UK Uni Student Discovers a Second eBay Security Flaw

By Adam Clark Estes on at

Just a few days after discovering a flaw that compromised millions of user accounts, a 19-year-old British uni student found another flaw in eBay's website. It's not as bad as the one that forced pretty much everybody to change their Ebay passwords. But it's not good, either.

The second vulnerability affects the way that eBay handles code from other sites, say, the Javascript that makes that auction listing look so pretty. Said teenager, Jordan Lee Jones, says that a flaw could let a hacker inject a page with malicious code that would steal a user's cookies. That, in turn, gives the hacker the opportunity to hijack the account.

Jones apparent contacted eBay on Friday about this second flaw, but when he still hadn't heard back from them, he went ahead and published details on his blog on Monday. "eBay should be on top of their stuff," he told PC World soon thereafter. Or at the very least, eBay should pay attention to the white hat hackers who are trying to help them. [PC World]