Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Re: ebay sends passwords in the clear

Re: ebay sends passwords in the clear

From: Andrew Bennett <abennett_at_CRUZIO.COM>
Date: Sun, 20 Feb 2000 02:00:04 -0800

At 11:03 AM 2/16/00 -0800, rfromm_at_cs.berkeley.eduwrote:
>I've been trying to get ebay to do something about this for a month and a
>half, to no avail. See http://avocado.dhs.org/ebpd/ for details, including an
>ebay password sniffer.

I noticed that ebay has a link on their Sign In feature page to sign in via
SSL. It's not the most obvious link. An easy way to get there:

- when prompted for your id/password, below the box, click the Sign In link
- when prompted again for your id/password, below the box, click the 'here'
link

Of course, take note of the cookie that they will place on your
computer. You'll have to close your browser, or it will expire in 40
minutes of inactivity, whichever comes first, according to the web page.

Couple this with the 'my ebay' preferences as to what activities you want
your password remembered, one might only have to enter their password once,
during the SSL session where the cookie gets set.

Andrew 

--
   Andrew Bennett
   abennett_at_cruzio.com
Received on Feb 21 2000
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos