[ news_security_news ]
US Govt. Reports EBay Vulnerable To Phishing Attacks
SecurityProNews
Staff Writer
2006-04-04
 Insider Reports RSS Feed
EBay users should take action to update their Web browsers to help protect themselves against phishing attacks, according to a report published yesterday by the U.S. Computer Emergency Readiness Team (CERT), a division of the US Dept. of Homeland Security.
According to the report, the eBay website contains a cross-site scripting vulnerability that attackers, at the time of publishing, were using to redirect auction viewers to phishing sites. EBay's use of SCRIPT tags in auction descriptions are the root of the issue.
Phishers use this method to obtain sensitive personal information like passwords, credit card numbers, and PayPal and bank information. Information stored in cookies can also be stolen or corrupted.
The US-CERT team says it is currently unaware of a practical solution to the problem, but suggests a few workarounds that may help lessen vulnerability. The government agency suggests that people disable scripting in Web browsers. Instructions about this are specified in advisory Securing Your Web Browser and the Malicious Web Scripts FAQ.
If you want to block out eBay altogether, CERT advises adding ebay.com to the Restricted Sites zone in Internet Explorer. In addition it is advised to pay close attention to the URL displayed in the browser to be sure the site is not an eBay spoof. When providing sensitive information, make sure that the site is HTTPS encrypted.
Ebay, notified in late February, has not responded to the government's report at the time of publishing.
Tag: eBay Security |
Drag this  to your Bookmarks.
Add to DiggThis Yahoo My Web
About the Author:
SecurityProNews is a daily online and email publication focusing on internet security issues.
More news_security_news Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
