Warning of infected auction tool

budnonymous · Top Poster

RE: The Hackfest continues...

budnonymous · Top Poster

here it is kiddies, in case you didn't already find it, and want to do any "research" lmao

http://www.thoughtcrime.org/software/sslstrip/index.html

"This tool provides a demonstration of the HTTPS stripping attacks that I presented at Black Hat DC 2009. It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon which looks like a lock icon, selective logging, and session denial. For more information on the attack, see the video from the presentation below.

budnonymous · Top Poster

Fairly new, unpatched xss flaw potentially affecting Paypal users.

Digital Sales IPN Database Disclosure Vulnerability

If you are using this software on your off-ebay site, your customer's data is at risk.

If you are donating or checking out with/through Paypal on an off-ebay site you may be at risk. Not sure if there is any way for the buyer/user to tell if this software is being used.

budnonymous · Top Poster

Another fairly high-profile person gets his Paypal account hacked.
If anyone out there does not believe the hackers own Paypal, you are being very naive.

Odds are 100%

your info is in the wrong hands right now, and it is only a matter of time before you get screwed and some laughing LOL-hacker goes on a wild spending spree on your PP dime.

(Then you will get screwed again when PayPal lies to you and blames you for getting hacked)

When paranoia isn't enough

budnonymous · Top Poster

Epic LOLz!

It is my understanding that this is the suspected paid shill who was begging for Vladuz to hack her back when he NARUd all those other suspected paid shills in late October 2007.
Which makes me wonder if perhaps the mysterious (and miraculous) V-man may have been able to hack her from inside his jail cell. roflmao

WARNING - PAYPAL AND HACKERS!!!!!!!!

budnonymous · Top Poster

Of course this sort of thing has never ever stopped for one second, but there has been more talk of it lately...
Just using a slight variation on the theme of contact info, using an image instead of text, which again, has been going on since Feb 2007, at least)
The victims this day were xudong998, and bzbexpress, and more

FWIW, whoever is doing this form of hacking is behind the times. You don't have to look too far to know that by now, the hackers now have a direct pipeline(s) right into paypal, by which they can either collect payment for bogus listings, withdraw money, or just buy things and have them shipped/ digitally delivered (where applicable).

There are videos at a local site wherein shopping sprees have been documented live. The shipping address is changed to send the hacker's plunder to his/her choice of address, (as we know, PP policy now makes sellers ship to non-verified addy's) then the hacker continues, (while laughing their @$$ off) as they go back into the victim's accounts, order up and pay for a bunch of gay magazines, and have those shipped to the account holder/victim's actual address. lmao!

So when those tired old shills (who's very own accounts have been hacked ^

) over there keep insisting that folks have given up their passwords somehow, they are not being truthful! They are paid liars, (bought, paid for and owned) in my expert opinion.

Quickpost this image to Myspace, Digg, Facebook, and others!

-- Edited by budnonymous at 07:59, 2009-03-05

budnonymous · Top Poster

Another Paypal Vulnerability Reported biggrin

budnonymous · Top Poster

Investigator is victim too

Gurnee officer who investigates ID theft hit for $947 in unauthorized transactions

By Ruth Fuller |Special to the Tribune June 12, 2009

Gurnee Police Cmdr. Jay Patrick has reviewed countless cases of identity theft and unauthorized bank withdrawals, but the 22-year veteran of the force never thought he would become a victim.

Last month someone accessed his PayPal account and made three transactions, charging $947 to his bank account for purchases he did not make, he said.

"I really didn't think I was at risk of someone hacking into my PayPal account, if that is indeed what happened to me," Patrick said.

PayPal is a popular online service that allows members to send and receive money without sharing financial information, using their account balances, bank accounts or credit cards. According to its Web site, PayPal has more than 70 million active accounts worldwide.

"The PayPal system has never been compromised since its inception," claims a customer service e-mail sent to Patrick.

On May 21 he found three e-mail messages from PayPal with "your payment has been sent" in the subject line, confirming three purchases: one for $300 and two for 200 British Pounds each, he said. He received a fourth e-mail from PayPal, reading, "We have reason to believe that your account was accessed by a third party."

