University Student Discovers A Second Ebay Security Flaw

College Student Discovers a Second Ebay Security Flaw

Just a few days after discovering a flaw that compromised millions of user accounts, a 19-year-old British university student found another flaw on ebay's website. It's not as bad as the one that forced pretty much everybody to change their ebay passwords. But it's not good either.

The second vulnerability affects the way that ebay handles code from other sites, say, the Javascript that makes that auction listing look so pretty. Said teenager, Jordan Lee Jones, says that a flaw could let a hacker inject a page with malicious code that would steal a user's cookies. That, in turn, gives the hacker the opportunity to hijack the account.

Jones apparently contacted ebay on Friday about this second flaw, but when he still hadn't heard back from them he went ahead and published details on his blog on Monday. "Ebay should be on top of their stuff," he told PC World soon thereafter. At the very least, Ebay should pay attention to the white hat hackers who are trying to help them.

If you're wondering what you can do about this new flaw, the answer is unfortunately: not much. It's on ebay to fix the vulnerability in its new code, and as long as you changed your password last week, you should be OK. On a related note, a new statistic just revealed by security researchers says that about 50 per cent of Americans have been hacked in the last 12 months. So get used to it. [PC World]

Trending Stories Right Now