Problem with E-bay

[hugme]

so I go to become a seller on e-bay and they ask me to set up a seller account. fine, I go to set it up.. and the first thing they ask for is a credit card number. which is ok, I don't mind giving them a credit card number only the page is unencrypted so if I put it there everyone will be able to see it. grrrrrr.....

I did a screenshot of the page, notice the unencrypted sign in the bottom right corner of the screen:

http://www.hugme.org/images/hold/badebay.jpg

come on people, apache_mod_ssl is not that hard to run....

I have been looking for contact info on ebay, they don't put it on their site, hopefully webmaster@ebay.com works.

Comments

[sylphon.livejournal.com]

Odd, it used to be secure. when I last signed up with them it showed as encrypted/secured..course that was awhile ago

[sylphon.livejournal.com]

Also, not to be a pain, but I wonder if it's a problem with Mozilla not recognizing the certificate? IE seems to handle it ok (not a great browser, but sometimes works ok). http://www.chaosproject.com/images/ebaysnap.jpg and http://www.chaosproject.com/images/ebaysnap2.jpg

places

[hugs.livejournal.com]

mozilla uses the same libraries as netscape, I have the most current updates, not only that but I do my banking and paypals with mozilla, paypals is the same implimentation.

you aren't looking at the correct page. you have to log in, click sell (having not sold anything) and then "create sellers account" to get to the page I was on.

How about the next page?

[gamgee.livejournal.com]

Is the next page SSL'd? I know that for normal users it's difficult to tell, but come on, you can read HTML...

Thing is that the CC# would be transfered in the connection to get the next link... if at that time the connection is encrypted, everything's fine. There should be nothing in getting the form that is sensitive enough to encrypt.

Re: How about the next page?

[hugs.livejournal.com]

no: when you send information in a form, it sends according to the stats in the form you are sending.

This "normal user" is a CISSP who worked on encryption algorythms for scientific atlanta. I am the reason you can't steal Sci-Atl cable :-P

[asbrand.livejournal.com]

Decided to check out same site with my Windoze 2k box and Opera.

http://www.asbrand.com/pics/good_ebay_01.jpg

Looks pretty secure to me. And, I think this is the same page you were looking at. As you can see, Opera reports that page as secure.

Or am I missing something?



-Az

[asbrand.livejournal.com]

Oh, and before you tell me this:

"you aren't looking at the correct page. you have to log in, click sell (having not sold anything) and then "create sellers account" to get to the page I was on."

...that is exactly what I did. Just FYI...



-Az

[bitmap.livejournal.com]

try to turn on all your SSL warnings, especially
'viewing a page with encrypted/unencrypted mix'

they are bad about linking to non-encrypted images
from inside an encrypted page, and that might be what you saw.

otherwise, maybe try to fill out everything in the page
except the credit card number and post it, and maybe the
next page when it asks you to reenter the card number
will do the right thing.