SoylentNews is people
SoylentNews
eBay users spot the online auction house port-scanning their PCs. Um... is that OK?:
Updated Users visiting eBay have spotted that the website runs port scans against their computer, using the localhost address to inspect what may be running on your machine.
Fraud is a big issue for eBay, and if the purpose of scanning for remote-control access ports is an attempt to detect criminals logged into a user's computer in order to impersonate them on the tat bazaar, it could have some value. The behaviour, however, was described as "clearly malicious" by security researcher Charles Belmer.
The script attempts WebSocket connections to a number of ports, including 3389 (Microsoft remote desktop), 5931 (Ammy Admin remote desktop), 6333 (VNC remote connection), 7070 (realAudio and Apple QuickTime streaming) and more. The script is running locally so it is not testing for ports exposed to the internet, but rather for what is running on your local network. The port scanning script does not always run. We have only seen it run on Windows, and normally only on the first visit to eBay after some unspecified period.
Developer Dan Nemec used browser debugging tools to trace what is going on – a job made harder, he said, by JavaScript code that is "re-obfuscated on every page load" so that variables names change every time.
It is odd, though: not all the code is obfuscated, so if the script's creators really wanted to cover their tracks they could have done a better job.
Nemec did discover several points of interest, however. One is that the source of the script, called check.js, is src.ebay-us.com, which is a CNAME record pointing at h-ebay.online-metrix.net, which belongs to an organisation called ThreatMetrix Inc, part of LexisNexis Risk Solutions.
Following the scan, Nemec observed, the web page requests images, again from the Threat Metrix domain, which return a 204 code meaning "no content". The payload is in the argument accompanying the requests, which when decrypted contains the results of the port scan and other information, including the user agent (browser identifier), public IP address, and "other data, signatures and things I don't recognize," said Nemec.
[...] Updated to add
eBay got back to us to say that it is "committed to creating an experience on our sites and services that is safe, secure and trustworthy," though it has not responded to any specific concerns over privacy or security. We understand that the reason for the port scanning script is fraud prevention, seemingly by flagging up machines that may be under remote control by miscreants.
(Score: 4, Insightful) by SomeGuy on Wednesday May 27 2020, @06:49PM (7 children)
Really. Unfortunately the only competition I even know of with any kind of critical mass is some sort of Facebook thing. Compared to Facefook, eBay still looks not so bad.
The future is here. If you want to do business, you have to bend over and let someone probe your port. And you will be happy about it.
(Score: 3, Insightful) by captain normal on Wednesday May 27 2020, @07:32PM (1 child)
I've had great success buying and selling using craigslist.
https://sfbay.craigslist.org/ [craigslist.org]
You can find a site near you at https://craigslist.org. [craigslist.org.]
Everyone is entitled to his own opinion, but not to his own facts"- --Daniel Patrick Moynihan--
(Score: 2) by SomeGuy on Thursday May 28 2020, @12:08PM
Craigslist is good, but not quite the same sort of thing. Usually used for local sales.
As others mention, for new stuff plenty of vendors have their own sites as well as Amazon.
But for things like collectibles and used items that one might want to sell over the entire US or globally, eBay still seems to be the only game in town.
(Score: 2) by Mykl on Wednesday May 27 2020, @10:23PM (4 children)
There are alternatives to eBay out there. My wife and I stopped using it years ago (because it is a wretched hive of scum and villainy).
If you want to buy new products, there are heaps of vendors out there selling directly or through other places. There's also Amazon (not saying they're great, just that they're not as bad as eBay).
Most countries have some form of second-hand market. The US has Craigslist. Australia has Gumtree [gumtree.com.au]. I'm sure there are plenty more in other countries.
(Score: 1, Interesting) by Anonymous Coward on Thursday May 28 2020, @02:18AM (2 children)
eBay owns Gumtree Australia,
I don't expect you to believe me - google it yourself.
(Score: 3, Touché) by Mykl on Thursday May 28 2020, @03:23AM (1 child)
Well ... shit.
(Score: 2, Interesting) by Anonymous Coward on Thursday May 28 2020, @06:28AM
Didn't you spot all the embedded fleabay crud creeping in after they borg'd it when you searched for anything on gumtree?
As a souk, gumtree has become increasingly 'sketchy', scammers were always there, but back in the past, when gumtree was both independent and a bunch of Perl code (and not the bloated shit it is now..) you reported a scammer, their postings were dealt with...whereas now, under fleabay control..
Two examples I got fed up reporting here in the UK.
1. A persistent scammer, a business selling Chinese tat workshop equipment had adverts where the seller was listed as one of a group of 5 individuals (all listed at companies house as being officers of said company) rather than the company itself, this being a means of trying to sidestep the company's legal responsibilities for the dodgy chinese tat under the Consumers Right Act by making it appear that all these sales were private...reported the adverts every time I came across them, one year on, they were still at it. I eventually passed the details on to the Trading Standards people down in London where these shits were based, the adverts stopped within a fortnight.
2. Another persistent scammer, this one selling 'warez' at £10 a pop. That, I would have ignored, but it was the fact that he was supplying stuff loaded with Trojans that made me report the bugger..how do I know? Guess who got handed a laptop 'to have a look at' after the owner had installed Autocad from one of this gentlemans finest DVD-Rs and the laptop then started 'acting strange'. This scammer helpfully supplied install instructions, the first one being 'Disable your antivirus software.' the laptop's owner had purchased several DVDs from this shithead, I scanned them, all infected, asking where he got the things lead me to the gumtree postings.
Same story, reported every incidence of his adverts, detailing he was supplying illegal copies of commercial software infected with trojans, bugger all got done. After three months I had to threaten them with FAST and the Business Software Alliance before they finally took any action, though, chances are he's back in business with a new burner mobile number and email address.
The local joke about gumtree is that it's the first place to check if anything of yours is stolen, especially motorbikes and tools, my favourite one so far - the 2 km drums (yes, plural) of optical fibre being sold from a residential address, a flat in a sketchy part of a neighbouring town...not a million miles away from where a new housing development was being cabled up.
(Score: 0) by Anonymous Coward on Thursday May 28 2020, @11:04AM
Gumtree is available in many countries alongside other, regional boards. And here's the situation in my country, for these informed:
1. The main local auction site was good since 2001 until about 2012. Now, they became monopoly, so they decided to go eBay way, including running malware on a computer, blocking users and taking money not for auction, but for showing shipping option (!). There is an alternative, in the last 10 years they had TWO auctions: One in 2012 called "TEST - DO NOT BID" and the second was in 2017 called "TEST TEST TEST".
2. The main auction site bought the main local classified ads site, which means that they pushed personal auctions away from auctions and forced them to the classifieds. Simultaneously they raised prices of these small ads so high that now I visit a bunch of hobby forums to get info who is selling what. Many people started to move to Gumtree.
3. The main classified ads site, along revamp of auction site discussed earlier, got a web interface which is unbearable intentionally only to force users install a rogue app which requires access to GPS, camera and microphone.
There certainly must be some technology to solve these problems. But I think the main problem is between chair and keyboard.