> From: Andrew Bennett <abennettat_private> > Subject: Re: ebay sends passwords in the clear > MIME-Version: 1.0 > Content-Type: text/plain; charset="us-ascii"; format=flowed > > At 11:03 AM 2/16/00 -0800, rfrommat_private: > >I've been trying to get ebay to do something about this for a month and a > >half, to no avail. See http://avocado.dhs.org/ebpd/ for details, including an > >ebay password sniffer. > > I noticed that ebay has a link on their Sign In feature page to sign in via > SSL. It's not the most obvious link. An easy way to get there: > > - when prompted for your id/password, below the box, click the Sign In link > - when prompted again for your id/password, below the box, click the 'here' > link That's great! They didn't have it when I posted ebpd. So at least it looks like I got something accomplished. It's certainly not an easy thing to find, though. Just one example of how their site could use a bit of redesign. So most people are still likely to not use it. My guess is that they're probably purposefully not publicizing it much at first, so that they can try it out, get it debugged, measure the effect on the load on the server, etc. under only limited use. - Rich
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:36:37 PDT