eBay Hackers Exploit IE, Firefox Vulnerabilities
eBay buyers are being asked to take extra precautions when conducting their online shopping after security specialists warned that a string of hackers had infiltrated the popular auction site. The hackers exploited several unpatched vulnerabilities in Firefox and Internet Explorer browsers to create false listings and entice people to bid on fraudulent items.
Details of the Stealth Attack
Analysts believe that it was an XSS (cross-site scripting) attack that implemented unauthorized java script elements stored on third-party websites. This allowed eBay pages to contain outside email links and other unauthorized codes, while still evading toolbars designed to detect these fraudulent items. (Source: theregister.co.uk)
The hackers implemented other elements to make their listings appear real, including an "email the seller" link which activated an aol.com address, and a random number generator which changed the item number each time the page was loaded, making the page appear as if it were "live."
The attacks targeted Firefox by exploiting the way the browser implements XBL (XML binding language). After the hacker had created an infected CSS (cascade-style sheet) on a third-party site, Firefox was tricked into allowing forbidden codes that led to fraudulent content in the listings.
All of this, of course, went on unnoticed by the security teams at Mozilla, Microsoft, and eBay.
Mozilla, MS, eBay all play The Blame Game
While the attack was done externally by hackers, all three of the major players involved in the security breach have pointed their fingers at each other.
eBay downplayed the severity of the attack, claiming that "online security experts are already aware of the breach and have identified it as a known bug in Firefox. eBay utilizes sophisticated security technologies to protect our customers against attacks such as this." (Source: techchuck.com)
While claiming to have taken down all known hoax listings on their domain, eBay warns that listings found on other websites that accept user-generated content may still be vulnerable.
Microsoft also weighed in on the situation, claiming that the security breach was not the result of unpatched vulnerabilities in Internet Explorer, but rather because of external websites that fail to properly protect themselves and others against such attacks.
Mozilla claimed to be in the process of patching all known Firefox vulnerabilities as well.
In any event, all three parties urge consumers to be extra cautious when purchasing items over the Internet.
Infopackets Top Windows 10 FAQs
How to Upgrade from Windows 10 32-bit to 64-bit
How to Fix: Windows 10 Antivirus Missing, Not Compatible
How to Fix: Windows 10 Display Shifted; Screen Fuzzy
How to Upgrade Windows 7, 8 32-bit to Windows 10 64-bit
to Downgrade from Windows 10
- How to Fix: Windows 10 Upgrade Failed Error C1900208
- How to Fix: Windows 10 Upgrade Failed Error 80240020
- Can I Cancel my Windows 10 Reservation and Reserve Later?
- How to Clean Install Windows 10 using Windows 7, 8 License
- Will Windows 10 Install Automatically?
- Windows 10 Upgrade: Do I have to Reinstall Programs?
- Windows 10 Upgrade: Can I choose 32-bit or 64-bit?
- Which Version of Windows 10 Will I Get (Home or Pro)?
- How to Reserve Windows 10 Upgrade (Free)
- How to Fix: CPU Not Compatible with Windows 10 Error
- Windows 10 Upgrade: Can I keep my Old Windows Install?
- How to Cancel Windows 10 Reservation (Properly)
- Download Windows 10 .ISO (DVD) for Clean Install?
- Microsoft: Windows 10 Will Be The Last Version
- Does Windows 10 require the CPU to support PAE?
- Windows 10: Can I Upgrade or do I need a Clean Install?
Click here for more Windows 10 articles.