ebaY XSS Flaw Exploits: 11 Years of Hacking, Lies, Cover up & Denial

budnonymous · Top Poster

RE: The Hackfest continues...

budnonymous · Top Poster

Falle-Internet Reports Malware Was Spread through eBay Hijacking

budnonymous · Top Poster

ebaY XSS Flaw Exploits: 11 Years of Hacking, Lies, Cover up & Denial

For best results view at youtube. Complete list of page urls are at the vid in description area.

Have A Nice Day

-- Edited by budnonymous on Tuesday 8th of June 2010 01:28:59 PM

budnonymous · Top Poster

Hackers Using eBay Ruse in Malware Attack

Nothing much new to see there, but just a reminder to keep letting people know that ebay is crawling with trojans, virus and ID theft, and that it's gone uncorrected so long that it must be an inside job.
Stay away from ebay it will ruin your computer and wreck your life.

Tell people that In Real Life, where ebay's army of paid astroturfers can't censor or delete. I can see by the looks on people's faces when you tell them things that they will never be using ebay or paypal. lmao!!!

Judging from ebay's falling traffic people must be getting the message.

Oh but another thing... Those hackers seem to have been pretty quiet lately eh?
I wonder what they are up to?

muahahahahahhahahhahahahahhaahaaaaa!

budnonymous · Top Poster

'Freeware' phishing kit dupes s'kiddies

Dishonour among thieves

By John Leyden

Posted in Crime,

23rd July 2010 10:52 GMT

Skilled malware authors have duped less skilled cybercrooks into doing their dirty work with a new phishing kit.

A "freeware" phishing kit posted onto hacker forums poses as a way to set up fraudulent websites pretending to be, for example, PayPal or webmail providers. Spam emails masquerading as security checks are then distributed to hoodwink the credulous into handing over their login credentials.

The proxy hackers will record some success, potentially stealing scores of credentials before their fake sites are taken offline. However, secret backdoor functionality in the Login Spoofer 2010 phishing kit means that the vast majority of stolen credentials are sent back to the original authors of the hacking tool, not the proxy hackers who use it.

The approach allows the original authors of the phishing kit to harvest thousands of web and payment service credentials without monkeying around with spam campaigns by delegating the spade work to their unwitting minions. The "automated, cloud-based phishing kit" was developed in Algeria and features Arabic tutorials but runs in English, database security firm Imperva reports.

A blog post by Imperva, containing screenshots of the kit and its dashboard, can be found in a blog post here.

Imperva warns that the cloud-based approach taken by the scam turns takedown efforts into a game of whack-a-mole. "Unlike previous phishing kits that have been available for years, this new approach lives in the cloud and relies on hackers exploiting other hackers," is said. "And with the new cloud-based approach, the infrastructure for this phishing kit never goes away." ®

budnonymous · Top Poster

Hacking the NASA Twitter Account

by Davey Winder on Jul 24th, 2010, 7:18 am

The 48,727 followers of the NASA Astronaut account on Twitter expect to hear about updates on astronaut activity and get some personal insight from the astronauts themselves. They probably were not expecting to be bombarded by spacemen offering to sell them plasma and LCD flat-screen TVs at bargain prices however....

Uploaded with ImageShack.us

budnonymous · Top Poster

PayPal account hacked!

Uploaded with ImageShack.us

pay carefull attention, especially to parts like:

"This thread has been removed 2x in just the last 15 minutes. A regular has intimated it is my ex's fault the money is gone, even though my ex does not store passwords, nor has he accessed the account in about 2 years.

There's been 7 other accounts in our area compromised in just the last month. What say you PP supporters? Or are you just going to delete this again? I already have a letter being fired off to Ina Steiner.

Bear in mind that Paypal has openly come out with behavior which is, in every way shape and form, organized crime; Racketeering. Simple as that!

PayPal Mulls Expanded Seller Protection for a Price

Furthermore, the notion that Paypal has never been hacked is a pure LIE and FRAUD! It is a deliberately untruthful statement, contrived and executed to deceive members, shareholders and the general public and potiential members from knowing the the real dangers, continual and repeated failures of Paypal!

Here is only one striking example of Paypal being hacked. There are more, I assure you.

Read it carefully:

PayPal Security Flaw allows Identity Theft

"A security flaw in the PayPal web site is being actively exploited by fraudsters to steal credit card numbers and other personal information belonging to PayPal users. The issue was reported to Netcraft today via our anti-phishing toolbar.

The scam works quite convincingly, by tricking users into accessing a URL hosted on the genuine PayPal web site. The URL uses SSL to encrypt information transmitted to and from the site, and a valid 256-bit SSL certificate is presented to confirm that the site does indeed belong to PayPal; however, some of the content on the page has been modified by the fraudsters via a cross-site scripting technique (XSS)...."

