Subject:
|
eBay Site Spoof - If you use IE your eBay password will be stolen.
|
Newsgroups:
|
lugnet.market.shopping
|
Date:
|
Mon, 26 Jan 2004 23:48:05 GMT
|
Viewed:
|
1181 times
|
| |
|
|
This is very possibly the same thing that someone posted about Paypal earlier.
There is an unpatched Internet Explorer vulnerability:
see http://www.securityfocus.com/archive/1/346948
-----
%01-Username Site Spoofing - Site spoofing
Description:
If 0x01 character(a.k.a unescape("%01")) exists in username section of an
HTTP-protocol URL, Characters after 0x01 will not be displayed.
in the demo:
location.href=unescape('http://www.microsoft.com%01@zapthedingbat.com/security/ex01/vun2.htm');
--------
Microsoft has known about this since early December but has not patched it yet.
I received the following email in my eBay email account Friday. (This account
is only used for eBay, so they definitely got it though there.)
-------
eBay Account Suspended
Dear eBay User,
We recently noticed one or more attempts to login into your eBay
account from a foreign IP address and we have reasons to believe that
your account has been hijacked by a third party without your
authorization.
In order to protect your sensitive information or unauthorized listings we
temporarily suspended your account for further investigations. To reactivate
your account, click on the link below and confirm your identity by completing
the secure form that will appear.
If you recently accessed your account while traveling, the unusual
login attempts may have been initiated by you.
Take our apologies for any inconvenience that this may cause.
Thank you
eBay Account Theft Prevention
http://signin.ebay.com/aw-cgi/eBayISAPI.dll?SignIn&ssPageName=h:h:sin:US
The log in attempt was made from:
IP address: 205.188.209.166
ISP host: cache-dq04.proxy.aol.com
---------------
The link was hidden, and actually went to the following URL:
http://signin.ebay.comeBayISAPI.dllSignInssPageName%3Dhh:sinUS%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01@dancy.net/grove/ppages/login.html
As you can see, that URL is on darcy.net, not ebay.com.
If I were using Internet Explorer, I wouldn't have seen the correct URL in the
link or title bar.
Without bashing IE any further ;), if you use Internet Explorer do not follow
any links to any website from any other website or email until this bug is
patched. If you followed any links to log into "Paypal" from the previous
thread, your paypal account may now be compromised. (The original poster
doesn't say HOW he got to Paypal, just that he wanted to pay with it.)
Check out www.mozilla.org/firebird/ for a seriously better browser.
|
|
1 Message in This Thread:
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|
