eBay

pierrelebel · ‎05-26-2014

Behind the Breach Part 1: Handling the Aftermath - All Hands on Deck

Online sellers are left with many questions about the attack that
exposed eBay user information. Security expert Zulfikar Ramzan
has worked with companies that have gone through this exact
situation and provides in-depth information about what such a
hack means for eBay and its buyers and sellers.

http://www.ecommercebytes.com/cab/abn/y14/m05/i26/s01

Behind the Breach Part 2: Storing Sensitive Data

In part 2 of EcommerceBytes' interview with Security expert
Zulfikar Ramzan about eBay's security breach, he discusses how
companies store sensitive information such as physical addresses
and birth dates and talks about the role of the FBI in this type
of investigation.

http://www.ecommercebytes.com/cab/abn/y14/m05/i26/s02

pierrelebel · ‎05-26-2014

3 - eBay Communicates with Third-Party Selling Tools after Hacking Incident

eBay has reached out to third-party developers after the
well-publicized security breach in which criminals accessed
eBay's user database.

http://www.ecommercebytes.com/cab/abn/y14/m05/i26/s03

4 - eBay to Overhaul Community Discussion Boards - Again

eBay will overhaul its user discussion boards yet again.
Beginning in June, eBay will begin migrating existing boards into
a new structure with fewer sections. eBay had revamped the boards
last summer when it changed service providers.

http://www.ecommercebytes.com/cab/abn/y14/m05/i26/s04

5 - Brian Burke to Replace Rich Matsuura as Director Global Seller Trust

Brian Burke will replace Rich Matsuura as eBay's Director of
Global Seller Trust. Matsuura left eBay at the beginning of the
month and is close to signing on as CEO of a startup organization.

http://www.ecommercebytes.com/cab/abn/y14/m05/i26/s05

rose-dee · ‎05-26-2014

@pierrelebel wrote:
In part 2 of EcommerceBytes' interview with Security expert
Zulfikar Ramzan about eBay's security breach, he discusses how
companies store sensitive information such as physical addresses
and birth dates and talks about the role of the FBI in this type
of investigation.

http://www.ecommercebytes.com/cab/abn/y14/m05/i26/s02

I found his discussion on passwords, etc. particularly interesting and accessible from a layperson's point of view, although not terribly comforting!

This comment was especially remarkable:

"So, if I encrypt data, I need to make sure the key is not readily accessible to the attacker, otherwise the benefits of encryption are quickly nullified. At the same time, the key needs to be accessible to people who legitimately should be allowed to access the data. And so being able to manage these keys can quickly become unwieldy."

It seems to me this would be the core problem faced by every large internet entity these days, whether private or public (government) -- recall the CRA fiasco not long ago, among others.

What a complicated and risky world we've created online. The day will probably come very soon where nobody can really guarantee the security of personal data.

recped · ‎05-26-2014

@rose-dee wrote:

What a complicated and risky world we've created online. The day will probably come very soon where nobody can really guarantee the security of personal data.

That day came about 20 years ago!

"What else could I do? I had no trade so I became a peddler" - Lazarus Greenberg 1915
- answering Trolls is voluntary, my policy is not to participate.

mr.elmwood · ‎05-26-2014

@recped wrote:
@rose-dee wrote:

What a complicated and risky world we've created online. The day will probably come very soon where nobody can really guarantee the security of personal data.
That day came about 20 years ago!

It has never existed. We are simply more aware of it now.

Ah, the old days when it was safer. Really? Remember the "war amps key tags" that had the license plate number on them? Those would get stolen, thief goes to DMV, asks the address for that plate number, and it was handed over, car was then stolen. That was 30 years ago.

.
.
.

cumos55 · ‎05-27-2014

Each of us gets an email from eBay telling us..

Congratulations, your item sold.

and there it is...

Buyers eBay ID, full address, email address

None of this information has been "encrypted...

This is my record of the sale.... and then we get the same information from Paypal

The only thing missing is the password in emails from eBay and from Paypal

We keep a record of the sale with all of this information..... and then somewhere down the road we dispose of the record....

Straight into the garbage... or shredded.

Even with shredding there are ways... using scanning a computer to piece everything back together again...

The reality is that everything except passwords is available.. not encrypted ... in emails, and freely available for anyone to catch on the internet...