See that part ^ about "the genuine Paypal website"? See that part about xss?

If that's not hacking, then nothing is!

But it gets better...

Not only were they hacked for 2 years, they actually LIED and tried to cover it up!

Responsible Disclosure? -? Paypal vulnerable for two years

This has been mentioned in my vids time and again, such as here and here.

So if anyone reading here posts to the thug controlled, paid shill and LIAR filled paypal forums, share those links and videos with them . I'm sure they will love it!

Here are custom tinyurls for this forum and my ebay-paypal critic video channel BTW:

http://tinyurl.com/CAPP-forum
http://preview.tinyurl.com/CAPP-forum

http://tinyurl.com/CAPP-tube
http://preview.tinyurl.com/CAPP-tube

Now. specifically to the issue of iTunes and paypal hacking...

It doesn't take a hacker. There is no trick.

It is a security hole "feature" big enough to float the Hindenburg through. It is part of the way PP is designed.

I don't feel like digging up all the links right now, but anyone can search for paypal itunes hacked and similar will see what I mean. There has been an epidemic of that lately. The reason: uncorrected failure with a PP 'feature'.

The end result is the same though: Paypal blames the victim! I should also say that to the victim, the technical details are not important, they still suffer a loss, get lied to, insulted, disrepected, even libeled by cheap, weaseling GANGSTERS and GOONS!

That is one reason why so many people are dedicated to exposing this criminal corp for what is TRULY is. Those paid schills will be the death of eb-pp just as much as Donahoe's schizo-lame-O brainstorms.

budnonymous · Top Poster

Here we are with another example:
Does anyone out there really think PP is safe?
Why don't hear these things constantly from/about other payment services?

PayPal Hacker Warning!

Funny part about this is that the schills did not even bother to respond. I wonder why not?

The very REAL possibility exists that paypal themselves are behind a great deal of this fraud. After all, they answer to NO ONE! They have the entire system rigged so that they can perpetrate, manipulate, dismiss and/or conceal every last bit of it.
ASs we can all clearly see they are getting more desperate and mal-creative with the schemes.

Uploaded with ImageShack.us

budnonymous · Top Poster

haha! This could get interesting...

psssst... it's a not so secret 'feature' of paypal. rotflmaooooo!!!
Don't wait for them to tell you.

Spokesman: Apple Not Responsible for Hacked iTunes Accounts

August 24th, 2010, 07:30 GMT| By Filip Truta

iTunes customers continue to accuse fraudulent attacks, with some reporting thousands of dollars worth of purchases made in their name.

One affected customer reportedly told Tech Crunch, "My account was charged over $4700. I called security at PayPal and was told a large number of iTunes store accounts were compromised."

According to the report, his email was filled with almost 50 receipts from PayPal, each representing a $99.99 purchase.

Searching the web by public status updates on Facebook, the site was able to uncover more people with the same problem.

One person says, "Darn... what a day! Someone hacked into my itunes account and bought a crap load of downloads and emptied out my paypal account"

read the rest...

budnonymous · Top Poster

Hmmm.. neither one are compromised, eh?

PayPal, Apple Servers Not Compromised in iTunes Hacks

There have been a number of reports in recent days about iTunes customers who have uncovered unauthorized purchases on their accounts. A Wednesday blog post from PayPal, however, said that the problems are not the result of compromised PayPal or Apple severs.

(continues with links etc.)

budnonymous · Top Poster

I see that accounts are still being taken over at ebaY. Same basic MO, except now it appears they are waiting until the last possible minute to insert the bogus itmes into legit listings by revising.

Seen quite a bit of this going on in the last couple months as well, just too busy to document it. I did note that one very vocal person, a TRS who got iphone scams injected into their listings, started complaining, and suddenly went *POOF*

lmao!!! ebay still can't handle the truth or answer any questions.

Took all of 2 minutes to find these:

5 results found forthmrew@gmail.com

Nikon D300 SLR Digital Camera Bundle 2Lens Flash 4GB

NEW Macbook Pro 13" 4GB RAM 1TB Drive MC374LL/A

Canon EOS 1D Mark III Body only 10.0 Megapixel

LOT OF 3 Macbook Pro 13" 4GB RAM 1TB Drive MC374LL/A

LOT OF 3 Apple iphone 4 Black (32GB) (Unlocked)

Today's hijacked victim/seller:

Items for sale from bettyusa (333)

The obligatory screencaps:

Uploaded with ImageShack.us

budnonymous · Top Poster

Too funny!

Another Hackers Laptop, Cell Phones Searched at Border

budnonymous · Top Poster

Kodak Gallery service being side-hacked by eBay fraudsters

17 November 2010

Fraudsters on eBay are reportedly side-hacking the Kodak Gallery service using a fake redirect technique.

