black hat

Archived Posts from this Category

July 12, 2011

ebaY Critic ebaymotorssucks.com Site Hit with DdoS Attack

Posted by G under black hat, criticism, DdoS, hacking, paypal | Tags: , , , , |
[4] Comments 

It seems that longtime ebaY critic site ebaymotorssucks.com came under a crippling Denial of Service Attack yesterday.

At some point, Doc, the Admin or the host, must have pulled the plug, as I saw only the free parking page. It’s back online now and soon to be restored fully.

For those not familiar with ebaymotorssucks.com, it’s probably one of the oldest ebaY critic sites on the web, and most likely the #1 such site. He’s exposed many bad things about ebaY, ebaY motors, and helped untold numbers of would-be victims from being scammed. In fact, he, and his site(s) have likely prevented fraud and scams more than ebay’s lack-whit customer service dept, which is notorious for giving bad advice.

That may be because Doc focuses on warning and educating the victims or would-be victims, not profits.

Ebay/Paypal has proven time and time again that they do NOT CARE about YOU! You are nothing more than dollar signs ringing up in their otherwise blank stare. Sadly, a true fact that thousands of ebaY and Paypal victims find out every single day.

I guess the only question is who would want a site like that down?
(Need I state the obvious here?)

Let’s put it this way, I do not feel or believe that Anonymous or any of that phylum is behind  the attack.

Does it seem like ebay /paypal could have played a part in or been behind the DdoS attack upon ebaymotorssucks.com?

One way to determine present or future behavior is to look at past behavior…

It’s no secret that ebaY uses dirty tricks, astroturfers, and has an alleged “Black Budget” department.

They’ve been caught using corporate shills, even from the highest levels of management time and again, as well as using very unscrupulous tactics to attempt to coerce the media.

Their forum moderation outfit’s publicly stated policy to to deliberately NOT disclose that they are being paid to “steer” and ‘seed’ the conversations on ebay’s community forums and elsewhere.

We’ve even seen what appears to me to be some scandalous activity surrounding Vandalism of wikipedia by ebay employees, and donations to the parent corp, wikimedia.

Ah yes, then there was some recent conflict at Doc’s site with an ebaY corporate shill…

Hmmm… I can’t help but wonder if these events aren’t related?

Did I mention that such behavior, ei; the use of undisclosed paid word of mouth endorsers is against FTC regs?

I don’t feel that there is much question that ebaY certainly lacks the ethics, and is well capable of using any number of assorted dirty tricks.

That’s one reason why I’ll be doing everything in my power to expose ebaY for the sleaze trap that it is, and to persuade others to close their accounts and join in the fight.

The other reason is for the LULz.  It’s pure comedy watching these snakes at ebay spin and squirm. haha!

All you who wish to join me can start by always mentioning ebaY in a bad light where ever possible, including real life, where ebaY’s undercover paid liars and  trolls are not present.

There’s no shortage of factual, negative things to say to convince folks to never use ebaY or Paypal, and/or close their accounts. eg; virus, ID theft, stolen goods, glitches, lack of any real customer service. 3 hr wait times to get to a non-English speaking rep, and of course, hacked accounts and bogus invoices.

JMO, I think the 11+ year ID theft allowing, uncorrected critical safety xss flaw really is the one which nearly guarantees that whomever you tell, won’t be going to the ebay site. Bear in mind that all one needs to do is simply land on the wrong page at ebaY and BAM! ~ You are owned. pOwn3d!

Usually, the most casual or subtle mentions at the right time and place are all that’s required.

Remember, word-of-mouth built ebaY and the same can take it down too.

I see that ebaymotorssucks.com is now back up fully at http://www.ebaywarehouse.us.
The post “Are ebaY’s ears ringing” has also been restored.

I bet Doc is even re-motivated to start back into hardcore ebaY criticism and exposure.

I’d like to say thanks to sleazebaY for re-invigorating us both.

 

December 6, 2010

Obama defends Wikileaks and opposes internet censorship (not)

Posted by G under black hat, Boycott, censorship, cover-up, Crime, First Amendment, Free Speech, paypal, Politics, Uncategorized | Tags: , , , , , , , , , , , |
Leave a Comment 

This wikileaks situation is moving very fast and spiraling out of control.

