Bugtraq mailing list archives
Re: eBay password stealing with JavaScript
From: paulf () CNET COM (Paul Festa)
Date: Wed, 21 Apr 1999 17:45:47 -0700
They say they won't: http://www.news.com/News/Item/0,4,35321,00.html
eBay acknowledged that the JavaScript exploit works, but minimized its
importance. "We know it's there, but you have to put it all in perspective," said eBay spokesman Kevin Pursglove. "We have a very open environment that lets individuals describe what they're selling, and JavaScript is there so people can make the best of their abilities to describe an item."<<< At 08:30 PM 4/20/99 -0600, Michael K. Sanders wrote:
Since 'e-commerce' was discussed recently and I didn't find this in the archives, may I direct your attention to: <URL:http://because-we-can.com/ebayla/default.htm> It will be interesting if eBay tries to 'filter' JavaScript from their listings to fix this.
Paul Festa reporter, CNET News.com (415) 395-7805 ext. 1313 www.news.com "Silicon Valley's leading source of up-to-the-minute information about the technology business." --New York Times www.cnet.com "A thing called CNET, which is an industry thing." --Bill Gates
Current thread:
- Re: Plain text passwords--necessary, (continued)
- Re: Plain text passwords--necessary Densin Roy. (Apr 19)
- Re: Plain text passwords--necessary Daniel Alex Finkelstein (Apr 19)
- AOL Instant Messenger URL Crash Adam Brown (Apr 19)
- Re: AOL Instant Messenger URL Crash Daniel Reed (Apr 20)
- Shopping Carts exposing CC data Joe (Apr 19)
- Re: Shopping Carts exposing CC data Joe (Apr 20)
- Outlook 98 allows spoofing internal users Nate Lawson (Apr 20)
- Re: Outlook 98 allows spoofing internal users Peter van Dijk (Apr 25)
- Re: Shopping Carts exposing CC data Louis R. Marascio (Apr 20)
- eBay password stealing with JavaScript Michael K. Sanders (Apr 20)
- Re: eBay password stealing with JavaScript Paul Festa (Apr 21)
- Bug in Linux Mount Jacek Konieczny (Apr 20)
- Re: Bug in Linux Mount Meelis Roos (Apr 20)
- Re: Plain text passwords--necessary Tom Perrine (Apr 20)