tag:blogger.com,1999:blog-1956851062928470828.post1647519191230109483..comments2023-10-23T10:15:44.618-05:00Comments on The Real Shliach: Guest post: eBay, the scammer, and the seller Part 1Just like a guyhttp://www.blogger.com/profile/14680468025321981540noreply@blogger.comBlogger11125tag:blogger.com,1999:blog-1956851062928470828.post-57628818343047797282012-08-01T21:28:54.744-05:002012-08-01T21:28:54.744-05:00@Leo
I'm sorry to have misled you, but I am n...@Leo<br /><br />I'm sorry to have misled you, but I am <b>not</b> the same Yossi as the guest blogger.<br /><br />And I stand by my assertion that this is simply an exploration of a broken system. Systems do not need to be software to have security vulnerabilities.<br /><br />eBay is well aware of this problem, not only because the created it somewhat intentionally (buyers complained louder than sellers), but because I have seen this discussed <i>ad nauseam</i> around the web for years. Here is one from 6 years ago <a href="http://www.dansdata.com/ebayscam.htm" rel="nofollow">http://www.dansdata.com/ebayscam.htm</a>. A quick google search turns up a thousand more sites like this one.<br /><br />As for discussing a bank heist, if the bank is aware that it has insufficient security yet has done nothing about it, you would do well to be warned of the situation before you decide to deposit your funds. If the bank does have adequate security, then I would also argue that there is nothing wrong with discussing theoretical, impractical attacks that the bank has no reason to defend against. This last bit is my opinion. There may be room for arguement.<br /><br />The blog post is written in a sarcastic, bitter way. Those who pick up on this will understand that "essentially written the scammers handbook for eBay" is a literary liberty taken to further the tone of the piece. Your assertion that he has set "... himself up as the authority on how to commit criminal acts.", is laughable.<br /><br />I can not say with certainty that he has set out to warn others, though I choose to interpret it that way. This may in fact be nothing more than a simple rant by a disgruntled eBay seller. I can clarify that the point is NOT to warn eBay as you seem to presume, but to warn potential eBay sellers. eBay the company is already aware of this, as laid out above.<br /><br />Now, as far as people taking pride in their criminal ability, I too have noted this unfortunate trait in some with whom I interact, but this guest blogger does not strike me as such.<br /><br />I dismiss offhand the notion that this post or others of its ilk will attract the attention of law enforcement. The very idea is ludicrous. <br /><br />I do, however, agree that this guest should get his own soap box. TRS does not feel like the correct venue to air these griefs. As you put it, "[TRS is] a place of insightful social, political and religious comment." This sort of post is out of place.Yossi R (not the guest blogger)noreply@blogger.comtag:blogger.com,1999:blog-1956851062928470828.post-88586781666419832922012-08-01T06:39:47.202-05:002012-08-01T06:39:47.202-05:00Dear Mr. R.S.
Your guest-blogger confuses several...Dear Mr. R.S.<br /><br />Your guest-blogger confuses several issues:<br /><br />1. the issue regarding soft-ware is a red herring. There is nothing in his posts that speak to eBay software and its possible problems;<br /><br />2. he states that eBay is aware of the issue. First, he provides no supporting evidence for this. Second, just because a bank is aware that it could be broken into and have money stolen does not provide one with an excuse to detail how to enter a bank vault, stun the security guards, etc. Such activity could be considered criminal ("conspiring to steal" etc.);<br /><br />3. He cannot hide behind the "PSA-excuse" after the fact. There was nothing in his posts to suggest that this was a "warning" to users of eBay. In fact he starts off by saying "The best way to become a scammer on eBay is to be a buyer." He goes on to boast that he has "essentially written the scammers handbook for eBay" setting himself up as the authority on how to commit criminal acts.<br /><br />Sorry, but I'm not buying his claimed "social conscience" that has driven him to warn the company of flaws in its system. (It is also of interest to note his sense of pride in his (alleged) ability to scam/cheat the system - unfortunately one finds this attitude among many individuals professing a religious way-of-life (not necessarily your guest writer of course). I've noted the same attitude when it comes to parking-tickets, taxes, health-code violations, speeding etc. (But I digress.))<br /><br />Hopefully your (formerly) esteemed blog is not beginning to attract the interest of those in law enforcement who monitor such things...<br /><br />Tell him to get his own blog where he can proudly post his "insights" into criminal behavior. <br /><br />And "The Real Shliach" can return to its former glory as a place of insightful social, political and religious comment.<br /><br />A saddened,<br /><br />LdT.Leo de Toothttps://www.blogger.com/profile/16839412894312524247noreply@blogger.comtag:blogger.com,1999:blog-1956851062928470828.post-32379820758776407812012-08-01T05:01:18.272-05:002012-08-01T05:01:18.272-05:00@Leo
What this is is a security bulletin. In the ...@Leo<br /><br />What this is is a security bulletin. In the same way that security researchers will publicly talk about software vulnerabilities they find. The intent is for others to be made aware so that they may protect themselves.<br /><br />There is also the concept of responsible disclosure. The standard procedure is for the discoverer of a vulnerability to first inform the software vendor privately, and not go public with it until the vendor has had the opportunity to create and deploy a patch. In the sad but all too common case where the vendor simply ignores the researcher, it is acceptable for him to go public with the vulnerability information, so that the world at large may attempt to mitigate their exposure to the vulnerability. After all, if a good guy was able to discover it, odds are a bad guy has as well.<br /><br />Bringing this back around to the issue at hand, eBay is well aware of this problem, and has been for years. Criminals are already exploiting it in droves. There is zero benefit to be had from keeping this information under wraps. This blog post only serves as a PSA to let the public know that this is going on, and perhaps some seller will not get scammed because he knows to buy tracking for his package even though the buyer isn't paying for that level of service.Yossi Rnoreply@blogger.comtag:blogger.com,1999:blog-1956851062928470828.post-41814947623503762712012-08-01T03:04:16.694-05:002012-08-01T03:04:16.694-05:00Dear Mr. R.S.