There is everything from calls for assassination to mentions of arrest warrants and negotiated surrender/interviews by Police in the UK for Mr. Assange.

Internet group Anonymous has joined the cause,  launching Ddos attacks on paypal blog in retaliation for the closure of the wikileaks donations account. Also upon the Swiss Bank, Post Finance website which froze wikileaks funds. There appears to have been some counter-Ddos attacks on the AnonOps site also.

There are widespread calls for Boycotts of PayPal, ebaY and Amazon as well.

Of course, some of these issues are somewhat small compared to the big picture: The contents of the cables; and gawd only knows what results that info leaking may produce… Not to mention the free speech issues at stake.

We are looking at history in the making. This is war. Infowar

This video which I found seems telling despite the uploaders sarcasm.

(upload date 12-06-2010)

“I believe the more freely information flows, the stronger the society becomes, because then citizens of countries around the world, can hold their own governments accountable, they can begin to think for themselves. I can tell you that in the United States, the fact that we have free internet — or unrestricted internet access is a source of strength, and I think should be encouraged.”

He went on to add (not), “That’s why I defend Wikileaks‘ right to publish documents which my government wants to keep secret so it can avoid being held accountable for all the lies and corruption.”

 

September 28, 2010

Two XSS Vulnerabilities Found on PayPal Websites

Posted by G under black hat, compromised accounts, hack, Online Safety, paypal, phishing, scams, Trust, vulnerablity, xss | Tags: , , , , , , , , , , , , , |
Leave a Comment 

Yet more cross scripting flaws discovered on PayPal site(s)…

From Softpedia, via xssed.com

Two security researchers have independently identified cross-site scripting vulnerabilities in PayPal’s mobile and sandbox websites over the weekend, which could have been exploited in phishing attacks.

The XSS weakness on the registration.sandbox.paypal.com website was discovered by a member of the Romanian Security Team (RST) outfit, who goes by the online nickname of Nemessis.

article continues…

One vulnerability is confirmed fixed.

Please take note who is researching and reporting, Romanian bashers…

This reminds me of another incident which happened a while back. Also, If you haven’t been paying attention, it’s been reported that several smartphones are vulnerable to MITM attacks

 

September 23, 2010

Romanian detained over a $3 million cyber fraud against eBay Inc.

Posted by G under black hat, comedy, database, ebay, ebay hacked, ebayfail, fail, hack, Online Safety, phishing, Trust, user's data leaks, vulnerablity | Tags: , , , , , , , , , , , |
1 Comment 

Romanian Detained Over eBay Cyber Fraud

Romanian detained over a $3 million cyber fraud against eBay Inc.

Very interesting article from abc news:

Romanian authorities have detained a man suspected of committing cyber fraud worth $3 million against the company eBay Inc.

Organized crime prosecutors say Liviu Mihail Concioiu is being investigated for “phishing” attacks against 3,000 of eBay Inc. employees.

They said Thursday that Concioiu allegedly stole the employees’ IDs and passwords in 2009 and accessed company files, including an application with the data base of eBay clients and their transactions. Concioiu then used “phishing” sites to access the accounts of about 1,200 eBay users.

It would appear the ebay database has been hacked, cracked, and zombied AGAIN.

(or is that still?)

Also notice how the term ‘phishing’ is constantly used.  ebaY doesn’t like the “H” word it seems. But “phishing” alone does not get you access to the files and data described. We call that “HACKING

rotflmao! Who could imagine?

It also tells us that ebay employees must not be too savvy if they are falling for whatever tricks are being used to gain the logins etc.

No mention of any response from ebay.

With IT’s long and repeated history of such events, you should ask yourself whether you trust this unsafe outfit with your personal and financial data?

 

June 2, 2010

Falle-Internet Reports Malware Was Spread through eBay Hijacking

Posted by G under black hat, Boycott, compromised accounts, cover-up, Crime, database, ebay, ebay hacked, ebayfail, greedbay, hack, ID theft, irresponsible disclosure, malware, Online Safety, trojan, user's data leaks, vulnerablity, xss, youtube | Tags: , , , , , , , , , , |
[2] Comments 

Who could imagine?

The long uncorrected xss flaw rears it’s ugly head again!

