WOW.. Lookie Here.. Pay for top placement by Google.. LOL!

Troydes.com top placement on Google Search. Buy An eBay or PayPal Account!

I stumbled across this website while checking out my own sites placement in search. It’s been some time since i blogged an article and figured this should be a good one to get the word out about.

Home page on troydes.com showing the prices for the eBay and PayPal accounts available.

This website has been around for some time – so I’m sure eBay knows about it.

Whois Info on Troydes.com showing private registration - private reg hides the true owners identety.

eBay probably could care less if someone buys one of these combos and cheats their buyers, or uses the PayPal account to cheat some of their sellers.

About us page giving some details of troydes.com's operation.

Troydes.com eBay suspension solutions page.

Just whip out your credit card - but how can you trust someone selling eBay and PayPal accounts!

This website just smacks of fraud! Who in their right mind would whip out their credit card and order one of there eBay or PayPal accounts? That’s like leaving your credit card in the bar at some sleazy lounge.. LOL!

Dan Goodin from the Register reported last night about this issue.

A serious scripting error has been discovered on PayPal that could enable attackers to create convincing spoof pages that steal users’ authentication credentials..

The cross-site scripting bug is made all the more critical because it resides on a page that uses an extended validation secure sockets layer certificate. The new-fangled SSL mechanism is designed to give users a higher degree of confidence that the page they’re visiting is secure by turning their browser address bar green.

Click Here to read the article Dan published.

Saying it was tired of waiting for eBay to fix a security problem on its platform that has existed for years, German Internet watchdog group Falle-internet.de Translated Page gave a demonstration of how scammers are using flash files embedded into eBay auction pages to gather members eBay account info.

Ina and David Steiner, publishers of auctionbytes.com conducted the same test and got the same results, you can view there report here.

I have screen captured the Falle-internet page in case it gets taken down, you can view it here in our screen capture archive. Please see the file dirinfo.htm for instructions on viewing long image files.

I have been reporting this serious breach of eBay security for at least 2 years, And anyone that keeps up with eBay’s Sloppy Security knows it as well. eBay is quick to point the finger at Romania, China, and other foreign governments, but the fact is that eBay is too cheap to secure there own servers! This US-CERT Advisory was issued in April 2006! So eBay does know about this security breach!

eBay would rather intimidate and black list websites that expose their security vulnerabilities, rather than fix the problem! Fall-Internet was intimidated last year when it showed screen shots of Vladuz’s hacking utilities that Vladuz posted on one of eBay’s discussion forums. eBay promptly tried using the FBI in an intimidation letter to their web host!

Since when has the FBI had jurisdiction in Germany??

It is really interesting how Vladuz got even with Scott Noyce who sent the above email to Falle-Internet’s web host, By Hacking NOYCE’S eBay Account – and posting his Personal Account Info on his ME Page! I guess what comes around – goes around!

Looks like Vladuz crawling in through one of those eBay Security Holes!

You can see all of Doc’s Vladuz Screen Captures Over Here!

Nothing like looking at eBay through Rose Colored Glasses, Huh..

This vulnerability has been reported on by The Register in 2005, then again in 2006.  I also did a good write up with lots of screen captures here and here.

I sincerely doubt they will fix this vulnerability unless it gets to major media. It’s a shame, because it’s down right scary just surfing eBay!

Speaking of Vladuz, He has been pretty quiet – It’s about time for him to pay eBay a visit..

I found this article on Wikipedia where eBay has been accused of vandalising their site pages. Below is a snippet of the details. Click the image to read the article.

eBay owns this whole block of IP’s and it is advisable to block them from your site!

Depending on your server configuration and hosting/server control panel options there should be a tab called “Traffic Blocking” or similar. I would block the whole net range if possible by using a wildcard: 216.113.*.*

It’s none of eBay’s Business snooping around on other peoples sites!