posted on March 27, 2002 08:41:51 AM
Interesting article.
However, they did point out that only people with simple passwords are at risk. My ebay is a business, so I try to be more sophisticated with my business passwords.
Of course, if too many bidders get burned, it will hurt everyone.
Our society will have to make a choice. Right now computer crime is considered a harmless white collar crime and it is given little penalty. However, if your business is hurt so bad you cannot make your house payment, it is not harmless to you.
B & M businesses have similiar problems. However, their criminals are local so they can badger the police for action or go to court to recover costs. Cybercrime is different in that you cannot threaten criminals with legal action easliy.
The discussion on Lockout procedures was interesting. Perhaps it would be acceptable if one could opt in/opt out. That way those of us who use tougher passwords can opt out and not worry about sabotage from unhappy losing bidder. All I need is a losing bidder to get mad at me and lockout my account on purpose.
The discussion on customer service was also interesting. Ebay has very little. They seem to want to keep profits as high as possible until they sell as much of their stock as possible.
posted on March 27, 2002 08:59:34 AMHowever, they did point out that only people with simple passwords are at risk.
I didn't see that in the article. Given a fast computer and ample time, any password can be discovered, as long as eBay allows unlimited logon attempts.
posted on March 27, 2002 10:35:18 AM
If ebay allows unlimited logon attempts, someone there is asleep at the switch! That is inexcusable. Can anyone confirm that this is true?
posted on March 27, 2002 10:46:25 AM
Well, I read the article and it is indeed true that ebay allows unlimited logon tries. That's pathetic, as are their reasons for not doing so.
I can give ebay the names of a dozen companies, like Yahoo for one, that manage logon security without sitting someone down in front of a phone. Kevin Pursglove, contact me as soon as you finish your lunch of braised quail and truffles.
posted on March 27, 2002 12:40:31 PMIf ebay allows unlimited logon attempts, someone there is asleep at the switch! That is inexcusable. Can anyone confirm that this is true?
I'm sure it is true, but the article did bring up an interesting point. That is, you could eliminate competing bidders. If a sniper regularly beats you, you could try to log into his account several times a couple minutes before the auction ends, he'd be locked out of his account and unable to snipe.
posted on March 27, 2002 01:38:22 PM
How about requiring a second password (security key) to be able to change the password on the account. That way a person would be able to access the account and close any bogus auctions.
posted on March 27, 2002 02:30:49 PM
Wanna bet it is probably a 15 year old kid, and when he is caught, the judge will just slap his wrist, as for all the money he spend, his lawyer will say he spend it all, he cant give the money back, and the judge will tell all of us who lost money, tough, live with it, dispute with your CC company.
I dont know why the court system is so easy on under 18 year old criminals, I remember there was this 15 year old kid, he liked to drop rocks from skywalks over the freeway on passing cars, one of the rocks killed a driver, the judge slapped his wrist, he got out, he did it again, killed a pregnant woman and her 6 year old girl, and the judge let him out once again, saying he is a minor! Damn ACLU! I am glad I never gave my bank account to ebay!
posted on March 27, 2002 03:57:10 PM
Yes, bkmonroe, there is the sniping issue. There are many issues that would need to be solved in the pursuit of password protection. NONE of the issues is unique to ebay, and NONE haven't already been solved numerous times.
When you hear computer people saying "it can't be done," what that means is "we don't want to do it." Believe me, I know. There is no computer problem that can't be fixed with the application of sufficient money and time, both of which ebay has in abundance.
posted on April 3, 2002 04:55:13 PM
If they were hacked maybe that's why I can't get into my Half.com seller account. Their system keeps saying I have my cookies off, when I have them on. Half.com emailed me with an explanation that the engineers were working on the problem. Ever since Ebay bought Half.com, the service has gone downhill.