Auctionbytes reporting that falle-internet.de has again discovered listings with the malicious coding, this time with a virus twist.

The most important and telling quote of the article:

“They used javascript and java to address a known vulnerability; user’s computers were affected by just viewing the respective listings,”

See that part about “…just viewing the respective listings…” ?

That is one of the main reasons I advocate avoiding ebaY at all costs. Another is that they BLAME the USER for their own failures! Furthermore, they refuse to correct the flaw! Make no mistake, ebaY is a dangerous, untrustworthy, and dishonest website. Of that there is proof beyond the slightest shadow of a doubt!

ebaY is HACKED! Yes! ebaY is still HACKED!!!

Here is the report, with screencapture images, in English at falle-internet

My research indicates this issue has been onging at ebaY for about 10 full years now. Perhaps not under the same name, but indeed cross-scripting has been exploited on ebaY since before it even had that name. Ebay has been aware of the issue for that long also.  Since looooong before the US-CERT warning was posted. Bear in mind there are many variants of this exploit possible to use. It’s been used also for the redirects, and for cookie-stealing etc. The possibilities are only limited by the hacker’s imagination and ebay’s steadfast refusal to secure it’s festered site

I’ll be posting another video demonstrating the +/- 10 year longevity of the xss flaw on ebaY before long at the Cappnonymous channel

 

March 24, 2010

Law Enforcement Appliance Subverts SSL

Posted by G under black hat, Crime, ID theft, Online Safety, Trust, user's data leaks, vulnerablity | Tags: , , , , , |
Leave a Comment 

We don't need no stinking badges! LOL!

This is scary stuff while simultaneously a bit amusing.

“That little lock on your browser window indicating you are communicating securely with your bank or e-mail account may not always mean what you think its means.

Normally when a user visits a secure website, such as Bank of America, Gmail, PayPal or eBay, the browser examines the website’s certificate to verify its authenticity.

At a recent wiretapping convention however, security researcher Chris Soghoian discovered that a small company was marketing internet spying boxes to the feds designed to intercept those communications, without breaking the encryption, by using forged security certificates, instead of the real ones that websites use to verify secure connections. To use the appliance, the government would need to acquire a forged certificate  from any one of more than 100 trusted Certificate Authorities.

The attack is a classic man-in-the-middle attack, where Alice thinks she is talking directly to Bob, but instead Mallory found a way to get in the middle and pass the messages back and forth without Alice or Bob knowing she was there.

The existence of a marketed product indicates the vulnerability is likely being exploited by more than just information-hungry governments, according to leading encryption expert Matt Blaze, a computer science professor at University of Pennsylvania.”

“If company is selling this to law enforcement and the intelligence community, it is not that large a leap to conclude that other, more malicious people have worked out the details of how to exploit this,” Blaze said.

The company in question is known as Packet Forensics, which advertised its new Man-In-The-Middle capabilities in a brochure handed out at the Intelligent Support Systems (ISS) conference, a Washington DC wiretapping convention that typically bans the press. Soghoian attended the convention, notoriously capturing a Sprint manager bragging about the huge volumes of surveillance requests it processes for the government.

According to the flyer: “Users have the ability to import a copy of any legitimate key they obtain (potentially by court order) or they can generate ‘look-alike’ keys designed to give the subject a false sense of confidence in its authenticity.” The product is recommended to government investigators, saying “IP communication dictates the need to examine encrypted traffic at will” and “Your investigative staff will collect its best evidence while users are lulled into a false sense of security afforded by web, e-mail or VOIP encryption.”

Here is a comedy highlight:
“VeriSign, the largest Certificate Authority, declined to comment.”

Looks like SSL is shot to hell.

Read the entire article. Follow the links there. lol

Law Enforcement Appliance Subverts SSL

 

February 28, 2010

ebaY Crafty Hackers and iPhone Scams

Posted by G under Apple, black hat, compromised accounts, ebay, ebay hacked, ebayfail, hack, ID theft, iphone, irresponsible disclosure, Online Safety, Trust, user's data leaks, vulnerablity, youtube
Leave a Comment 

ebaY Crafty Hackers and iPhone Scams

by Cappnonymous

 

Next Page »

Design a site like this with WordPress.com
Get started