May 17 2008

PayPal XSS Cross Scripting Bug Discovered

Published by admin under Network Security

Dan Goodin from the Register reported last night about this issue.

A serious scripting error has been discovered on PayPal that could enable attackers to create convincing spoof pages that steal users’ authentication credentials..

The cross-site scripting bug is made all the more critical because it resides on a page that uses an extended validation secure sockets layer certificate. The new-fangled SSL mechanism is designed to give users a higher degree of confidence that the page they’re visiting is secure by turning their browser address bar green.

paypal_xss.jpg

Click Here to read the article Dan published.

No responses yet

May 01 2008

Second eBay Boycott Begins - And sdc_prod_9074_35 Is Back With 10,000 Listings!

Published by admin under Miscellaneous

Today is the first day of the announced eBay Sellers 2nd Strike and, This Link is making the rounds. Is eBay once again pumping the listing numbers?

During the first sellers boycott we noticed the same phantom listings that nobody could bid on.

more-padding-1.jpg

more-padding-2.jpg

Do i smell a conspiracy here?? What are your thoughts??

12 responses so far

Apr 19 2008

Was The Vladuz Arrested Story A Spoof??

Published by admin under eBay Fraud Reports

A rumor is spreading via the Pheebay Forums that the Vladuz Arrest was a cleverly planned spoof!

IF it is - eBay and a bunch of others swallowed the Bait, Hook Line & Sinker!

Now isn’t this interesting??

pheebay-vladuz-spoof-1.jpg

ebaychatter-vladuz-busted-announcement.jpg

Romanian news site antena3.ro wrote this article.

vladuz-arrested-photo.jpg

This is supposed to be a photo of Vladuz covering his face on the way to the clink.

There is a good sized thread regarding V’s arrest on eBay’s T&S Board.

Does anyone have any other information on this rumor??

Updated 04/20/2008, Apparently the Pheebay Admin was telling a tall tale!

There are numerous videos and articles claiming Vladuz is indeed in the clink!

ARREST
BUCHAREST, ROMANIA
APRIL 18, 2008  
 
NATURAL
DURATION:01:15

SOURCE:REALITATEA TV/POLICE VIDEO
FEED HISTORY:CEEF (1315GMT)
INTRO: Romanian police arrest man accused of being eBay hacker.

TV AND WEB RESTRICTIONS~**NO ACCESS ROMANIA**~

Romanian authorities arrest a man, accused of being ebay hacker
“Vladuz”.

+++FULL SCRIPT TO FOLLOW+++

SHOWS: (CEEF) BUCHAREST, ROMANIA (APRIL 18, 2008) (POLICE VIDEO - NO ACCESS
ROMANIA)
1. BUILDING WHERE ACCUSED COMPUTER HACKER, VLAD DUICULESCU, LIVES
2. DUICULESCU HANDCUFFED IN HIS APARTMENT
3. VARIOUS OF POLICE OFFICERS COLLECTING EVIDENCE

(CEEF) BUCHAREST, ROMANIA (APRIL 18, 2008) (REALITATEA TV - NO ACCESS
ROMANIA)
4. POLICEMAN WALKING WITH DUICULESCU (HEAD COVERED) INTO POLICE STATION
5. DUICULESCU INSIDE POLICE STATION
6. DUICULESCU WITH POLICE OFFICER WALKING INTO PROSECUTOR’S OFFICE

STORY: Police in Romania have arrested a man accused of hacking into email
accounts belong to eBay employees over two years.
Media reports said 20-year old Vlad Duiculescu, is “Vladuz”,
an online hacker who posted taunting messages on the internet site of the
auction house, saying he had accessed the company’s database.
Romanian media said that before police raided Duiculescu’s apartment,
he managed to throw three laptops from his balcony.
Romanian internet sites are reporting that on April 19, 2005, the
US-Secret Service sent Romanian authorities a notice on the internet sale of
an application containing the source code of the eBay login page, which
required users to enter usernames and passwords. They report that following
investigations, it was found that eBay users were being redirected to fake
websites.
The BBC in Romania reported that Duiculescu was arrested for
fraudulently accessing email accounts resulting in two million US dollars in
damage. But Bbay has been quoted on internet sites as saying that while
numerous efforts were made to defraud eBay users, Vladuz was unsuccessful in
his attempts.
An article by the Guardian newspaper in October 2007 reported that eBay
had been hunting for "Vladuz" for some time. It was believed he had
a history of operating and facilitating eBay based scams.

Here is a Video Link showing Vlad “Vladuz” Duiculescu sitting handcuffed in his apartment. And that Black Firemeg T-shirt - “Got Vladuz” is a priceless part of the news story.

I would say this bust is the Romanian equivalent of our Feds Busting Ole Alfonse “Al ” Capone back in the prohibition days!

Vlad at least pointed out numerous eBay security issues - and i wonder if eBay fixed them? Somehow i kind of doubt it.

And it has been said that eBay knew where Vlad was all the time - they only acted when a new hacking threat was evident.

5 responses so far

Apr 10 2008

Possibly Stolen Military-Only Gear Available On eBay

Published by admin under Miscellaneous

A congressional investigation has revealed that top of the line military gear is readily available on eBay. Infrared tabs that are a part of US soldiers uniforms that help to prevent friendly fire are readily available to the enemy on eBay. That and night vision goggles, and other military items. Parts for Chinook Helicopters and F14 Fighter Jets that are flown by Iran.

military-gear-ebay.jpg

Watch this video by ABC News for more details.

Interesting that eBay did not return the reporters call!

6 responses so far

Mar 31 2008

The Worlds Largest Record Collection Is An eBay Bust Again!

Published by admin under Miscellaneous

It didn’t even draw the 1st bid..

They start it out at 3 Million Dollars.. Geez.. Just because a deadbeat bid THREE MILLION DOLLARS in an insecure eBay free-for-all, on a high profile item like this, don’t mean there is Real Money at that number!

I would have started it out at a BUCK! Put a 3 Mil reserve on it, and let em all play! That way the seller would get a good idea what the collection was worth - and if the auction didn’t reach the reserve, the seller didn’t have to sell it, or negotiate a legitimate second chance offer.

And how about some Real Photos of what the buyer gets?? Not every piece, but enough photos to give the buyer a visual in his/her mind of what they receive for the money!

Looks like someone made money putting that crappy listing together - and of course eBay got paid for the listing - the poor seller just got it up his rear end!

Contact me if you really want this collection sold..  I can get you a check!!

record-collection-no-bids.jpg

No responses yet

Next »