{"id":50204,"date":"2014-09-23T05:55:48","date_gmt":"2014-09-23T05:55:48","guid":{"rendered":"http:\/\/4cd.e16.myftpupload.com\/?p=50204"},"modified":"2014-09-23T07:13:58","modified_gmt":"2014-09-23T07:13:58","slug":"ebay-under-pressure-as-hacking-continue","status":"publish","type":"post","link":"https:\/\/citifmonline.com\/2014\/09\/ebay-under-pressure-as-hacking-continue\/","title":{"rendered":"eBay under pressure as hacking continue"},"content":{"rendered":"
Leading security researchers have called on eBay to take immediate action over dangerous listings, as the problem continues to put users at risk.<\/p>\n
The BBC has now identified more than 100 listings that had been exploited to trick customers into handing over personal data.<\/p>\n
Over the weekend, readers got in touch with the BBC, saying they had attempted to warn eBay about the problem.<\/p>\n
The company said it would “continue to review all site features and content”.<\/p>\n
The BBC has found that:<\/p>\n
The vulnerability centres around users’ ability to place custom Javascript and Flash content into their listings pages.<\/p>\n
Often sellers will use this method to make their pages look more exciting, with animations or other eye-catching techniques.<\/p>\n
But use of Javascript and Flash, eBay acknowledged, significantly raised the likelihood that malicious code could be included within the site’s pages – due to a hacking technique known as cross-site scripting (XSS).<\/p>\n
It meant users clicking on eBay listings that appeared legitimate were being automatically re-directed to harmful websites designed to steal user information, including credit card details.<\/p>\n
“The summary is that it is exceptionally dodgy and redirecting the user to a nasty web page with some really suspect scripts,” said James Lyne from the security firm Sophos.<\/p>\n
“At present we can’t get our hands on the end payload, so can’t be sure of the attackers complete motive, but it is clear there are still nasty malicious redirects on the eBay site.”<\/p>\n
The problem has affected the site since at least February, the BBC has confirmed – although some experts say it has been an issue for more than a year.<\/p>\n
<\/p>\n
Source: BBC<\/p>\n","protected":false},"excerpt":{"rendered":"
Leading security researchers have called on eBay to take immediate action over dangerous listings, as the problem continues to put users at risk. The BBC has now identified more than 100 listings that had been exploited to trick customers into handing over personal data. Over the weekend, readers got in touch with the BBC, saying […]<\/p>\n","protected":false},"author":14,"featured_media":50205,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[],"tags":[18],"yoast_head":"\n