Receive News from Operation Disclosure via Email

Guest Posting

If you wish to write a post/article on Operation Disclosure all you need to do is send your entry to applying these following rules.

The subject of your email entry should be: "Entry Post | (Title of your post) | Operation Disclosure"

- Proper Grammar
- No foul language
- Your signature/name/username at the top

Send your entry and speak out today!

News Alerts





Featured Post

New Republic Report: "Incredible" -- October 25, 2016

------------- "​Incredible" Republic Update Monday October 24, 2016 ​-------------​ OK, so your much prayed for RV is ti...

Wednesday, February 3, 2016

Warning When Using eBay, Malware being Distributed

eBay has no plans to fix "severe" bug that allows malware distribution

Posted By: MrFusion [Send E-Mail]
Date: Wednesday, 3-Feb-2016 13:41:44

Be suspicious of unexpected pop-ups on eBay while viewing item listings...


eBay has no plans to fix “severe” bug that allows malware distribution [Updated]
Clever "JSF**K" technique allows hackers to bypass eBay block of JavaScript.
by Dan Goodin - Feb 3, 2016

eBay has no plans to fix a "severe" vulnerability that allows attackers to use the company's trusted website to distribute malicious code and phishing pages, researchers from security firm Check Point Software said.

The vulnerability allows attackers to bypass a key restriction that prevents user posts from hosting JavaScript code that gets executed on end-user devices. eBay has long enforced the limitation to prevent scammers from creating auction pages that execute dangerous code or content when they're viewed by unsuspecting users. Using a highly specialized coding technique known as JSF..K, hackers can work around this safeguard. The technique allows eBay users to insert JavaScript into their posts that will call a variety of different payloads that can be tailored to the specific browser and device of the visitor.

"An attacker could target eBay users by sending them a legitimate page that contains malicious code," Check Point researcher Oded Vanunu wrote in a blog post published Tuesday. "Customers can be tricked into opening the page, and the code will then be executed by the user's browser or mobile app, leading to multiple ominous scenarios that range from phishing to binary download."

~~~~~ CONTINUE AT: ~~~~~

Shoutbox Disclaimer

Please be advised that the Shoutbox is NOT moderated. Use it at your own will.

Note: The Shoutbox is home to a rare species called "Carlos Marine" aka "zeusisback". Please don't feed.