posted on December 26, 2002 08:22:58 AM new
I'm new to posting to this board, but I've read it for quite some time.
Today, I received an email from someone who tried to bid on one of my sports card auctions:
---------------
Hi I just wanted to let you know the person who bought this card off you just screwed you. I was bidding with 3 minutes left $13 and it kept coming back blocked bid. Your high bidder has the program that locks everyone else out under 5 minutes. He just screwed you out of money! Just thought youd liketo know.
---------------
I wrote her back and asked what this was about, as I had never heard of such a program. She replied:
----------------
The card was the Allen Iverson Expectations jersey card. My boys 12 and was yelling he wanted to spend his Xmas money to buy this card and he said type in 13 bucks so there were 3+ minutes let and everytime I bid
it came back bid blocked.
I found out about this program because some guy did it to me on auction and cost me about 50 bucks. You can buy it underground like at flea marts or computer trade shows and you download it and what it does is any item at the 5 minute mark you have bid on it blocks everyone else out as though the seller blocked them. Ebay knows about it and reportedly is working on a solution. Watch this guy he cost you money and a very upset little boy!
----------------
Any ideas? This bidder is NOT on my blocked bidders list, and did not show up as having bid during the last 5 mins of the auction (though she wouldn't, if what she's saying is true.) Anyone else heard of this?
posted on December 26, 2002 09:10:58 AM new
I've never heard of this program...new one to me. I'd suggest you contact ebay immediately and report this. They don't take kindly to users who do anything that disrupt their site. Be sure and send the headers of the email from the person who warned you along with the auction number.
posted on December 26, 2002 09:27:17 AM new
I already have -- I forwarded them everything, along with the auction number. If this is true, the ramifications are very disturbing! Someone could bid $1 and lock out all other bidders, then win the item dirt cheap... does not sound good at all.
posted on December 26, 2002 09:36:11 AM new
The person sending that email must have been hitting the egg nog pretty heavy to make up such a tale. You can buy it at the flea marts or computer shows?
For there to be such a sophistcated program it would have to have the seller's password to block the bidders and then remove the blocked bidders from the list afterwards.
Turn in to ebay the emailer as an earlier post advised.
posted on December 26, 2002 09:54:01 AM new
I wouldn't doubt that there is a program like that. There are crooks everywhere and why not block bids. Crooks are smart, like hackers. Not many hackers in jail doing time they are out working for the big guys like microsoft, intell etc to help better their products. Hackers are very knowledgeable. If this is true I will bet that card will back on ebay to see if they can make money on it.
posted on December 26, 2002 12:08:16 PM new
I don't think the bidder is telling the truth.
I am quite familiar with hacker hangouts and such. Not one peep about a program like this. This would be a public relations nightmare for ebay and hackers love to cause nightmares. This is the sort of juicy program a hacker could not keep secret.
posted on December 26, 2002 06:56:27 PM new
I was in Area 51 last week and was able to pick up a copy on a 30 day trial. If I decide to keep it I have to pay Joe Alien $9.95.<BR>But I figure I can sell it to the masses on Ebay.
New CD Banned by Ebay... How to block bidders on Ebay only $7.95 @@@@LOOK@@@@
[ edited by horsey88 on Dec 26, 2002 06:57 PM ]
posted on December 27, 2002 12:45:46 AM new
Never heard of it I even asked my son and he never heard of it either I even did a search for it through some sites not listed either Hackers are artists and they like to blow their horn.
posted on December 27, 2002 07:11:55 AM new
HORSEY- WHAT IS AREA 51? ARE YOU SAYING SUCH A PROGRAM DOES EXIST AND YOU HAVE SEEN IT ADVERTISED? HOW ABOUT A LINK? (I should add that I am gullible and a little dense this am after FLD)
[ edited by neglus on Dec 27, 2002 07:12 AM ]
[ edited by neglus on Dec 27, 2002 07:14 AM ]
posted on December 27, 2002 08:48:10 AM new
Area 51 is just a little north of area 50 and south of area 52 which is north of Las Vegas. Area 51 is where all retired eBay sellers have to retire and work on Roswell rumers
posted on December 27, 2002 10:32:42 AM new
You'd need the seller's password to run such a program. It's very simple, no password no program.
Ebay does allow almost unlimited tries at a password and that is bad. Yahoo gives you only 4 tries on their auction site. There are hacker's password cracking programs that can be used against ebay but an easier way is to gather info on a seller such as name, address etc and try those out as possible passwords. Spouse names, etc. can be tried as most people want an easy to remember an short password. "I live in Austin so my PW is Austin" type of things.
posted on December 27, 2002 11:59:56 AM new
I just received a reply from Ebay:
---------
Hello,
Thank you for taking the time to write to us with your concern. I would be happy to clear this up.
I assure you that there is no such program that be used on our site, usually bidding problems are due to connection problems or user error. Also, only you the seller can block bidders from bidding on your listing, please check to see if this bidder was on your blocked list.
I truly thank you for the opportunity to assist you and hope you have found the information I have provided for you useful. Good luck and have a terrific day!
