ebay hacked


Rather than repair IT’s own website and get some real security and common sense policies in place, ebay tries to blame the entire nation of Romania.

First it was Yahoo and Microsoft. Then I believe Gmail came under fire.

Now suddenly, the ENTIRE NATION of Romania is at fault for ebaY lax policy, poor web design, and lack of any real security? (other than IT’s blindfolded community? )

Unbelievable. As is parts of this report. In particular, this part:

eBay’s Henley said “hundreds” of internet fraudsters had been arrested since the company had put its operation into play with Romanian law enforcement.

Has anyone out there seen the first independent report of that? Last I saw, they were on a Hacker hunt, but did not catch anyone. There would have been wall to wall coverage if they had, even if they had piecemeal.

Funny, because I have over 65 examples of ebay being hacked over and over again on youtube.

I muse that maybe the hackers should make a guest appearance on ebay community forums again to tell us all how they feel.

Now that was entertainment, eh?

The root of the problem is lackwit ebay, not Romania or Romanians.

read more | digg story

ABSOLUTELY UN-FREAKING-BELIEVABLE ebay member nip0664 gets SCAMMED, thanks to ebay LiveHelp rep “Shena R.” , and the management for allowing dangerous xss redirect flaw to exist for over 1 year. Just go to the thread and read all about IT yourselves, before IT disappears.

help with frau?!!!!!!!!!!!!!

The thread is locked.

Flaw info: http://www.kb.cert.org/vuls/id/808921

Edit 07-26-07. The thread has now dropped from the ebay forums. Here is a screenshot of the entire thread from Google cache

—————————

Updating now. There is more.

Following the same search term from a cappnonymous video I posted the info at, we see a very interesting thread “Live Help chat question“, wherein it seems that one poster feels that the LiveHelp Link has been hacked apparently:

These are the words of a Romanian scammer.”

(referring to “Shena R.”, then points out grammatical errors in support of his/her belief.)
ebay sucks donkey balls. I have proof

So has ebaY LiveHelp been hacked?

No reason to believe not, others in the original thread felt so also.

EDIT – Update 07-26-07

Screenshot of entire thread “Live Help Chat Question” from google, as the original thread has now dropped from the boards at ebay.

BTW, this made it to video, over on youtube:

ebaY LiveHelp Gives Official Blessing to Obvious Scam! OMFG

also, there are over 60 other examples of ebay being hacked, including this capture of the live redirect in action:

EbaY HACKED LIVE! XSS JavaScript Redirect Exploit Flaw Hack

So while everyone wants to play down or ignore the porn on ebay, there looms a more sinister problem, a more obvious problem. That problem is the redirect. The redirect cross-scripting flaw which ebay has ignored for well over a full year now. Possibly even longer.

Let me again refer readers to “eBay’s phishy old problem“, wherein it is writtten:

Robert Schifreen (security expert and author of Defeating the Hacker) said: “If eBay allows [these] tags within item descriptions, it would appear to me that they understand very little about the basic theory behind writing secure web-based applications.

“One of the golden rules is that you must strip out all html tags from user input, apart from a small subset containing any tags that you specifically want to allow (such as bold or italic text). Allowing users to publish their Javascript programs at will on eBay is asking for trouble, and linking to phishing sites is just the start of it.

“Claiming that it’s not a problem because links to phishing sites are quickly removed is, frankly, beyond belief for a high-profile site such as eBay. They should know better.”

Nigel Stanley, security practice leader at Bloor Research took no prisoners either. “eBay need a good kick up the backside for allowing such a vulnerability to persist on their site. The very nature of consumer auction sites means that many inexperienced and naïve users will be spending a lot of money on goods believing that they are safe and secure. If this was a two-bit outfit I may give them the benefit of the doubt, but eBay should know better.”

Lastly, let us not now overlook the fact that the hackers are full aware that using the redirect in any auction works just as well as, maybe better than porn.

Do you feel safe? Is IT worth the hassle?

There are many other, more safe and trustworthy places to conduct your business. Please consider the facts before you buy or sell anything online.

read more | digg story

Approximately 23 hours ago, I uploaded this consumer awareness video to youtube: (as the listing was still very live, as most of the time they are)

EbaY Hacked! jorgensen1230 Hijacked! Wanna buy a Tractor?

So that listing ran to within 2 minutes of completion, maybe less.

Here it is with around 14 minutes

Free Image Hosting at www.ImageShack.us

Now, a different view at 2 minutes

Free Image Hosting at www.ImageShack.us

The bid history at 30 something minutes. (there were many cancellations also)

Free Image Hosting at www.ImageShack.us

And finally, when it should have been very close to ending naturally, I got this.

Shucks, they even skipped right through the usual “invalid item” stage on this one.

Free Image Hosting at www.ImageShack.us

POOF!! That fraud just disappeared!

(Almost!)

EbaY Hacked! jorgensen1230 Hijacked! Wanna buy a Tractor?

First off, this past weekend was a massacre on ebay. Obviously someone was asleep at the wheel or “something“!

laketilor@aol.com address was used to hijack gold powerseller beddingcloseouts of Ebay store “Bedding Closouts” and more. Absolute carnage!

Read a bit more here and see the documentary videos.

LAKETILOR@AOL.COM, the UNSTOPPABLE HIJACKER! (address)

Moving on, the ” Sammelliste für gehackte Accounts (Take Over/Hijacked) und verdächtige Nullaccounts mit hochwertiger Ware.” thread where the hacked and hijacked accounts and listings worldwide are being exposed at breakneck rate, in the ebay Germany Sicherheit forum still grows daily. *Here are a couple more fresh made screencaps of the end of it. On the 233rd page now. Translated to Englisch with Google Language Tools, right here

Oh, I believe I did mention Torture, eh?

