Leave a comment

EBay has a 'severe' security bug

EBay has a 'severe' security bug
PHOTO COURTESY OF SHUTTERSTOCK

In a world where new online businesses seem to come and go with the wind, eBay has stuck around. With its longevity, the company has also developed its own reputation. You hear "eBay" and you think of deals, one-of-a-kind finds, private selling, convenience and simplicity. But, what you don't typically think of is malware.

The next time you shop on eBay, maybe you should. The site was recently found to have a "severe" vulnerability for hackers to implant malware and phishing pages.

Researchers from Check Point Software identified the problem, which allows hackers to manipulate the existing restriction that stops user posts from hosting the JavaScript code that runs on the end-user device. The restriction was originally put in place for the user's benefit, and designed to keep scammers from creating false auctions. But, hackers have figured out a way around it.

With a new, highly-sophisticated coding technique, hackers are able to add JavaScript into their posts. This allows them to create pages that look entirely legitimate, but contain malicious code. Oded Vanunu, a Check Point researcher, explained, "Customers can be tricked into opening the page, and the code will then be executed by the user's browser or mobile app, leading to multiple ominous scenarios that range from phishing to binary download."

Next page: What was eBay's response?
Is your blog carrying malware? See how absurdly easy it is for hackers hijack your site
Previous Happening Now

Is your blog carrying malware? See how absurdly easy it is for hackers hijack your site

If you can't figure out this brain teaser, ask a kid for help
Next Happening Now

If you can't figure out this brain teaser, ask a kid for help

View Comments ()