Regards,
Vito
eBay Technical Support
----------------------------------------------
eBay
Your Personal Trading Community (tm)
------------------
So my disgruntled bidder was just talking through her hat, apparently...
posted on December 27, 2002 12:00:21 PM newWhat you describe in your email, it is not only possible, but fairly easy to accomplish.
We all know everyone's user name already, it is available on your listing page. All that a person would need to get is the password. What that person needs to do is run an automated program (bot) that tries different combinations of letter, numbers and signs available on your keyboard, until it hits the right combination and accesses your account. This person has now hijacked your account, he can do anything he wants, all the options available you are also available to this person. He could cancel bids, block bids, list scam auctions using your account. The possibilities are just to numerous, to list here.
These automated programs (bot) are easily available, easy to come by, many of these are freeware, so you don't even need to spend any money to obtain them.
Once, that is accomplished, armed with the password, that person can set up your account to block all bidders. After, the auction closes, remove the block and no one is the wiser, unless someone does some research or eBay investigates. Do you think that eBay would publish or let anyone know if that was happening? Their whole model would collapse, because people would have lost confidence on their model.
As smart as eBay's management seems to be, I am sure that they are working on a solution to this problem that doesn't cost too much.
As it previously has been said, by tooltimes, Yahoo only allows you four tries, eBay does not have such a safeguard. So it is ripe for anyone to try, I am sure that it has already being tried. The reason is because eBay doesn't want to spend the money to have a 24-7 support service to unlock the locked accounts when someone by error or on purpose makes 4 erroneous attempts to access their account.
Here is an excerpt of an article published on March 25, 2002, by C/NET News.Com:
Instead of establishing their own accounts on eBay, many scam artists are using a so-called dictionary attack to break into reputable sellers' accounts. A time-tested technique, a dictionary attack involves an automated program, or "bot," that tries to find a password for a known user ID by drawing on a list of common passwords and a dictionary of words.
posted on December 27, 2002 12:34:09 PM new
That is not quite correct. Hackers can not use the automated dictionary attack after a few tries.
After a certain amount of attempts, a code is put at the bottom of the password page. That code must be entered along with the password. The code is randomly generated and the automated attacks do not work. Yahoo and many other sites use this system to stop automated signups.
I am not sure when it was implemented, but it has been in place for several months.
posted on December 27, 2002 03:54:03 PM new
The dictionary software was mentioned on a news cast one night. What it is is a program of dictionary words that when you put a user ID in then the dictionary starts searching through the list to see if a user password matches the user ID, it will continue to run until either the program is out, time has run out, or the word is found. I found this rather interesting and scarry....
posted on December 27, 2002 04:21:05 PM new
I was having keyboard troubles a few weeks ago and I encountered this safety code - no trouble for me but I can see where it would stymie most bots.
Another step is to use a long and complex password- using your kids name which is also part of your ID is foolish.
[ edited by bob9585 on Dec 27, 2002 04:21 PM ]
posted on December 27, 2002 05:41:39 PM new
Even if someone hacked into the account to block a bidder (which I am sceptical of) how does he know which bidder to block? Certainly he can't automatically block every user ID.
posted on December 27, 2002 08:14:30 PM new
As biskitsandgravie noted:
After a certain amount of attempts, a code is put at the bottom of the password page. That code must be entered along with the password. The code is randomly generated and the automated attacks do not work. Yahoo and many other sites use this system to stop automated signups.
If you don't your account gets lock up and you must call Yahoo to open it. Yahoo has a 24-7 support to take care of this problem and assist you to unlock your account. I have an occasion to test the system on Yahoo PayDirect.
The security system you are referring too is called "Gimpy" and was created by Researchers at Carnegie Mellon University in Pittsburgh.
I am not sure when it was implemented, but it has been in place for several months.
It was adapted by Yahoo almost a year ago to prevent Robots to open email accounts to be used later to send Spam.
The systems is not fool proof, it has now been cracked by a pair of computer scientists from the University of California, Berkeley. Their success rate was 83 percent for the simplest version of Gimpy, which is the version used by Yahoo. I am not aware that eBay has such a security system in place.
Even if someone hacked into the account to block a bidder (which I am skeptical of) how does he know which bidder to block? Certainly he can't automatically block every user ID.
Yes, all accounts can be blocked. When you do search and don't know all the letters of characters you use *. Per example "*." will list every directory on your hard drive, or "*.*" will list every file. I won't go any further, we wouldn't want to give anyone ideas!
posted on December 27, 2002 11:27:29 PM newYes, all accounts can be blocked. When you do search and don't know all the letters of characters you use *. Per example "*." will list every directory on your hard drive, or "*.*" will list every file. I won't go any further, we wouldn't want to give anyone ideas!
That does not work with many systems. On ebay, you can have a user name that has the "*" symbol in it. You can not block or search all names using that type of command.
Yahoo has had it implemented for about two years. Ebay has had it for at least several months. Like Bob9585, I found out when I was having keyboard troubles.
posted on December 30, 2002 04:10:54 PM new
yabbut- the question on my mind is why would anyone go through all that to buy a trading card for twelve-and-a-half dollars instead of thirteen?