EBid Security risk?

[jarremachine]

I've just received an email from a power seller of the "other" side and he's pointed out yet another phishing/spoof scam that the thieves are trying out (you need to press the "play" button):

http://www.platinumpowerseller.net/link/link.php?P=2671

I mean, what security measures do we have here on eBid

Are there any spoof email addresses we can instantly send to? e.g. spoof@eBid.com

Can we have an eBid toolbar like t'other side does? Will it prevent us from signing in to a spoof eBid website?

What security measures are in place at the moment?

Your thoughts please G&M

[superbopper]

I totally agree with you, security is a BIG issue, I must email spoof@theotherside nearly every day, and the emails are getting better and better, so good the other day i mistakenly sent them a real email sent by them...

Another point I would like to raise is the birthdays...It is very nice to see its someones birthday and also fun to know how old they are, but isnt it a security issue as we do use this info for pppay ???

[jarremachine]

I totally agree with you, security is a BIG issue, I must email spoof@theotherside nearly every day, and the emails are getting better and better, so good the other day i mistakenly sent them a real email sent by them...

So true and so are their spoof websites. I was invited to be a powerseller and I even clicked on the link (I know, but it was late at night, tired, etc., ), luckily, the eBay security toolbar wouldn't allow me to sign in! Good eh?

So the toolbar does work & I for one wouldn't mind making a monthly subscription, if only to help out with the costs to eBid!

[donkeyote]

I can't understand how the item in that video manages to link to a site outside Ebay - Ebay need to fix this problem fast!

If you ever receive an e-mail asking you to go to either Feepay, or Ebid, or any other site, and 'sign in', first put your mouse pointer over the link and then look at your status bar (at the bottom of the browser window) - this will show you the actual address that the link points to. If it doesn't say
http://www.ebay.co.uk/etc.
or whichever website you're actually supposed to be going to, then it's a scam. It may say "http://www.ebay.co.uk" on the link in the e-mail, but it's easy to make the actual link point to a different website. This is how phishers work a lot of the time.
You should never use a link in an e-mail to log in to a website. Always open a new browser window, and enter the URL you normally enter for the site.

RE the birthdays - where do these occur? It's really bad policy to make it publicly known when anybody's date of birth is, as you say.

[superbopper]

I can't understand how the item in that video manages to link to a site outside Ebay - Ebay need to fix this problem fast!

If you ever receive an e-mail asking you to go to either Feepay, or Ebid, or any other site, and 'sign in', first put your mouse pointer over the link and then look at your status bar (at the bottom of the browser window) - this will show you the actual address that the link points to. If it doesn't say
http://www.ebay.co.uk/etc.
or whichever website you're actually supposed to be going to, then it's a scam. It may say "http://www.ebay.co.uk" on the link in the e-mail, but it's easy to make the actual link point to a different website. This is how phishers work a lot of the time.
You should never use a link in an e-mail to log in to a website. Always open a new browser window, and enter the URL you normally enter for the site.

RE the birthdays - where do these occur? It's really bad policy to make it publicly known when anybody's date of birth is, as you say.

Totally agree, with the email thing, like I said I am soooo paranoyed I sent them a real one back lol...I have always been very very wary of putting info in over the internet, you hear such horrible storys...

Regarding the birthdays....Today its SpiritWillows birthday (Happy Birthday!!) It actually says this at the bottom of the main forum page where it also states who is viewing the forums....its says " SpiritWillow (30) " so from the i know how old they are ( Thirty ) and therefore it doesnt take a rocket scientist to make out the bottom part of their passcode for pppay, also if i have traded with them I know the email addy...so yes i have to guess the password still to get into their account, but these buggers out there have systems that will enter numerous possibilities...
What my main point is however, if pppay use the birth date for extra security, (which i can wholely understand) why bother when they are advertising peoples bithdays on here?...
I do however think its a nice idea, maybe they could do a list of birthdays this month, without the ages, they do though let people opt in and out of the system, via your profile, so this info is optional...
I saw mine last year and until i opened my pppay account I didnt really think about it much...
I am sure someone has probably mentioned this before...

[thehoneyant]

What security measures are in place at the moment?

The choice of putting in your birthday for forum display, is up to you via the eBid User CP.

And the security is see bottom of home page, you can click the link for information.

Saying that I can honestly say I have never had a spoof eBid mail myself since joining Jun 2003, but plenty from espit.

[jarremachine]

Saying that I can honestly say I have never had a spoof eBid mail myself since joining Jun 2003, but plenty from espit.

It just might be a matter of time tho' as ebid grows in popularity and it can happen to the best of us, as it did with that powerseller

When you sign in to eBid, there are no security/encryption pages to sign in, e.g. https

Ebid's is just: http

I think better measures can be taken, peeps may feel better if they knew that their account were secure using state-of-the-art encryption, so your data is not available to anyone.

[jarremachine]

The security is see bottom of home page, you can click the link for information.

Saying that I can honestly say I have never had a spoof eBid mail myself since joining Jun 2003, but plenty from espit.

I never noticed that before, but will it still protect us from spoof websites?

Site/Domain: *.ebid.net
Certificate Status: Valid - 11/07/2005 to 11/07/2006 - High Assurance
Encryption Method: 128/256 Bit Strong SSL Encryption
Entity/Organization: eBid Ltd
82 High Road
West Byfleet, Surrey KT14 7QW
United Kingdom




DigiCert® provides security to eBid Ltd by encrypting data between it's domain and your browser. DigiCert® has verified that eBid Ltd controls this site/domain. Records reviewed by DigiCert® confirm eBid Ltd to be an existing Company/Organization at time of our review. eBid Ltd holds a website identity assurance warranty of $1,000,000. This means you are insured for up to $1,000,000 when relying on the information provided by DigiCert on this site.

To learn more click here: SSL Digital Certificates.

To view our Site Seal Usage Agreement click here: SSL Site Seal Terms

Info. from clicking on the button at hompage

[thehoneyant]

Originally Posted by jarremachine
It just might be a matter of time tho' as ebid grows in popularity and it can happen to the best of us, as it did with that powerseller

When you sign in to eBid, there are no security/encryption pages to sign in, e.g. https

Ebid's is just: http

I think better measures can be taken, peeps may feel better if they knew that their account were secure using state-of-the-art encryption, so your data is not available to anyone.

When you register with your personal details on eBid it is a secure site.

https://secure.ebid.net/perl/normal....r-main&home=uk

Entering a secure site
You are attempting to make a secure connection to this Web site. This Web site provides secure communication and has a valid certificate. Secure communication means that information you provide, such as your name or credit-card number, is encrypted so that it can’t be read or intercepted by other people. The certificate is a statement verifying the security of this Web site. A certificate contains information that a specific Web site is authentic. This ensures that no other site can assume the identity of the original site.


There is a different password sign in for bidding & selling



Posting personal details on forums, is a minefield as they are on a none secure http, espits no different. When it happens it is usually picked up and they are told to remove them. but it's a risk you take, as there are rules.

Forum Rules - Please follow these.
Simple rules of posting.
- No swearing in whatever language or whatever spelling.
- No pimping (advertising own auctions) allowed, apart from a single pimping thread within the Kitchen Table forum.
- No posting of personal data, names or addresses.

First Ban is 2 Days
Second Ban is 7 Days
Third Ban is Permanent.
G