«
»

Just how cunning is eBay?

As Jason points out this morning (and Wayne pointed out in his web-free link feed a couple of days ago), eBay has an open redirect, at

http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=RedirectToDomain&DomainUrl=

Yes, that means that phishers can have their “login in and change your password” link start with cgi4.ebay.com, and capture those people who wouldn’t click a link that starts with a numeric IP address, or with something not-quite-right like ebaysecuritylogin.com, but would click a link that ends with it, and ends up at it, but… wouldn’t you guess that eBayISAPI.dll also does a tiny bit of logging, and pays particular attention to things without a referer, and with suspicious URLs? “Oh, no, B’rer Phisher, please don’t use my redirect URL!”

This entry was posted on Wednesday, February 23rd, 2005 at 8:42 am and is filed under random linkage. You can follow any responses to this entry through the post feed. You can skip to the end and leave a response. Pinging is currently not allowed.

3 Comments

 
Comment by Frankie Roberto #
2005-02-27 12:03:50

…the BBC has (at least) one too:

http://www.bbc.co.uk/go/dragonsden/ext/ide1/-/http://www.frankieroberto.com/weblog/

Reply to this comment
Comment by Phil Ringnalda #
2005-02-27 12:22:19