Feeds

Vuln exposes eBay developer accounts

Password changes ordered

Secure remote control for conventional and virtual desktops

eBay security officials are requiring members of its developer program to change their passwords following the discovery of a vulnerability that could allow attackers to intercept sensitive account details.

"eBay has recently identified a means by which someone could gain access to eBay Developers Program account information," Kumar Kandaswamy, manager of the eBay Developers Program, wrote in an advisory posted on the auctioneer's website. "Out of an abundance of caution and to help ensure the security of the eBay Developers Program, we are requiring that all developers" change their passwords.

The vulnerability doesn't allow attackers to capture financial data such as credit card numbers and so far there are no known exploits targeting it. Kandaswamy didn't elaborate on on the weakness.

Over a several-month span in 2007, a hacker who called himself Vladuz was able to penetrate some eBay defenses and gain unauthorized access to parts of its network reserved for employees. The online miscreant, who was fond of bragging about his exploits on eBay chat boards, was later arrested in Romania, where he is believed to have resided.

eBay's developer program helps developers use its API to write applications for the site. The site recently imposed stricter standards on members when creating passwords. Just last week, security guru Bruce Schneier issued this refresher on the secure creation of passwords. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Webcam hacker pervs in MASS HOME INVASION
You thought you were all alone? Nope – change your password, says ICO
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Mitigating web security risk with SSL certificates
Web-based systems are essential tools for running business processes and delivering services to customers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.