[olug] Is eBay / Paypal really this bad?
Rob Townley
rob.townley at gmail.com
Wed Nov 26 18:45:52 UTC 2008
On Tue, Apr 29, 2008 at 1:46 AM, Rob Townley <rob.townley at gmail.com> wrote:
> A substantial portion of the economy rests upon the eBay marketplace. So
> you would think they understand some basic security practices. Am i going
> mad? Am i not getting the same eBay everyone else is getting?
>
> Goto https://signin.ebay.com
> Under the password box, click on "i forgot my password" which takes you to
> http://cgi4.ebay.com/ws/eBayISAPI.dll?ForgotYourPasswordShow
> which simply asks for your username and sends that in the clear, but the
> next form prompts you to "Answer your secret questions" but then goes ahead
> and sends them in the clear as well. No https! No SSL! No javascript
> encryption.
> My machine has the form action="http://cgi4.ebay.com/ws/eBayISAPI.dll" when
> posting my "secret" answers, does yours?
>
>
> Robert Townley
> m. 402-670-4326
>
>
truste.org informed me and i have done cursory verification that
resetting your password on ebay.com and ebay.co.ie is no longer
sending secret information in the clear.
More information about the OLUG
mailing list