Leave a comment

EBay security flaw threatened millions

EBay security flaw threatened millions
PHOTO COURTESY OF SHUTTERSTOCK

If you're an Internet user with email, you've probably been on the receiving end of phishing attacks. These are fake emails that try to trick you into download malicious files containing viruses or clicking on links to sites that try to steal your information.

If you take your time and know what to look for, you can usually spot and delete phishing emails before they trick you. Learn five ways to spot a phishing email. Even if you click on a malicious link, you can usually spot a fake site before you give up any information. However, eBay recently had a critical flaw that made it much harder.

Back in December, a security researcher named MLT found a basic cross-site scripting flaw on eBay's homepage. Basically, this lets hackers load their own code onto eBay's site, so they can make any page look like it's coming from eBay.

All a hacker has to do then is copy the code for eBay's login page and inject it back into eBay's site. If you were to click on the link in a fake eBay email, you'd think you were at the legitimate eBay login page, from the look to the domain name. You'd have no clue that when you entered your username and password you're sending them right to a hacker.

Even worse, MTL says it took eBay a month after being notified to fix the flaw. During that time, hackers could have tricked millions of people into visiting fake login pages. Or hackers might have used the flaw to sneak other types of code into eBay's website that could attack visitors directly through their browsers.

While there isn't any indication this happened, it's a further reminder that you need to be on your guard. That means not clicking on links or downloading attachments from email or other electronic communications. You should also make your browser as hacker-proof as possible to avoid automated attacks.

Next Story
Source: ZDNet
Here are the cars that are getting Apple CarPlay
Previous Happening Now

Here are the cars that are getting Apple CarPlay

Are you brave enough to let a computer tell you how attractive you are?
Next Happening Now

Are you brave enough to let a computer tell you how attractive you are?

View Comments ()