Not as bad as not encrypting credit card numbers (they do encrypt that), but for some reason ebay doesn't bother to encrypt passwords. While they're certainly not the only web site doing this, I consider this a bit more serious than a website where one's password just holds personal preferences. Listing items for sale or bidding on items on ebay is allegedly entering into a legally binding contract (although I don't know if this has ever been tested in a court of law). So if someone sniffs my password he/she has the ability to misrepresent my identity in such a way that I could potentially be financially liable. I've been trying to get ebay to do something about this for a month and a half, to no avail. See http://avocado.dhs.org/ebpd/ for details, including an ebay password sniffer. - Richard Fromm rfrommat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:36:00 PDT