Patrick logged into his PayPal account and flagged the transactions as unauthorized. He juggled his finances to account for the more than $900 missing from his checking account, which was linked to his PayPal account.

"I held off on some bills and purchases," he said. "I did not bounce any checks or anything, but I did have to transfer funds from savings to cover automated withdrawals for bill payments."

Charlotte Hill, a public relations manager for PayPal, said she could not address Patrick's case because of privacy issues but said the situation he encountered is rare.

"We have a really low rate of fraud, only one-third of 1 percent," she said. "One of the reasons we are safer [than using a credit card online] is that we never share financial information with the recipient of the payment. In addition, if you paid with a credit card [on PayPal] you are still getting protected by the credit card, so you are doubly protected."

An e-mail from PayPal customer service to Patrick suggested ways to protect himself in the future, such as not sharing his password, changing his password often and being on the lookout for fraudulent PayPal Web sites.

Patrick said he did everything right, making online purchases rarely, and only on sites that use PayPal.

"I have not given my password to anyone, and I am well aware of scams and I watch for that kind of thing. I do not send personal information to anyone via e-mail, so I am not sure how someone obtained my password," he said.

Ryan Nelson, network administrator for the Village of Gurnee, said a good password is crucial to protecting money and identity online. He suggested using at least eight characters in a password that does not not include dictionary words, names or significant dates.

"Of all of the stories I have heard where accounts are compromised, poor passwords are usually the culprit," Nelson said.

Nine days after Patrick contacted PayPal about his unauthorized purchases, he received an e-mail stating the investigation was complete and he would receive a refund. The money was returned to his account Monday, he said.

While Patrick said he was inconvenienced, he knows it could have been worse.

"I certainly have heard the horror stories of what happens to victims of identity theft. Trying to get the criminal credit history removed and re-establishing their good credit can take years in some cases," he said.

"It was a clear reminder," Patrick added, "that no one is immune to criminal activity."

budnonymous · Top Poster

More holes found in Web's SSL security protocol

By: Robert McMillan - IDG News Service (San Francisco Bureau) (GM) (10 Aug 2009)

At Black Hat, researchers say these bugs could be used with null termination certificates to create undetectable man-in-the middle attacks. Find out about the new vulnerabilities found by Dan Kaminsky

LAS VEGAS -- Security researchers have found some serious flaws in software that uses the SSL (Secure Sockets Layer) encryption protocol used to secure communications on the Internet.

At the recent Black Hat conference in Las Vegas, researchers unveiled a number of attacks that could be used to compromise secure traffic travelling between Web sites and browsers.

This type of attack could let an attacker steal passwords, hijack an on-line banking session or even push out a Firefox browser update that contained malicious code, the researchers said.

continues at link... ^^^

If anyone out there cares, I have a guaranteed fix/defense for this exploit (in FF). Takes all of 10 seconds, but I won't share it publicly. Anyone who wants to know what it is can contact me.

budnonymous · Top Poster

I see someone has been very hard at work having images from this thread topic deleted from image shack. I will be replacing/reuploading them as time permits. In the meantime, if anyone wants to see any of them, contact me.

Payback is going to be issued, so keep deleting...

mu-ahahahahahahaha

:cool:

budnonymous · Top Poster

EBay Requires Developers to Change Their Account Passwords

Juan Carlos Perez, IDG News Service

It gets more funny:

Passwords compromised for eBay developers

And if that weren't enough:

eBay Developer Important Security Update - Oh Please!

But you never know...
There could be more comedy on the way.

When they get all done, they are likely to have just thrown a few more wrenches into the gears of their blivet-mobile.

budnonymous · Top Poster

Breaking: Its not just Facebook. 4Chan hack Christians social network, email, Paypal accounts and more

budnonymous · Top Poster

ebay Flash Redirect XSS Flaw Alive and Well

Viewers can look here, at the www.firejohndonahoe.com public blog, where Doc, from www.ebaymotorssucks.com has captured images of the source code of the phake login phishing page and more info.
http://tinyurl.com/y9yf93e

There is also another variant of the flash manipulation exploit where the hackers can actually pop right up into your "My ebaY" page.
Again, the uncorrected critical safety flaw has existed a looooong time & to the best of my knowledge still possible/and/or in use

Learn more about that by searching-reading
"Watchdog Group Gives Live Demo of eBay Security Vulnerability"
article on the auctionbytes site, March 2008. "Watchdog Group Gives Live Demo of eBay Security Vulnerability"
article on the auctionbytes site, March 2008.
http://tinyurl.com/yhsj9wa

budnonymous · Top Poster

ebaY Still Hacked Cracked and Hijacked for the Holidays

ebay is still being eaten alive with fake listings and hacked hijacked accounts. The scammers and hackers are getting more creative and harder to spot.

