The dreaded XSRF cross site request forgery exploit is still uncorrected on ebaY. That means extreme risk to both ebay and Paypal users.




Let’s begin way back in 1999. This phylum of flaws (cross-site/scripting) has existed on ebay since before there were terms coined for it. I produced a quick & dirty video outlining not only that, but how ebay sought to make a public relations play by announcing the removal of sellers’ ability to use active scripting elements in the user generated content of ebay listings, then quietly reversed the decision, and buried that news on a backwater blog. You can cut to the quick  by clicking the more info area of the video and following the links.


Moving forward.


We blogged this vulnerability back in September. Yet if you follow the links there, you see the flaw actually existed for 3 years.



Now to the present day…


Quite a debate going on at Twitter between Pierre Omidyar, Paul Carr and others. Here’s an interesting ebay-centric tweet, but there’s plenty more.

jmho, we’ll be waiting until Hell freezes over.

Published on Dec 5, 2013

I spoke with Stanley Cohen, counsel to PayPal 14 co-defendant, Mercedes Heafer, in San Jose, California on December 5, 2013 about the arraignment of 13 co-defendants on a superseding information plea deal, Ebay, PayPal, and Pierre Omidyar’s recent Op-Ed.


Mr. Cohen doesn’t mince words concerning our Pals, any of them.

Here’s that op-ed article for those who have not yet seen it.

Ebayers may want to have the air travel sickness bags handy.

It’s another Twilight Zone like scenario… this entire saga, and everything that is swirling around it today.

Well, at any rate, good for the Paypal 14.

John Pluhowski_Paypal_BML_sock_puppets_200

When the Haggler asked the eBay spokesman John Pluhowski for the name of the PayPal spokesman and the Bill Me Later spokesman, he offered one name: John Pluhowski.



What was the old cliché about if something seems too good to be true?Keep 100% of Your Selling Price!
Pay No Fees – Limited Time Offer!


This is a HUGE tell!

Ebay is running a promo where sellers will save all listing fees when they agree to be paid with ebaY vouchers instead of real money.

Exactly how they differ from ebaY Bucks is not clear without looking up a bunch more things.

There is a long list of…


The perpetrator's pals and business buddies

Another stunning example of why to never, ever use ebay and paypal!

A Boise, Idaho man has been caught and arrested for scamming on ebaY, using 400, that’s right,  400 fake Paypal accounts!


If ever there were a good reason to Boycott Paypal, if not help kill them off altogether, this may be it.

Paypal's dirty little secrets: They provide payment service for porn and torture sites. Boycott Paypal!


Next Page »