This week Auctionbytes were given a live demonstration on how phishers can capture eBay user names and passwords.
Falle-Internet.de explained that viewing an auction containing certain code could capture your personal information from eBay, and clicking links could also capture your eBay password.
In the UK all but the most basic types of aff_link("https://pages.ebay.co.uk/help/policies/listing-javascript.html","HTML or Javascript are banned","","UK"); ?> for all users. Germany however has different rules allowing experienced sellers to aff_link("https://pages.ebay.de/help/policies/listing-javascript.html","use more sophisticated code","","DE"); ?> in their auctions. eBay UK told us each eBay country site have discretion on “how to run their business to suit their marketplace” and this includes whether to allow javascript in auctions. In the UK it is not possible to use the offending code, so all UK auctions are safe to view.
Viewing an auction listed on eBay Germany even though you are logged into eBay.co.uk could still allow the malicious code to execute, the only safe way to view these auctions is to block scripts from running in your browser.
Our recommendation for all sellers would be to use a seperate eBay account for buying. If you’re browsing auctions especially from Germany make sure that you’re logged out of your main selling account. That way, if you’re unfortunate enough to have an account hacked, at least it won’t impact your income.
2 Responses
No Problem. It won’t affect me and the millions of eBayers that use FireFox and the NoScript extension to disable eBay’s bloated javascript functions. Anyway the eBay sites all respond faster when you have javascript disabled.
I think the reverse is correct: millions of ebay users DONT block java and flash !
But who cares….in the end ebay is all about transferring the wealth from the rich countries to the poor.
at least to russia, romania and nigeria….