According to a Netscammers researcher posting on the Networkedblogs portal, the fraudster is routing eBay users looking at potential intended purchases to pages at www.kodak-slideshows.com.

Unfortunately for the would-be purchasers of the bargain item, this site is an Australian spoof of the real Kodak Gallery site located at www.kodakgallery.com/gallery/welcome.jsp.

So far, the hack seems to be confined to the eBay sales of a Ford truck but the wily hacker appears to be planning ahead for when his fake site is closed down by emailing eBayers with a file called pictures.zip that contains an infected file executable called pictures.exe.

Infosecurity notes that, whilst the F150 truck - item number 170515682914 priced at $9,000 - was still live on the system yesterday early evening UK time, it seems to have been removed, presumably by eBay's security division.

continues...

budnonymous · Top Poster

Hilarious!
The hacker-scammers are opening up on eb with both barrels right about now!

No sooner did I upload ebaY Hacked mrs_bailey and Bogus IDs for Sale Scams and go look again, viola! Another hijacking victim: greendigits123

Uploaded with ImageShack.us

budnonymous · Top Poster

ebaY has teamed up with Kia, and the hackers have teamed up with ebaY and dch.honda.of.lemon.grove to bring you some great Holiday deals!

Uploaded with ImageShack.us

hhh

budnonymous · Top Poster

There are many more victims today...
hodgepodgegarage2 with 1275 items, of which 3 are legit

Uploaded with ImageShack.us

And can't let this one go by without a mention... peterstorm10000 Hilarious hacking victim username! roflololololololol

Uploaded with ImageShack.us

There are still more... ebaY is powerless to stop these listings from getting in and showing up right away. All they can do is play clean-up after the fact. Legit sellers could not possibly list those items with the same results, yet the hackers have zero trouble.

Clearly there are bigger problems than just 'phishing'. The site is Hacked, or they have insider's help!

budnonymous · Top Poster

Another monumental hack attack! ...

pugster888 ebaY MegaSeller Gets Hijacked - 56K+ Fake Listings

Stay tuned for more stuff. ;p

budnonymous · Top Poster

My Bank account hacked and emptied via PayPal

Uploaded with ImageShack.us

budnonymous · Top Poster

Nothing says fun for the holidays like getting hacked, cleaned out and strung along and screwed again by incompetent lackwits! A sleazebay tradition!

HACKED!

Dec 6, 2010 1:03 PM

found out that my pay pal account was hacked for 1,000.000 of dollars, contacted paypal they assured me that my account was closed even I can not access it but sure enough 1 week later another charge they sent to my bank so far 2 over draft fees apply and im told they can continue to send as long as they like..bank said it will cost another 25.00 to block payal forever, i love ebay but with most everyone only accepting paypal how am i to do business with them now? oh they shopped at an ebay store so people you also could be losing money, dont know what it does to my buyer rating..

Uploaded with ImageShack.us

budnonymous · Top Poster

I think they call it ownage. Severe ownage.

Gawker hack triggers password resets at major sites

Millions of web users are being asked to reset their passwords as concerns spread over a major hacking attack.

Yahoo, Twitter and LinkedIn have asked users to change their details, days after gossip site Gawker was hacked.

continues...

With all that's been happening, looks like someone will need to be updating their article;

New title: The 808 (million) faces of a hacker.

budnonymous · Top Poster

Couple more good indicators of ebaY-Paypal UN-safety and UN trustworthiness from their own forums:

Uploaded with ImageShack.us

psssstt... It's hacked! It has been for years! But then, when they opened up their api/dev stuff to the world... need I say more?

roflolololololol!!!

budnonymous · Top Poster

Pay Pal Security and customer service in Question

Uploaded with ImageShack.us

budnonymous · Top Poster

Well, we sure can't let this go by unnoticed and/or unmentioned.

Seems as though someone has hacked a policeman's account, with purpose and forethought. You'll have to read the entire thread to see the full extent of the comedy. But at the end, there can be no doubt that either someone inside ebay, or a hacker with the ability to pick and choose his victims at will is still out there somewhere.

It really doesn't get much funnier, or damning for ebay security than this.

It's right up there, in comedy value, with that time that NASA's twitter account got hacked and fake ebay listings placed upon it.

I bet some hacker is going to have trouble making it through the day without bursting into spontaneous laughter. Again.

Here is a first for me

Uploaded with ImageShack.us

Mr_E · Noob

Anyone who can do that can probly find out the ebay/paypal paid trolls and stalkers real names, addresses, personal details too I bet.

Now that would be funny.

budnonymous · Top Poster

Mr_E wrote:
Anyone who can do that can probly find out the ebay/paypal paid trolls and stalkers real names, addresses, personal details too I bet.
Now that would be funny.

