couple minutes or so.
Meet the seller/victim
Seller: wareagie (34)
Feedback: 97.2% Positive
Member: since Aug-28-00 in United States

Meet the hacker’s email address:
vanila3456@gmail.com

Here is just one listing details:
20 – 8GB Apple iPhone- Brand New- Never Used
Item number: 300147916089
Starting time: Sep-03-07 16:34:50 PDT
Starting bid: US $1.00
Duration: 1-day listing

Further documentation of the ongoing massive hack attack upon ebay.
I have screencaps to further document this sad event.

http://tinyurl.com/ytatds

http://tinyurl.com/ytpr4o

http://tinyurl.com/ys7p3e

related story/issue:

Apple iPhone ebay Scam Article from digg dot com Resurrected

Also be sure to see the Cappnonymous youtube channel for more shocking documentation of hacker pwnage of ebay. Be sure to expand the descriptions and follow suggested links.

The videos document a clear and consise pattern of troubles, pointing all the way back to the first Vladuz incidents.

Ebay HACKED! Massive Hack Attack 4js2 60K items listed

Hacked! jimmy.cry Attacks ebay & cmptgal1 with Big Balls

Ronny.Scott90 Butchers ebay AGAIN Run Zombies Run

ebay is Hacked! Fake Alienware Auction Babies Not Included

And then, folks…

Boycott ebaY and PayPal

Lastly, I am looking for some input with a new Boycott ebay and Paypal vid.

Please have a look and consider leaving your thoughts and suggestions.

It should be readily apparent to the most casual observers that ebay is not safe, not trustworthy, nor honest, nor will they ever be.

Better is time and money spent “Elsewhere”

Here is a really good example of what I mean. Follow the links back to the yahoo finance ebay message board and see how what appears to be a group of paid shills constantly harass, use “copycat” or look-alike” IDs to deride, belittle, indeed even threaten anyone who dares speak ill of the almighty ebay.

Looks like that may be against the law, it most certainly is sleazy.

We just saw a prime example of such similar activity.

read more | digg story

sleazebay censorship

In the course of conducting a bit of research for something, I referred to my digg.com account. I had posted a link to it here in a post entitled “Looks like the ebay hackers are using PayPal to collect” , at a new consumer rights oriented website forum, Screw-PayPal.com. The article I sought was:

http://digg.com/apple/Apple_iPhone_SCAMS_alert_eBay_unlocked_iPhone_scam_iPhone_store_scam

Which pointed here to this.

Lo & behold, it took me to a page which said:

Oops! What youre looking for isn’t here!

Good thing I was able to find that article still on google.

At the moment, it can still be found in the cache.

Here is a screencap of the google search for the article.

Update 09-04-2007

I see that reference , for the exact terms has now completely vanished from google too.

Again, here is the search.

http://tinyurl.com/2zfggb

The original article was gone.

But for anyone wishing to see the content, I have here the text and screencaps.

If you want to cut to the quick, here is the page, as full sized screencap png format

http://tinyurl.com/2ahlxs

Apple iPhone SCAMS alert: eBay “unlocked” iPhone scam, iPhone store scam

Due to the fact that Apple ’s iPhone became a hot selling item, a variety of scams based around it popped up online. Here are two of the most popular ones at the time of writing. eBay “unlocked iPhone” scam – iPhone “online store” scam. While the “iPhone online store” scam is more malicious than the “unlocked iPhone” scam, both of them will hit..

Submitted:
19 days ago
Submitter:
iDionysus (news: submissions, diggs, comments)
Topic:
News » Technology » Apple
Source:
www.iphoneworld.ca
by willynilly on 07/30/2007

Yeah, I called an eBay guy on this bullshit just the other day.

Reply to this comment

by giovanni666 on 07/30/2007

You need to be very careful with the iphone listings (or anything) on ebay. The site is hacked and the scammers are listing fake auctions. It is very well documented. In particular, watch for the misspelling “unloked”
http://www.youtube.com/results?search_query=ebay+hacked+iphone&search=
http://budmalcolm.bravejournal.com/entry/23679

Reply to this comment

by drethedog on 07/31/2007

I got scammed from a guy on Ebay last week, he had 180 100% positive feedback, apparently somebody hacked in his account and listed the phone, i used pay pal and the money was sent to someone else, now I’m waiting for pay pal to review my case and I’m down 5 hundos…

—————————————————————–

Note that the last comment indicates that a consumer sent payment for his/her iPhone via Paypal, and found that the account had been hacked.

The innocent consumer lost 500 dollars.

Clear evidence that the hackers are into Paypal the same way they are into ebaY.

Now, full page screencap of the cached article

(full page screencaps created with FireFox extension “save as image“)

Another screencap, the rest of the over-wide page, taken with MWSnap.

Note the url. Note the time & Date it was cached.

I do not know why, but I notice a lot of things dealing with ebaY / Paypal security and related issues are “evaporating”.

