Experts savage eBay’s hack response

Experts savage eBay’s hack response; Ellison replaced as Oracle CEO; Aussie cops want more Google user data :: Articles :: Technology Decisions.

Experts have criticised eBay for its response to a cross-site scripting hack designed to steal users’ credentials that has been around since at least February.

The BBC reported last week that attackers created product listing pages on eBay that included malicious JavaScript code that automatically redirected users to a web page set up to harvest users’ credentials.

The page was designed to look like eBay’s welcome page. Users only had to click the original listing to have their browser hijacked, the BBC reported.

The online auction company was made aware of the attack but only removed the listings after a follow-up call from the BBC more than 12 hours later.

“eBay is a large company and it should have a 24/7 response team to deal with this – and this case is unambiguously bad,” the BBC quoted Dr Steven Murdoch from University College London’s Information Security Research Group as saying.

468 ad