Makes you wonder, eh? Their names etc would have been plastered from here to Bleepistan and back don't you think?

It's insiders or at least a co-parasitic symbiosis. It has to be. My vids and blogs are peppered with comments from hacking victims whom all said ebay tried to strongarm them into paying bills they knew were fraudulent. Some even had collections agencies after them in less than 30 days, which is unlawful.

The hackers can scam as many folks as they want. ebay protects them and then cleans up the evidence by making the fake listings and any forum posts, criticisms, etc go poof, then with invoices the rubes, and blames them for it, by accusing them of giving away their passwords etc.

To keep everyone conditioned to clicking links within emails, they constantly send emails with links.

budnonymous · Top Poster

eBay briefly levies $420,968 in fees and more Signet Financial complaints

Published: Saturday, April 16, 2011, 7:30 AM

On Friday, Dale LaFollette watched the monthly bill for his eBay store drop from $420,968 to $1,000.

That's a good Friday.

The West Linn man's bill had skyrocketed earlier this month after his eBay account got hijacked.

Unfortunately, that's become quite common for many folks who've watched their e-mail inboxes fill up with offers from retailers and other, much less desirable sources. Or from concerned friends and family in the case of the scam in which fraudsters try to milk folks on email contact lists for cash with stories of Help me I'm sick and stranded in another country.

As The Desk has noted before, it's a good idea to change your user name and passwords often and keep them complicated -- patterns of letters, numbers and symbols, when possible, to keep hackers guessing.

In LaFollette's case, someone had acquired his user name and password, logged on to his eBay store and listed several Apple iPads, iPhones and some soccer tickets to Wembley Stadium in North London for sale. That's annoying enough, especially people started buying.

LaFollette, a high-rated seller who typically peddles vintage auto racing memorabilia, got nervous as the money started coming into his PayPal account. He tried to warn buyers, but shoppers weren't reading the full descriptions of items and were clicking "Buy it Now." He called eBay and company reps said they'd help and promised to call back within two hours.

By hour three, LaFollette decided to take action. He changed the price of one of the last remaining iPads from $500 to $50 million.

"But eBay kicked that back and told me the maximum that something could be listed was $21 million," he said, "so I thought, 'OK, $21 million it is.'"

Then, to his horror the item clicked over to "sold."

Looking back, LaFollette figures that the buyer -- some equally horrified soul in Kokomo, Ind. -- must have been looking at the screen before LaFollette changed the price. Without refreshing his computer screen, the shoppers must have then clicked "buy," only to see the total sale pop up as $21 million after the fact.

EBay eventually followed up and issued refunds to all the buyers, but as of Thursday, La Follette's account still listed the $420,968 in fees that eBay would normally assess to a seller with a $21 million transaction.

"The only victim here is me and I am afraid," he wrote in an e-mail to The Desk, "I am very afraid!"

Luckily, as LaFollette checked his account on Friday, eBay had readjusted the total and he was back to a more typical -- and more palatable -- amount.

...continues...

budnonymous · Top Poster

In case anyone was wondering, YES ebay and paypal are both still hacked, cracked and zombied.

This is almost too funny for words! Another paypal cheerleader hacked!

Un Auth use, PP reverses in 38 minutes, Love you Paypal

Uploaded with ImageShack.us

Also this from the seller central forum:

ATTENTION SELLERS HACKED

Uploaded with ImageShack.us

Does it seem like ebay and paypal are really safe to use?

budnonymous · Top Poster

Sega Game Linked to Theft From iTunes Accounts

Another wrinkle in the story...

^ itunes/paypal account hacking still out of control. Smart people will stay miles away from either service, as neither on will admit any accountability, or even address the issues, other than staunch denials.

budnonymous · Top Poster

Ebay Redirect Flaw Lives On

Not surprisingly, the cross scripting,xss, and/or flash manipulation scam is alive and well on ebay, this time documented by a casual observer.

Still hacked, cracked and zombified!

Read the rest, watch the short vid at link. ^

budnonymous · Top Poster

A couple thread topics at the shill infested ebay forums show that paypal/ebay seems to have had more leaks. Phishing emails which are addressed to the person's real name, along with ambiguous replies from PayPal's crack security or customer service crew.

E-mail from PayPal - Real?

Uploaded with ImageShack.us

You may notice the commenter above states he also received them despite NOT having a PP account. That's because ebay and Paypal are connected together, regardless of what they may claim. That simple fact has been demonstrated more than once

Is the "Update Your Browser" Email from PayPal Legit?

Uploaded with ImageShack.usAgain, does ebaY-Paypal seem like a safe and trustworthy platform, especially in light of all the other sites which don't have all these issues?