Nice to see your blog alive again a...Dear Mr. R.S.<br /><br />Nice to see your blog alive again although I'm concerned about the recent content (even though these are "guest" posts). Describing how to defraud a company could have significant legal consequences (fraud, incitement to commit a crime, provide the means of committing a crime etc.) Although these are "guest" posts you could be considered an accessory and therefore equally liable. Further, given that you and your guest have worked together, the charge of "conspiracy" would be added i.e. conspiracy to commit fraud, etc. thereby significantly increasing the legal liability. I would recommend that your erstwhile "partner in crime" get his own blog and you clearly and unequivocally distance yourself from these posts.<br /><br />A concerned citizen,<br /><br />L de Toot.Leo de Toothttps://www.blogger.com/profile/16839412894312524247noreply@blogger.comtag:blogger.com,1999:blog-1956851062928470828.post-14017283165509191452012-08-01T00:05:08.996-05:002012-08-01T00:05:08.996-05:00Did you ever email someone and say "hey! I...Did you ever email someone and say "hey! I'm not a big evil corporation. I'm a guy trying to make a living. can you please not take money out of my pocket?"ehttps://www.blogger.com/profile/04376537400767851942noreply@blogger.comtag:blogger.com,1999:blog-1956851062928470828.post-7340401314889806232012-07-31T23:51:46.602-05:002012-07-31T23:51:46.602-05:00E: Not if you are a scammer ;)E: Not if you are a scammer ;)Yossinoreply@blogger.comtag:blogger.com,1999:blog-1956851062928470828.post-29644883862163581072012-07-31T23:46:34.601-05:002012-07-31T23:46:34.601-05:00Oh, life is tough.Oh, life is tough.ehttps://www.blogger.com/profile/04376537400767851942noreply@blogger.comtag:blogger.com,1999:blog-1956851062928470828.post-68788003322643782622012-07-31T21:31:29.053-05:002012-07-31T21:31:29.053-05:00TRS: yes.
Qtap: Signature confirmation is only $2...TRS: yes.<br /><br />Qtap: Signature confirmation is only $2 extra within the USA, but even first class within the USA comes with tracking. Delivery confirmation/signature for abroad is $20-30 extra (includes tracking). Its send abroad where we have the issues.Yossihttp://stores.ebay.com/Maxs-Genuine-Clothingnoreply@blogger.comtag:blogger.com,1999:blog-1956851062928470828.post-9270799987721056092012-07-31T21:22:28.828-05:002012-07-31T21:22:28.828-05:00If I was a seller, I'd get tracking for my exp...If I was a seller, I'd get tracking for my expensive item even if the buyer picked the least expensive shipping. Delevery confermation is only two or three dollars with the us postal service. Just saying, sellers could easily protect themselvesQtaphttps://www.blogger.com/profile/11374135215756479833noreply@blogger.comtag:blogger.com,1999:blog-1956851062928470828.post-23145578952547745702012-07-31T20:47:52.813-05:002012-07-31T20:47:52.813-05:00And now?And now?Just like a guyhttps://www.blogger.com/profile/14680468025321981540noreply@blogger.comtag:blogger.com,1999:blog-1956851062928470828.post-87604838085916191192012-07-31T20:39:09.851-05:002012-07-31T20:39:09.851-05:00The picture doesn't show up.The picture doesn't show up.Yossinoreply@blogger.com