[10313] in bugtraq
Re: eBay password stealing with JavaScript
daemon@ATHENA.MIT.EDU (Paul Festa)
Thu Apr 22 13:27:30 1999
Date: Wed, 21 Apr 1999 17:45:47 -0700
Reply-To: Paul Festa <paulf@CNET.COM>
From: Paul Festa <paulf@CNET.COM>
X-To: "Michael K. Sanders" <msanders@CONFUSION.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199904210230.UAA79377@shell.aros.net>
They say they won't:
http://www.news.com/News/Item/0,4,35321,00.html
>>>eBay acknowledged that the JavaScript exploit works, but minimized its
importance.
"We know it's there, but you have to put it all in perspective," said eBay
spokesman Kevin Pursglove. "We have a very open environment that lets
individuals describe what they're selling, and JavaScript is there so
people can make the best of their abilities to describe an item."<<<
At 08:30 PM 4/20/99 -0600, Michael K. Sanders wrote:
>Since 'e-commerce' was discussed recently and I didn't find this in
>the archives, may I direct your attention to:
>
><URL:http://because-we-can.com/ebayla/default.htm>
>
>It will be interesting if eBay tries to 'filter' JavaScript from their
>listings to fix this.
>
>
Paul Festa
reporter, CNET News.com
(415) 395-7805 ext. 1313
www.news.com
"Silicon Valley's leading source of up-to-the-minute
information about the technology business." --New York Times
www.cnet.com
"A thing called CNET, which is an industry thing." --Bill Gates