Here is another repeat hijacker address, First.Power.Sells@gmail , being used, and preserved as an audio/visual/digital document. Again, that is First.Power.Sells@gmail.com.

Also in this video “ebaY HACKED ! ~ dwood10s V First.Power.Sells AT gmail.com

You can see an abundance of such documentation right here on my Cappnonymous Video Page at youtube. Please consider rating, commenting and/or subscribing.

ebaY Hacked! dwood10s V First.Power.Sel ls gmail Part 2

*Thanks to www.imageshack.us for free image hosting

Update:

Just cut to the quick here.  Some of these old links below are deprecated. Links at video are updated.

/*

 

Fresh Content since 4th May 2007

Truly a massive worldwide event, yet ebay ignores.
Translated and made tiny here.
http://tinyurl.com/2uj79p
Screencaps-a few of the TONNES impacted!

http://img355.imageshack.us/img355/3781/
paypalkawakamirc2.png

Edit: Adding png images of the threads and screencaps of compromised accounts, as they are long since deleted by ebay.

http://img238.imageshack.us/img238/7153/paypalsrupfq0.png

http://img355.imageshack.us/img355/3781/paypalkawakamirc2.png

http://img117.imageshack.us/img117/4752/paypalwelkje4.png

http://img523.imageshack.us/img523/6960/paypalballardtv2.png

http://i12.tinypic.com/4056v5z.png

http://i11.tinypic.com/2yv8f9i.png

http://i7.tinypic.com/2mdmas9.png

http://i12.tinypic.com/42ksef6.png

UPDATE 07-29-07
Nearly all traces of the infamous “Gephishte Accounts die eBay nicht interessieren” thread are now gone.
They have been archived as png images:
Seite 1

Seite 2

Seite 3

Also, the follow-up thread “Gephishte Accounts die eBay nicht interessieren *zensiert*” has been likewise archived:

German language

English translation

(the embedded youtube video you see in the German language screencap is from FireFox   browser  Greasemonkey extension VideoEmbed Script)

*Thanks to imageshack.us for free photo hosting

**Thanks to tinypic.com for free image hostimg
read more | digg story

!*UPDATE* 05-05-07 !
Fresh activity! Another list uncovered, this time including compromised Paypal accounts. Some even from Japan – Nippon
Go here to see for yourselves
http://forums.ebay.de/thread.jspa?threadID=1400016461&start=80
Translated and made tiny;
tinyurl.com/yoylyc

I have here 18 videos documenting the massive, worldwide, multi-user hack and hijacking attack upon ebay, which has been ongoing since @ least mid Feb ’07, when Vladuz posted pink
More “List” vids show that User’s data from both ebaY & PayPal are compromised.
Consumers, see for yourselves, watch the vids, read the descriptions, follow the link

read more | digg story

ebaY Inc HACKED! ~ Stairway to Scammers Heaven

 

Yet another variation on a theme.

In this episode, we find some verrry rare “Bosendorfer grand piano (6’3″) vintage 1915 instrument” for sale on ebaY, over and over again.

 

We begin with a vid I just made a few days ago, with… you guessed, the same piano being sold on ebay

 

You can probably still find some examples of the same via a google search for the auction title
The hijacker email address dejour;
LilianaFedorowicz AT googlemail.com, the seller/hijack victim:”dsiering”

 

At this moment, in another tab, the same hijacker’s email addy is appearing in even more ebaY listings… for … well… that may be the next vid.

 

Be sure to go view my channel page and follow the links to ebaY Germany Security Forums, where TONNES of account hijackings are being reported, along with the LISTS of compromised ebaY and PayPal accounts are posted.

 

Moral of the story… “IT” is walking and quacking, avoid “IT” like the plague.

 

Beatles parody spoof song by “The Beatnix”

 

Got a favorite song you want in the background? Well then , just ask. I have no doubt we will see scam after scam after scam on ebaY, so all suggestions welcome.

 

Subscribers get dibbs!
(So subscribe to Cappnonymous Video Channel on youtube now.)

 

(insert smileduck.gif here)

 

ebaY Inc HACKED! ~The Curse of the Mummy!

 

 

 

More of the Same.
Piled Higher, & Deeper

Continuing on the theme…

 

Music: Scientist

 

Song; Curse of the Mummy

 

Seller/Victim; “bargaincraft”

 

Email address of the Hijacker;
jhonwalke@gmail.com
(a repeat hijacker/Hacker…
…one of the UNdead!)

 

*Moving right along towards the “Batboy” Movie!

 

Don’t touch those dials!

 

oops, did I mention that as I upload and edit this description, these are all live listings? Note the times and dates shown.

 

Be sure to go view my channel page and follow the links to ebaY Germany Security forums, where TONNES of account hijackings are being reported, along with the LISTS of compromised ebaY and PayPal accounts are posted.

 

Moral of the story… “IT” is HACKED, CRACKED HIJACKED, and ebaY cannot stop IT. Be safe, void “IT” like the plague.

 

Got a favorite song you want in the background? Well then , just ask. I have no doubt we will see scam after scam after scam on ebaY, so all suggestions welcome.

 

Subscribers get dibbs!
(So subscribe to Cappnonymous Video Channel on youtube now.)

« Previous PageNext Page »