eBay Cross Site A Bitter Bite

image

Dear eBay, you should have known better. In this story eBay has not made only one, but actually two serious mistakes. The first one was nothing to do about the cross-site scripting (XSS) weakness. That was something used by the phishers in the worst case scenario for the eBay users themselves.

You were using eBay without a single thought that a current page has been hosted elsewhere. Your login data were given away voluntarily without any awareness about the phisher’s trap. So, what was the second mistake? As soon as this trouble was identified by an IT worker the eBay reacted.

This worker has reported this incident and eBay official response to the BBC. Then, instead of confronting the phishers responsible for this trouble eBay turned its anger on the BBC while desperately trying to cover up the whole thing. And, the rest of this story is a sad well-known story of how the things should not be done in the first place.

When someone with almost limitless resources, such as eBay, misses to apply some of the basic prevention measures, then there is simply no excuse or justification. We sure hope that other major IT league players, who are in a similar situation, will draw some useful conclusions out of this story.

eBay Rainy Days in Louisiana

5_2177_imela_1

It simply had to happen one fine day, eventually, this way or another. The only difference is, the users themselves will not be a collateral damage, but the provider of services in charge the eBay itself. Why? Well, it should have done more and known better, as well.

The lawsuit eBay is about to face in Louisiana does not target some abstract unknown hackers, but rather a flesh and blood company responsible for one of the worst security and privacy breaches in the recent Internet history. So, what happened?

The users were kept in dark for months intentionally in a desperate attempt to cover up the catastrophic identity theft. This additional claim opens the second legal front for eBay, which has to deal with both serious accusations: negligence and cover ups.

It comes without saying that some of the biggest companies care more about their money than our privacy and well-being. If this is the only way to change something dramatically, then let it be. In order for the small ones to survive, one giant has to fall. Right?