March 4, 2005

CNET is reporting that eBay is 'scrambling' to fix a phishing bug that allows spammers to use eBay servers to redirect links to fraudulent sites. However, this bug was posted on the Bugtraq security mailing list almost three weeks ago and was seen by people receiving spam long before that. The redirect bug seems simple enough for eBay to fix: simply check the input URL and prevent a redirect to any domain not owned by eBay. Three weeks to do a ten minute fix? Give us a break.

Here are the Links

The CNET Story Here

The Bugtraq Posting Here