Meet tonight's seller/victim:
recyclebabe (3615)
99.9% Positive feedback

Fake listings seen in this video:
Wood hand cranked Bass Prestwich 35mm movie camera
Item number:350276558982

White Segway i2 + Handlebar Bag, Aluminum Mats, Lock
Item number:390116018100

Yamaha Tyros3 61-key Arranger Keyboard Tyros 3 100% NEW
Item number:350276558719

PS, this lady's account still had fake listings some 2 days later.

budnonymous · Top Poster

01-10-2010 19:19

Auction Ruling to Set a Precedent

An imminent ruling on a two-year-old hacking case involving Auction, which now enjoys a virtual monopoly in the nation's online open market after taking over Gmarket, is expected to set a precedent in many ways, not least of all about how tolerant the nation will be regarding online businesses. This ruling could make or break the future of the country's Internet business. ED.

By Park Si-soo
Staff Reporter

A Seoul court is expected to make a ruling Thursday on the largest private information leakage case involving the online open market site, Auction, owned by eBay. The system was hacked into in February 2008.

The company and the authorities estimate that nearly 10.81 million or 60 percent of all registered users of Auction (www.auction.co.kr) had their private information including ID numbers, home addresses, phone numbers and even bank accounts exposed to strangers by hackers allegedly from China.

Of them, 146,000 users have taken a class action against the online auction company, each demanding between one and three million won ($880-$2,650) in compensation. Police failed to identify and catch those who penetrated the company's firewall.

What the cyber attack left behind was a long, drawn out court battle between two "victims" Auction and its affected users.

The plaintiffs tried to prove that they had sustained damage as a result of the leak, citing an increase in the number of what appeared to be fraudulent calls to their mobile phones following the incident.

Auction, which was taken over by eBay in 2001, tried to defend itself on the basis that the cyber attack and resultant information leak was an unavoidable "rite of passage" for Internet-based companies at home and abroad.

"No matter how strong a firewall may be, Internet firms are bound to be susceptible to hackers," said an Auction spokesman. "At the time of the incident, we were using a state-of-the-art firewall whose defense capability was not inferior to that of the world's most popular commercial Web sites. If the court holds us responsible, online marketplaces like Auction will lose business, in turn causing a significant impact on the IT industry in general."

The spokesman underlined, "We are also a victim."

Lim Sung-geun, a presiding judge of the case, has remained tight-lipped. Given past rulings on similar cases, however, it's very likely that Auction will be held partially liable.

In November 2008, the Seoul High Court ordered Kookmin Bank to pay 200,000 won in compensation to nearly 1,000 online clients, whose private information was leaked. LG Electronics was also ordered to pay 700,000 won to those who uploaded their private information on its recruitment Web site, whose firewall was also breached. No matter how little the compensation to each user may be, the Auction spokesman says, it could pose a grave threat to its bottom line.

"If the plaintiff wins, it's possible that the remaining 10 million people who have taken no legal action against us as yet would follow suit," the Auction spokesman said.

According to a quarterly report the company submitted to the state financial watchdog in November last year, it had capital of 108.7 billion won as of Sept. 30.

budnonymous · Top Poster

Just a little reminder that the hijacked fraud auctions are still going strong on ebay. Same way as always. Same lackluster job keeping them off the site by ebay's so-called security dept.

These were all from different sellers IIRC, one single email address found in all of them.

budnonymous · Top Poster

eBay Security Vulnerabilities Found by Researcher

By: Brian Prince
2010-02-17

eBay is working to patch a cross-site request forgery vulnerability recently uncovered by a security researcher. The Avnet researcher also discovered cross-site scripting and blind SQL injection bugs in eBay's online auction site, which eBay has fixed.

eBay is working on a fix for a cross-site request forgery problem that could allow an attacker to change a user's password and get access to that user's account.

