eBay hacker Vladuz carrying on ...

My last two blog articles are on this subject at: http://firemeg.blogspot.com

Surprisingly, the mainstream press has failed to (or chosen not to) pick up on this story. The hack in question accompanied by the tens of thousand of associated scam listings and the Prosperpoint breach last week is actually a very big story with far reaching ramifications. Articles in papers and websites in the UK have been following this story closely for the past week. I'm hearing reports that at least a couple major news outlets in Germany are also currently working on stories about the subject.

eBay continues to heavily censor their forums, pulling threads right and left with any mention of Vladuz, hacks or with links to stories about them. eBay stock remains about at a flatline today, perhaps people are beginning to find out about the issue and are waiting to see if another shoe will drop or not. eBay spokesman Hani Durzy is continuing his campaign to downplay the hackings and hijackings by placing the blame on phishing scams (which really, if you think about it, isn't much better for eBay).

If eBay is successful at their current censor and deny tactics, it shouldn't be an issue for stock prices. If they can manage to keep major new outlets in the US from digging into this, investors will probably be safe. If a major paper digs into the story, they will undoubtably find out far more than many bloggers and it could be quite bad for eBay and for investors in eBay stock.

it might be an idea to check the papers on sunday ;)

I leave you to do the math...

... and we already know what eBay's calculators are like http://www.pheebay.com/blog/2007/01/ebay-fuzzy-math-fuzzy-logic-or-tale-of.html

VLADUZ THE EBAY HACKER WAS JUST MENTIONED ON THE RADIO

Well done Ebay! Which department looks shakier? Security or PR?

http://www.pheebay.com/blog/2007/02/ebay-hacker-vladuz-appears-again.html

What radio station was that? And where are you located?

[b]I'm thinking that the larger percentage would keep the truth to themselves. I leave you to do the math.[/b]

You've got that right. Over 18 months ago I found an eBay login transmitted in clear text in an http header from the eBay site:

eBayAdmin.dll?mfcISAPICommand=AccountItemSearch& userid=xxxxxxx@ebay.com&pass=xxxxxxxx

(I've x'd out the user and password) As you can see this is a login (no longer valid) to an ebay administration server. In this particular case, an eBay Trust and Safety account. This was all transmitted by eBay during a normal administrative process. There may be literally millions of these messages in server logs across the internet. Your math just got more complicated.

I did not try to log in nor hack with it, nor did I brag in the media about a "hack" - I notified eBay about their problem, and was mistreated by them; a mistake which will not be repeated. You are absolutely correct that hacks and potential hacks will remain hidden until exploited.

eBays prosperity depends on buyer confidence. When that is gone, so is eBay.

IT WAS ON BBC RADIO - NOT SURE WHICH CHANNEL

http://news.bbc.co.uk/1/hi/uk/4995300.stm

Interestingly a lot of sources have still failed to Seperate the Vladuz taunts from the hijacked accounts. Speaking to eBay today they have no evidence to suggest that they're connected. In fact the vladuzsgi account could well have been renamed to match one of the gmail addresses used in the hijacked account rather than the other way around

Ebay has been so screwy latly, i always see people catching the boot for COpyright infringments for wierd things, selling guitars or golfclubs, why would that be infringing if you own the actual product, they have become very very unhelpful in the last few years and refuse to budge on the simpliest of things..

http://locaswt.com

I don't think anyone actually believes that Vladuz is responsible for ALL scam listings on the site. There are reports that Vladuz is selling his plugin to the Chinese so they can run scams, and to others for the same reason. I've seen enough evidence to believe that many of the scams are the result of some type of hacking and code manipulation, but also that there are many many scams on ebay that are the result of simple phishing hijacks.

In this instance it's highly likely it's the result of a worldwide attack detailed at http://www.websense.com/securitylabs/alerts/alert.php?AlertID=743

eBay have confirmed that there is no evidence to suggest that vladuz is connected with the hijacked accounts, certainly not that software from him was used
http://www.tamebay.com/2007/02/hacking-taunting-and-ebay-security.html

EBay have known about the security hole for MONTHS.The fact that EBay initially lied about the extent of the breach about the only proves they cannot be trusted by what they say and claim.I have had NUMEROUS posts removed from Ebay's forums and NONE were any which broke Ebay's forum rules.Ebay are trying to cover this up and bury it.People have a right to know if their customer details have been compromised.

big deal!!!

computers get hacked everyday. why is this any different? so what if their PR guy lied? That's what PR guys do.

Ebay are a strong buy. You watch us hit $40 by the end of next month.

#14 lmao.That about sums the attitude of Ebay up!

None of my three ebay accounts has been hacked.

Oops, did I say three accounts?

Damn! there goes the validity of those membership numbers!

My bad.

I just gotten suspended from the ebay boards. What for? I asked "who is Vladuz?"

Screw you!!! you are cybernazis ebay.

I just gotten suspended from the ebay boards. What for? I asked "who is Vladuz?"

Screw you!!! you are cybernazis ebay.

Ebay should be shut down or sold to the mafia.Why are they are allowed to carry out with this criminal activity? I wonder what percentage of Ebays profits are the result of illegal activitys.

Tame Bay is regurgitating Ebay pablum that is deceptive and inaccurate.

Valduz did not use only "hijacked Ebay staff" accounts - on Friday he created his own ID that designated him as an Ebay employee on the boards.

So why doesn't Ebay invest in some real security? Start at the top and get some new people in there that know what they are doing. Who they have now is sadly insufficient or incompetent. The stockholders should be demanding that the entire top management resign. The site has been tarnished beyond repair.

Cover up and denial instead of security. About time the press started to cover this - it's been going on a long time.

The first post of Vladuz as an employee on the US boards was back in December. Ebay had ample notice there was a problem and did nothing.