Perhaps this is why eBay separates this information from everything else.....NO Password...No banking information.

The information we see in emails is information freely available on the internet... sometimes for a price... but still readily available... if one knows where to look.

Search out your next buyer... and see how easy it is once you know the procedure...

Changing our password closes the front door...

However, it is the hackers that find the back door and that is how they sneak in... grab what they want and leave....

and then... who finds out they were there.

The people that know how to track hackers... most likely started out as hackers themselves..

The question then becomes who is watching who doing their day-to-day business.

cumos55 · ‎05-27-2014

I have two computers...

One is wide open to the internet... receiving all of my emails...

There is all kinds of background garbage on this one computer.....Clean it out and it is back there once again...

We is there watching me..

Who knows I sell on eBay... which bank i deal with... my Paypal information and so forth...

and... Who is waiting there for me to make a mistake... and somehow get that supposedly encrypted information....

My second computer is not connected to the internet...... and that computer is "very, very clean"... no garbage... even though it was linked to the first computer....

We are all being watched..... whether... BIG brother, or come little monster.....

Nothing is hidden, except for the encrypted data....

and then come the hackers... and then....the people who phish for information... those phishing emails....

The front door is closed... but who is watching the back door?

Always vigilant...

cumos55 · ‎05-27-2014

Is social networking... such as Facebook..... a back door to your information.

Too much exposure on the internet could mean that someone can find your personal backdoor, quite easy....

If you know who I am, and know how to do the right search on the internet..... you can find out who I was... before eBay

However, today....one has to look very hard to find out that I sell on eBay......

(1) communicating with buyers....emails with buyers are not encrypted.... as are emails form eBay and Papal

(2) on eBay... Password protected

(3) on Paypal... Password protected....

(4) Bank accounts... password protected.

(5) Credit card accounts ... password protected.

Do our cable providers have a record of our emails? short term perhaps... but not necessarily long-term

but then .... They do have a record of our internet searches... just ask the police.... tracking "bad boys"

How safe is the internet.?....

10, 15, 20 years ago there was very little tracking of what each of us does on the internet..

while today... our day-to-day activity is there for everyone to find... if they are looking....

and... they are looking.

cumos55 · ‎05-27-2014

When eBay was hacked the information retrieved by the hacker, was much of the very same information we get when someone buys from a seller..

specifically... name, email address, physical address, telephone number ,

Hacker also got an encrypted password, and the date of birth.

nothing indicated about the eBay ID... However, one must conclude it is somewhere in all that data on eBay.

BUT... NO... financial information or other confidential personal information.

So changing the Password.... means the hacker cannot access any of the information ... ON... eBay.

The information that the hacker retrieved is the same as a seller or buyer gets from eBay... except for the password and date of birth....

Change the password and all of the information for that password and on eBay is again protected.. It would appear to be so...

eBay has focused on the password....

and if more changes are needed... then eBay will work on that... no more hackers...

One has to wonder what would happen to accounts where the password has not been changed?

Will they isolated to a specific corner of eBay... or.....

cumos55 · ‎05-27-2014

Behind the Breach Part 3: How Safe Are Other Online Marketplaces?

http://www.ecommercebytes.com/cab/abn/y14/m05/i27/s02

rose-dee · ‎05-28-2014

@cumos55 wrote:
Behind the Breach Part 3: How Safe Are Other Online Marketplaces?

http://www.ecommercebytes.com/cab/abn/y14/m05/i27/s02

That article was very enlightening. I found the "bug bounty" concept interesting!

pierrelebel · ‎05-28-2014

It will be interesting to see how eBay staffers in Toronto handle questions and comments on the subject today:

http://community.ebay.ca/t5/Weekly-Board-Hour-Session/May-28th-2014-Weekly-Board-Hour/m-p/238354#U23...

pierrelebel · ‎05-28-2014

Today's session was quiet.

Members who had a question or an opinion to express about the password fiasco decided to be quiet.

Life is full of surprises.

pjcdn2005 · ‎05-28-2014

The session was already over when I signed into the message boards. I've heard that a lot of people have had difficulty changing their passwords. Although I realize the site was probably flooded with those requests I would have liked to comment on that. I can easily see how someone would get frustrated and just give up.