The vulnerability is one of several affecting eBay that were recently uncovered and shared with eWEEK by Nir Goldshlager, a researcher with Avnet Information Security Consulting. Among the vulnerabilities are cross-site scripting bugs in the eBay Live Help support page and eBay To Go, which the company fixed by validating user input. In addition, Goldshlager uncovered a blind SQL injection problem in the eBay donations Website.

All of the vulnerabilities have been patched except the CSRF (cross-site request forgery) flaw. According to Chad Greene, eBay's senior manager of global information security, the company has pushed code to the core site to measure the impact of potential fixes for the CSRF problem on the user and will make a decision about how to address the situation in the next three weeks.

"The nature of CSRF means that there isn't a single fix that can be applied in all cases and rolling out the wrong fix could break legitimate user functionality," Greene told eWEEK in an e-mail.

According to Goldshlager, who demonstrated a proof-of-concept attack, the CSRF vulnerability can be exploited to ultimately get control of a user's account.

"When the victim visits my malicious Website I can change his password ... to any password I choose," Goldshlager explained. "I can change the user's password because I am in control of changing his primary phone and personal information details in his eBay account. An attacker can [also] change the secret question [and] answer with the cross-site request forgery vulnerability. Then he can renew the password of the user by using the 'forget password' mechanism."

In an interview, Greene said users can report any security issues they find to eBay's security center, and the site works with members of the research community to uncover any vulnerabilities.

"We work with many members of the security community as well as the security industry we like to do community outreach and educate the user base," Greene said.

budnonymous · Top Poster

ebaY seems to be under a new wave of attacks. The hackers have more than just a couple new tricks!

eBay Redirect Scam Caught On Screen Video!

Watch this response carefully. You'll see that everything which can be blocked is being blocked. You can't give the browser much less privileges. ebaY is NOT safe! Worst of all they blame the victim!

ebaY Hacked! Redirect Exploit and Fake Page Response/Follow-up

ebaY's pitiful response from Auctionbytes:

Blogger Captures eBay Motors Scam on YouTube Video -

spokesperson Johnna Hoff:

"eBay Motors is constantly and proactively monitoring the site to
prevent and address possible fraudulent behavior. As part of this
monitoring, eBay Motors has identified recent redirect issues and has
implemented specific safety measures, including updating our detection
systems with a filter to identify this particular behavior. These
additional protections should supplement smart shopping habits,
including reviewing seller ratings, communicating with sellers and
confirming transaction details through My eBay before making a
purchase, and never paying for a vehicle via instant cash-transfer
methods. eBay Motors also offers free vehicle history reports and a
Vehicle Purchase Protection program for transactions that occur on the
site, to help ensure the 10 million visitors coming to the site each
month interact in a safe, trusted marketplace."

budnonymous · Top Poster

New wrinkle on an old scam...

ebaY Crafty Hackers and iPhone Scams

budnonymous · Top Poster

Hilarious!

After ebaY issues a statement ^^ claiming to have fixed the flaw responsible for the allowance of these redirect scams, Doc finds the very same SUV listed and redirecting again!
Same exact photos, same fake VIN etc

eBay Motors Redirect Scam 320499691440 2007 Chevy Tahoe

But the fun just starts there.
Notice in this video that ebay changed their page design. Notice the hackers are using ebaY's very own scripts etc.

ebaY Redirect Scam Listing Dissected

But ebaY left that listing to run for several days, omnly pulling it on 03-16-2010. The view count was over 7K as I made the vid. Not sure the final count. But wait! There's more!

eBay Motors 07 Tahoe Scam Listing 320499691440 Still Scamming After 6 Days!

After the listing got pulled, the phake page had a frame from ebay stating the listing was closed, yet the phake STILL had a redirect to yet another phake site which had already been taken down (added to blacklist, and suspended) by FF from the looks of things.

