Bugtraq mailing list archives
Re: BUGTRAQ Digest - 18 Feb 2000 to 21 Feb 2000 (#2000-41)
From: rfromm () CS BERKELEY EDU (Richard Fromm)
Date: Tue, 22 Feb 2000 10:56:32 -0800
From: Andrew Bennett <abennett () CRUZIO COM> Subject: Re: ebay sends passwords in the clear MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed At 11:03 AM 2/16/00 -0800, rfromm@cs.berkeley.eduwrote:I've been trying to get ebay to do something about this for a month and a half, to no avail. See http://avocado.dhs.org/ebpd/ for details, including an ebay password sniffer.I noticed that ebay has a link on their Sign In feature page to sign in via SSL. It's not the most obvious link. An easy way to get there: - when prompted for your id/password, below the box, click the Sign In link - when prompted again for your id/password, below the box, click the 'here' link
That's great! They didn't have it when I posted ebpd. So at least it looks like I got something accomplished. It's certainly not an easy thing to find, though. Just one example of how their site could use a bit of redesign. So most people are still likely to not use it. My guess is that they're probably purposefully not publicizing it much at first, so that they can try it out, get it debugged, measure the effect on the load on the server, etc. under only limited use. - Rich
Current thread:
- Re: BUGTRAQ Digest - 18 Feb 2000 to 21 Feb 2000 (#2000-41) Richard Fromm (Feb 22)