[olug] Is eBay / Paypal really this bad?
Rob Townley
rob.townley at gmail.com
Tue Apr 29 07:46:38 UTC 2008
A substantial portion of the economy rests upon the eBay marketplace. So
you would think they understand some basic security practices. Am i going
mad? Am i not getting the same eBay everyone else is getting?
Goto https://signin.ebay.com
Under the password box, click on "*i forgot my password*" which takes you
to http://cgi4.ebay.com/ws/eBayISAPI.dll?ForgotYourPasswordShow
which simply asks for your username and sends that in the clear, but the
next form prompts you to "*Answer your secret questions*" but then goes
ahead and sends them in the clear as well. No https! No SSL! No
javascript encryption.
My machine has the form action="http://cgi4.ebay.com/ws/eBayISAPI.dll" when
posting my "*secret*" answers, does yours?
Robert Townley
m. 402-670-4326
More information about the OLUG
mailing list