>From the jag list
All
The following might be of interest to eBay users - it originated on
Forbes Magazine and came to me from Mike Careatti of Entresoft
Services, sorry if you've already seen it:
"eBay's online auction service has been getting a lot of attention
lately, but that attention turned detrimental March 13. On that day,
a hacker demonstrated to a Forbes Magazine reporter that he had
broken into eBay's network. The hacker also professed to owning the
network.
"The hacker community uses the term "own" to insinuate that a hacker
can regain access to a computer or network at will. According to the
Forbes report, the hacker proved that claim by logging into a system
and temporarily modifying the home page. The hacker left the changes
in place for a short period and then returned the site to normal.
"Apparently, the hacker used a commonly known buffer overflow exploit
to gain root access to a FreeBSD-based server. Buffer overflows are
a result of poor coding practices.
"With root access (the equivalent to Administrator access on Windows
NT), the hacker modified the eBay system's secure shell software that
eBay's administrators use for remote administration, so that the
system
logged usernames, passwords, and all keystrokes to a file where the
hacker could readily glean that information for further use.
"Thousands of users visit eBay to bid on items and pay for those
items using their credit cards. Whether the hackers stole users'
credit card information is not known."
|