ebay sends passwords in the clear

From: Richard Fromm (rfrommat_private)
Date: Wed Feb 16 2000 - 11:03:17 PST

Next message: Irwin Lazar: "Re: perl-cgi hole in UltimateBB by Infopop Corp."

Previous message: GALES,SIMON (Non-A-ColSprings,ex1): "Re: Doubledot bug in FrontPage FrontPage Personal Web Server."
Next in thread: Andrew Bennett: "Re: ebay sends passwords in the clear"
Reply: Andrew Bennett: "Re: ebay sends passwords in the clear"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Not as bad as not encrypting credit card numbers (they do encrypt that), but
for some reason ebay doesn't bother to encrypt passwords.

While they're certainly not the only web site doing this, I consider this a
bit more serious than a website where one's password just holds personal
preferences.  Listing items for sale or bidding on items on ebay is allegedly
entering into a legally binding contract (although I don't know if this has
ever been tested in a court of law).  So if someone sniffs my password he/she
has the ability to misrepresent my identity in such a way that I could
potentially be financially liable.

I've been trying to get ebay to do something about this for a month and a
half, to no avail.  See http://avocado.dhs.org/ebpd/ for details, including an
ebay password sniffer.

- Richard Fromm
rfrommat_private

Next message: Irwin Lazar: "Re: perl-cgi hole in UltimateBB by Infopop Corp."
Previous message: GALES,SIMON (Non-A-ColSprings,ex1): "Re: Doubledot bug in FrontPage FrontPage Personal Web Server."
Next in thread: Andrew Bennett: "Re: ebay sends passwords in the clear"
Reply: Andrew Bennett: "Re: ebay sends passwords in the clear"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:36:00 PDT