Doc has even more videos revealing more things about this. :
http://www.youtube.com/user/ebaymotorssucks

even more here:

www.ebaymotorssucks.com

FWIW, when I visited the phake page directly, as the listing was still active, I got redirected to ebaY's main page. There are a LOT of particularities about what we see here. More than either one of us has mentioned publicly so far. This is clearly something new.

Bottom line; The hackers are knee deep into ebaY's sphincter.

-- Edited by budnonymous on Tuesday 16th of March 2010 09:48:01 PM

budnonymous · Top Poster

Faux eBay Live Chat With A VPP Scammer!

Eaten alive!!!
Again the hackers use an ebaY api to authenticate username and password.

omfg!!! That site should be shut down!

Nothing but fraud, with the grandaddy fraudsters of them all protecting the scams for all.

-- Edited by budnonymous on Tuesday 16th of March 2010 10:01:13 PM

budnonymous · Top Poster

Law Enforcement Appliance Subverts SSL

budnonymous · Top Poster

Fraudsters Use Phishing Attacks to Hijack eBay Accounts
By Ina Steiner
AuctionBytes.com
March 29, 2010

A 20-year veteran of the military named Doug received an email on Thursday informing him that eBay had put a temporary hold on his selling account. The email instructed him to click on a link that led to eBay.com, where he verified his account. Ten minutes later, he received 29 email messages from shoppers asking questions about products that he had not put up for sale, including bicycles and exercise equipment.

continues...

Guess who got a mention?

comments at auctionbytes blog:
eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours
By: Ina Steiner

Thu Mar 25 2010 21:59:12

My humble contribution:

-- Edited by budnonymous on Monday 29th of March 2010 05:51:28 AM

budnonymous · Top Poster

eBay comes under attack, says Red Condor

01 April 2010

eBay is the victim of a phishing attack that uses its own compromised server, according to email filtering company Red Condor.

In an advisory published today, Red Condor said that a phishing mail sent by scammers reporting an eBay security alert differs from conventional phishing emails. This one tells victims that they must download a Security Shield program, which is in fact a trojan that harvests their passwords and presumably carries out other malicious activities on their machines.

Traditionally, phishing email relies on victims entering information about their accounts on spoof websites designed to look like the targeted company's genuine site. However, this mail directs victims to a web page containing a Download Now button to download software that directly compromises their machine.

continues...

However, as usual there is more to it.

budnonymous · Top Poster

That spiffy new page look doesn't seem to be improving safety, or functionality for that matter .

Sort of like when a slumlord landlard hires , oops strike that that, I mean scams on, pimps out or freeloads on a bunch of crackheads to paint the crackhouse.
Along they way they break a few windows and put holes in the roof, defecate in the kitchensink.

hijacked account

Uploaded with ImageShack.us

-- Edited by budnonymous on Monday 17th of May 2010 07:38:12 AM

budnonymous · Top Poster

Pretty obvious that ebay-paypal are hacked to the gills. There are too many signs that hackers are and have been deep into the db.
(like september 25th 2007 for instance roflmao!!!)

This is more than just "phishing" when they have your real name.
For that matter, "simple phishing" is an ancient sport nowadays. lol.

But I also wonder just who are these creepy people on the forums who are always telling outright lies to and insulting these aggrieved consumers?

Something seems very phishy about that.
It is really waaaaaaaaaaaaaaaaaaay beyond believable...

Does that seem like the sort of outfit you should trust?
Is that the sort of response you should get when problems arise?

I'm positive this is phising but why doesn't PayPal contact me?

budnonymous · Top Poster

yarrrriiiitte!!!

Probably too late.

besides, the CSRF flaw has a bazillion different ways.
And don't forget, above all; ebaY LIES!

PayPal Patches Critical Security Vulnerabilities

PayPal says it has closed a number of security holes uncovered by an Avnet Technologies security researcher, including one that could have allowed an attacker to access PayPal's back-end system for business and premier account reports and acquire a mountain of data.

A security researcher has uncovered multiple vulnerabilities affecting PayPal, the most critical of which could have enabled attackers to access PayPal's business and premier reports back-end system.

The vulnerabilities were patched recently by PayPal after security researcher Nir Goldshlager of Avnet Technologies brought the vulnerabilities to the site's attention. The most critical bug was a permission flow problem in business.paypal.com, and could have potentially exposed a massive amount of customer data.

