Members Login
Username 
 
Password 
    Remember Me  
CAPP -> CAPP -> Where's Vladuz? Wouldn't Ebay Inc like to Know!
Post Info TOPIC: Where's Vladuz? Wouldn't Ebay Inc like to Know!
budnonymous


Top Poster

Status: Offline
Posts: 3757
Date:
Where's Vladuz? Wouldn't Ebay Inc like to Know!
Permalink  

Where's Vladuz? Wouldn't Ebay Inc like to Know!

The now legendary Romanian Hacker known as Vladuz hasn't been seen on any of the eBay Inc auction sites lately, however, it is interesting to note that, although his eBayCaptcha program was removed from the Mozilla FireFox plugins pages (at eBay's request?), it is now back online and available for download with a note added by Vladuz reading:

Some users (those who are unable to read pure open source code) are concerned about the security threats you might be exposing yourself by downloading this add-on.

A quick Google for 'Vladuz' will quickly reveal how he apparently got inside various staff systems at eBay and was able to post screenshots online. He later appeared in several eBay forums usinh the pink stripe reserved for staff members!

The updated page at Mozilla.org also carries a statement from Mike Shaver, Director of Ecosystem Development for Mozilla saying:

We have reviewed the add-on in question, and do not believe that it poses a risk to the user's security, as it doesn't transmit any data other than the "captcha token" to the service's web site. (Captchas are not a security measure that is meant to affect human users at a browser, so the process by which the form entry is filled should not affect the site's security - this add-on is roughly equivalent to asking someone to come to your computer and tell you what the captcha image says. The existence of this add-on does not affect whether the captcha system is subject to mechanical decoding, it simply seems to take advantage of the fact that this specific system is in order to simplify the login process for users of the site.) Ultimately, the user is in control of their browser and web experience, and the choice to streamline a login process is left in their hands. We caution all users to be careful when installing software, whether from our site or any other, of course.

Potential users will note that the registration process for the program has been removed. I've not tried the add-on but will you?

A lengthy and detailed discussion about the Vladuz V eBay affair is to be found here.

__________________

Exposing the sleazery of ebaY and PayPal

 
budnonymous


Top Poster

Status: Offline
Posts: 3757
Date:
Permalink  

This will make for good blog-fodder

Now why in the world would a villian post PROOF of CONCEPT of the insecurity of ebay sign -in proccess, with an open source, MILLIONS odf eyes on it...then sign his name to all the hacked auctions? Go read the whole thing, everyone, start back at the beginning.

Developer Comments

This is only a proof of concept of how insecure eBay's captcha is.

Sounds to me like some one who wanted to prove a point, not rip-off the world. Sounds like he had something very important to say, but someone did not want him to say it...

Why was the CNN interview canned?

A clear picture is emerging about just who are the villians, and who are the victims, who is the real miscreant, and who is the really misunderstood.


HRRRRRRRMMMMMMPPPPPPHHHHH!!!




__________________

Exposing the sleazery of ebaY and PayPal

 
budnonymous


Top Poster

Status: Offline
Posts: 3757
Date:
Permalink  

Oh yeah, note the date of the update.

"Version 1.2 April 1, 2007 5 KB"

Who says he doesn't have a sense of humour?



__________________

Exposing the sleazery of ebaY and PayPal

 
budnonymous


Top Poster

Status: Offline
Posts: 3757
Date:
Permalink  

Looks like Vladuz is back on the air in one respect. His extension homepage is back up!

eBayCaptcha Populator 1.2

http://www.captcha-populator.com/

Go there, to both spots, and read around a bit. Read all of it. Every link. It is not much.

Then,  realize that it is not the extension which is dangerous, it is ebaY's borked website, and ebay's borked policies and practices.

It is not Vladuz that is the miscreant, nor the villan of this story.

Quite the opposite, it is beginning to look like, IMHO





__________________

Exposing the sleazery of ebaY and PayPal

 
Page 1 of 1  sorted by
 
Quick Reply

Please log in to post quick replies.
CAPP -> CAPP -> Where's Vladuz? Wouldn't Ebay Inc like to Know!
Tweet this page Post to Digg Post to Del.icio.us


Create your own FREE Forum
Report Abuse 		Powered by ActiveBoard