I also get the feeling people reading this may wish to see this hacked iphone video which was removed from Youtube for alleged copyright infringement, by a mysterious, unidentified “3rd party” no less:
ebaY Hacked Live! kcrunchymunch APPLE iPHONE bogus auction

Well I hope everyone has a good chance to see these screencaptures of the compromised account pages:

http://img238.imageshack.us/img238/7153/paypalsrupfq0.png

(if image fails to load, look here: paypalsrupfq0 )

http://img355.imageshack.us/img355/3781/paypalkawakamirc2.png

http://img117.imageshack.us/img117/4752/paypalwelkje4.png

http://img523.imageshack.us/img523/6960/paypalballardtv2.png

http://i12.tinypic.com/4056v5z.png

http://i11.tinypic.com/2yv8f9i.png

http://i7.tinypic.com/2mdmas9.png

http://i12.tinypic.com/42ksef6.png

Along with the preserved threads which dealt with the subject:

The infamous “Gephishte Accounts die eBay nicht interessieren” thread, archived as png images: 

Seite 1

(original file loocation was

http://img366.imageshack.us/img366/2875/seite01lz1.png )

Seite_2
original file location was:

Seite 3

Also, the follow-up thread “Gephishte Accounts die eBay nicht interessieren *zensiert*” has been likewise archived:

German language

English translation

(the embedded youtube video you see in the German language screencap is from FireFox browser Greasemonkey extension VideoEmbed Script)

*Thanks to imageshack.us for free photo hosting

**Thanks to tinypic.com for free image hostimg

If they should happen to disappear, I will repost them from here to BFE and back again.

Also, see the related videos at youtube regarding the iPhone scams on ebay, and 3 videos where the massive compromised account problem at Paypal are, along with approximately 80 video documentaries of the hack attack upon ebay.

I just happen to have many more examples of hacked accounts with bogus iPhone listings which I have not uploaded or posted anywhere (yet.) I suppose I will be doing so now though, along with every last bit of information which points to the facts about just how dangerous, unsafe, and untrustworthy ebay/ PayPal is/are.

For more documented horror stories, see the Cappnonymous 2010 Blog

Security vulnerabilities hit the open market

Robert McMillan

July 05, 2007 (IDG News Service) — Psst. Want to buy a zero-day?

A Swiss startup called WabiSabiLabi Ltd. has some for sale, but to qualified buyers only.

On Tuesday, the company launched a security vulnerability marketplace, where details on unpatched software flaws can be bought and sold. By Thursday, the site was offering details on four bugs in products such as the Linux kernel and Yahoo Messenger. No bids had yet been registered, and asking prices for the research ranged between $681 and $2724.

An 0day vulnerability is a previously undisclosed bug that has not been fixed by the vendor.

WabiSabiLabi argues that the computer industry’s ethical disclosure policies have led to a raw deal for security researchers, who typically are not paid for disclosing vulnerabilities. “Nobody in the pharmaceutical industry is blackmailing researchers (or the companies that are financing the research), to force them to release the results for free under an ethical disclosure policy,” the WabiSabiLabi Web site states. Representatives from WabiSabiLabi could not immediately be reached for comment.

The company bills its marketplace as a way for “security researchers to get a fair price for their findings and ensure that they will no longer be forced to give them away for free or sell them to cyber-criminals.”

But to David Perry at Trend Micro Inc., it looks like something else. “It’s going to be eBay for vulnerabilities,” he said.

Although WabiSabiLabi says it will sell details only to legitimate buyers, Perry is concerned that the site could be used to put dangerous information into the hands of criminals. “We’re looking at the potential of cyber warfare coming up,” said Perry, who is Trend Micro’s global director of education. “Now we’re going to peddle vulnerabilities in a winner-takes-all auction. How do we know who’s good and who’s bad when we do this?”

Security researcher Cesar Cerrudo said that while it’s uncommon for researchers to go underground to sell their vulnerabilities, it does happen. “Researchers will try to get money in the easier and faster way, and sometimes that can only be done in the black market,” said Cerrudo, CEO of Argeniss Information Security.

WabiSabiLabi is run by Herman Zampariolo, formerly CEO of Italian networking vendor iLight SpA. It lists Roberto Preatoni, founder of the Zone-h.org cyber-defacement Web site, as its strategic director.

Like eBay Inc., WabiSabiLabi offers sellers a variety of options. Research can be offered at a fixed price, sold at auction, or sold to a number of different buyers in what is known as a Dutch auction.

WabiSabiLabi will test the research to make sure the vulnerabilities operate as advertised, and the company will also vouch for the sellers and buyers, who can remain anonymous and trade under nicknames.

Companies such as 3Com Corp.‘s Tipping Point division and VeriSign Inc.’s iDefense Labs have offered cash for this type of research before, but this is the first time that such an open marketplace has been created, Perry said.

Argeniss’s Cerrudo doesn’t share Perry’s fear of the vulnerabilities being misused. “This is already happening in the underground,” he said, “but with a public service like this, I think things are a little clearer.”

read more | digg story

Next Page »