Thread: Ebay hacked again!!
View Single Post
Old 05-23-2014, 09:18 PM   #28
Manabi
Wizard
Manabi ought to be getting tired of karma fortunes by now.Manabi ought to be getting tired of karma fortunes by now.Manabi ought to be getting tired of karma fortunes by now.Manabi ought to be getting tired of karma fortunes by now.Manabi ought to be getting tired of karma fortunes by now.Manabi ought to be getting tired of karma fortunes by now.Manabi ought to be getting tired of karma fortunes by now.Manabi ought to be getting tired of karma fortunes by now.Manabi ought to be getting tired of karma fortunes by now.Manabi ought to be getting tired of karma fortunes by now.Manabi ought to be getting tired of karma fortunes by now.
 
Manabi's Avatar
 
Posts: 1,384
Karma: 18484273
Join Date: Apr 2013
Device: Paperwhite, Galaxy S22
Quote:
Originally Posted by calvin-c View Post
Yes, and no. Even though the 'hack' came from obtaining authorized user logins they should still have discovered it sooner-if they were really concerned about security. I worked computer security, I know. Standard auditing would have logged even authorized user access to sensitive data. Unless the 'authorized user' was a DBA-and if that's the case then the DBA should probably be fired-then the bulk copying should have triggered an alarm. (A DBA whose login is stolen is like a security guard letting his keys be copied.)
I wasn't commenting on whether they should have discovered it sooner (they should have), just that the reality is they only discovered it two weeks ago so it's unfair to say they waited months to report the breech it was discovered.

Quote:
Originally Posted by calvin-c View Post
I went to eBay as soon as I read the story-and couldn't find a 'straight-up' password change function. I did find one, eventually, by following a question about what to do if I find that somebody else has used my account. Really-standard security practices are to change passwords frequently. So why would a company that's really concerned about security hide that function?
That was my experience too, I have never had so much trouble finding where to change a password. It very much felt like they didn't want anyone to do so.

Quote:
Originally Posted by calvin-c View Post
I guess that tells everybody how concerned eBay really is about security. (FWIW I use eBay maybe twice/year so I don't remember my login but I do write it down. That used to be a no-no but these days more 'hacks' come online from easily guessed passwords than from people physically accessing your office. Besides I keep my written-down passwords in a lockbox.)
I use a password safes myself. on two levels. I use LastPass for ease of use for stuff that's not terribly important (forums and such) and KeePass without a browser plugin for stuff that's important (banks, credit cards, etc.) Almost all of my passwords are totally random ones that are highly unlikely to be bruteforced anytime in the near future.
Manabi is offline   Reply With Quote