What the FLIP?

[bladespark]

I just won something on ebay.

Something I NEVER bid on. Something I have never even looked at, because it's something I have no interest in, indeed no earthy use for.

This both alarms and irritates me. I've gone and changed all my important passwords, in case this is somebody actually logging into my account. I have no idea why somebody would do such a thing, or think they could get away with it though. It's not as though I'm going to cheerfully send along payment for an item I never bid on! And how would this whoever get it shipped to them? I've contacted the seller with a quick note about this. Given the very slightly dodgy nature of what's beind sold (international unlock for iphone) I have to eye the seller with at least a little suspicion.

I am really ticked by this though. Grrr.

Comments

[harliquinnraver.livejournal.com]

also...forward that email! to spoof@ebay.com!

[bladespark.livejournal.com]

It's NOT a spoof. I logged into my REAL ebay account, and I DID win the item.

[harliquinnraver.livejournal.com]

eek! thats scary. D: i know there was a spoof mail going around like that. sorry for the confusion.

[bladespark.livejournal.com]

*nods* I've gotten the spoof ones a ton. But this is really... I mean WTF! Somebody other than me has logged into my account! And bought something really dumb!

[harliquinnraver.livejournal.com]

at least it wasnt a car. a girl on the arena logged into her ebay account to find that someone used her account to buy a car in the UK. wtf.

[bladespark.livejournal.com]

That's just... how does that work? So somebody bids, and... then what? The guy who did it can't force you to pay for it! You refuse to, and get one negative feedback, not the end of the world. What does the person who did it get? Jack! I guess unless they somehow get your paypal account too, or something.

[harliquinnraver.livejournal.com]

if you report the situation to ebay, they will resolve it for you :)

[bladespark.livejournal.com]

I reported it anyhow, but turns out I don't even need it "resolved" because whoever used my account to bid paid for it with his own money.

It's been suggested that this is a feedback scam, to get the guy better feedback, but if so, it FAILS bigtime, because either they forgot, or I managed to lock them out first, the feedback hasn't been left.

Anyhow, I hope ebay finds out it is the seller using other people's accounts to bid on his own stuff, and throws his sorry butt out.

[harliquinnraver.livejournal.com]

woah for real? they actually paid? freaky @.o

[malakim2099.livejournal.com]

Email me the details.

And yeah, report this to the account takeover folks, if you haven't already. *snugs*

[malakim2099.livejournal.com]

Okay, if it can be proven that there was an account takeover, eBay deletes all records of the transaction, including Feedback. Additionally, any items listed or won while the account was taken over get their fees refunded, as well as any UPI strikes or whatnot removed as well.

[bladespark.livejournal.com]

I've reported it. I got a message telling me that (duh) my account has been taken over, quick, change my passwords! Which of course I did mere seconds into all this, so the person has been quite thoroughly locked out. But still...

I'm e-mailing you too.

[xianghua.livejournal.com]

Especially since the guy who created the unlock? Is giving the plans away for free on his website- heard it on NPR.

[draggo.livejournal.com]

I highly recommend using a random string of characters for the password. Makes dictionary attacks nearly impossible to guess your password.

Sounds like someone used a dictionary attack to guess your ebay password. Basically someone used a program that scrolls through a list of words. They will even add numbers to the end of such words. Such programs will keep doing this until ebay's server says that the password is correct or until it cycles through it's entire dictionary.

I'm currently working on my network security certification right now and things like this are part of that.

[bladespark.livejournal.com]

It IS A FLIPPING RANDOM STRING! There is no way on earth somebody guessed it.

[draggo.livejournal.com]

It is possible to guess passwords using random letters and numbers assuming that no capital/lowercase letter combinations, other characters were used and it is within a certain number of characters but it will take some time to do (AKA brute force method). Also used in cracking WPA encryption as well. I will not post any info on how to break WPA encrypton so please don't ask.

After a certain number of characters the number of possible combinations will be so high such methods will take years to guess.

I also studied probability and statistics too. :)

[bladespark.livejournal.com]

Oh please. As if I have the remotest bit of interest in breaking WPA encryptions.

[draggo.livejournal.com]

Standard warning. Already had others ask me how to do illegal stuff like that. So now I just tell everyone in advance they are not getting anything from me if they ask.

Also now that I think about it. Check your desktop for spyware and keystroke loggers. You might have one stealing passwords.

[poncelet.livejournal.com]

THe EBay hack is bad, and I sympathize qiute a bit. In my mind it's no less than identity theft. No good at all.

However, an iPhone hack isn't so dogdy anymore. It's been legal to unlock cell phones in the US since 2006 (http://www.darknet.org.uk/2007/04/legal-to-unlock-cell-phones-since-november-2006/).

[dotty-alice.livejournal.com]

Ouch. At least it's not so bad. I've resolved my ID theft problem (I hope).