eBay reports to not fix known flaw
-
Yep, another click bait title.
http://www.zdnet.com/article/simple-ebay-security-flaw-exposes-users-to-phishing-campaigns/
Security researchers informed eBay of a javascript exploit that they discovered could allow visitors to their site to create malicious auction pages that could exploit other visitors. After 30 days eBay reportedly said they were not going to fix the problem.
-
....Eh?
"EBay has patched a severe XSS security vulnerability which exposed potentially millions of users to phishing campaigns and subsequent data theft."
Do not understand, the article says they have patched it.
-
@Breffni-Potter said:
....Eh?
"EBay has patched a severe XSS security vulnerability which exposed potentially millions of users to phishing campaigns and subsequent data theft."
Do not understand, the article says they have patched it.
Sure it's fixed now, after -
Despite being informed of the bug privately, the online auction trading site allegedly left a critical XSS flaw open to abuse on the ebay.com domain, and only rallied to fix the issue after the media caught wind of the flaw.
They weren't going to fix it until public announcement embarrassed them to do so.