"An attacker was able to access and watch any other user's financial, orders and report information with unauthorized access to the report backend application," Goldshlager explained. "When users have a premier account or business account the transaction details of their orders are saved in the reports application an attacker can look at any finance reports of premier or business accounts in the PayPal reports application and get a full month [and] day summary of the orders reports."

That includes information such as the PayPal buyer's full shipping address, the PayPal transaction ID of the buyer and the date and amount of transaction.

The other vulnerabilities Goldshlager found included an XSS (cross-site scripting) vulnerability affecting the paypal.com and business.paypal.com sites that an attacker could use to steal session IDs and hijack user accounts, as well as a CSRF (cross-site request forgery) bug that exposed user account information. The CSRF vulnerability impacts the IPN (Instant Payment Notification) system, a PayPal service that sends a message once a transaction has taken place.

Once IPN is integrated, sellers can automate their back offices so they don't have to wait for payments to come in to fulfill orders, Goldshlager explained.

"This CSRF exploit method exposes the same information from the buyer as the first vulnerability ... to exploit a CSRF attack that adds a Instant Payment Notification access, the attacker will make an attack that adds his own Website address to the victim account IPN settings, and when there is transaction on PayPal the victim's transaction details will be sent to the attacker's Website," he said.

Goldshlager also uncovered smaller CSRF issues, he said. He reported the bugs to the site in February. According to PayPal, nearly all the problems Goldshlager uncovered were fixed right away.

"As you know, these types of security issues are very complex and we are grateful for our strong working relationship with the security researcher as well our partnership with the security community that have brought these issues to light," a PayPal spokesperson told eWEEK in an e-mail. "We have a shared mission to make PayPal and the Internet as safe as possible for our customers."

-- Edited by budnonymous on Friday 16th of April 2010 06:46:43 AM

budnonymous · Top Poster

ecrater comes under DDoS attack.
eCRATER.com :: View topic - downtime 05/02/2010 http://community.ecrater.com/viewtopic.php?t=23861

Uploaded with ImageShack.us

Now who would want to do that, and why?

It also strikes me odd that Paymate also came under DDoS attack apparently not once, but twice recently.

http://paymateblog.blogspot.com

I bet if and when eb-PP go down again it will hurt them a lot more than the above sites.

budnonymous · Top Poster

budnonymous wrote:

eBay comes under attack, says Red Condor

01 April 2010

eBay is the victim of a phishing attack that uses its own compromised server, according to email filtering company Red Condor.

In an advisory published today, Red Condor said that a phishing mail sent by scammers reporting an eBay security alert differs from conventional phishing emails. This one tells victims that they must download a Security Shield program, which is in fact a trojan that harvests their passwords and presumably carries out other malicious activities on their machines.
Traditionally, phishing email relies on victims entering information about their accounts on spoof websites designed to look like the targeted company's genuine site. However, this mail directs victims to a web page containing a Download Now button to download software that directly compromises their machine.
continues...

However, as usual there is more to it.

In case no one was paying attention, the file JS Pdfka-OE you see mentioned in the video as being a false positive by a pink has turned out to be a genuine exploit from the looks of things.

It now shows as malicious on half the major virus scanners via virustotal.com. So anyone who took eb's advice got owned.

Still, no announcement, no retraction, update, clarification... no nothing from eb?
I wonder why that is? After all, it's only literally millions of people's lives potentially ruined?

I can't stress this enough, the file was and likely still is being hosted on ebay very own servers, along with the other 'security shield', which is still being found on about me pages.

Uploaded with ImageShack.us

budnonymous · Top Poster

Original release date:04/20/2010
Last revised:04/21/2010

Vulnerability Summary for CVE-2009-4771

Overview

The PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal does not properly validate orders, which allows remote attackers to trigger unspecified "duplicate actions" via unknown vectors.

Vulnerability Summary for CVE-2009-4772

Overview

Unspecified vulnerability in the PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal, when a custom checkout completion message is enabled, allows attackers to obtain sensitive information via unknown vectors.

Vulnerability Summary for CVE-2009-4773

Overview

Cross-site request forgery (CSRF) vulnerability in the order-management functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.