Thursday, March 15, 2007

Is ebaY Holding the Smoking Gun?

The Preponderence of the Facts Show That ebaY is Holding The Smoking Gun
14 March 2007

It must be pretty obvious to our readers that TAG has been convinced for quite a while that ebaY is lying when they say Vladuz - and by extrapolation the Chinese hijacker/counterfeiters - has no access to ebaY other than through the phishing that takes place off ebaY. Only ebaY knows the whole truth, and all TAG, being on the outside can do, is use our 10 year intimate knowledge of ebaY and theorize on what we can observe. ebaY says that their site is secure and that no one has accessed their back end, as TAG has theorized. They told TAG that it is a FACT that no one has direct access to ebaY,

" We can hopefully address your 'concerns about the Vladuz problem' with the facts below."

" There is no way of gaining access to our internal networks without a securid token issued by IT."

"At no point did he have access to our corporate networks, tools, financial databases, or desktops, and at no point was any user information exposed."

"No one can access a user account without a password"

We already know, for a FACT (a real one not an ebaY corprobabblespeak one) that the following fact is a lie,

" Some messages were published on a community board on the eBay.de (Germany) web site by a person who gained access to a small number of employee email accounts."

since Vladuz posted on the boards today, using ebaY employee accounts, for the fourth time since he was shut out of that "small number of employee email accounts." Can there be so many gullible ebaY employees falling for phishing scams, and doing so whilst this massive attack against the ebaY site is going on?

What is most interesting about today's postings however, is that the account hijacks appear to have finally provided the smoking gun, with ebaY's fingerprints on it. Possibly irrefutable proof that ebaY is lying, that their site has been compromised, and that the back door is wide open.

Today, one of the accounts Vladuz, under the User ID Vladuz-Unleashed, used, is an account for an ebaY employee, kelbel@ebay.com


kelbel@ebay.com has what appears to be a test ebaY shop


Though kelbel@ebay.com has only one (1) feedback from another ebaY employee, kelbel has a power seller logo.



It is fairly obvious that kelbel@ebay.com is not a real person, but an account created by ebaY to run whatever various tests and experiments they feel they need. ebaY has lots of things they test, so this is just another one of them. BUT, if there is no real person named kelbel@ebay.com HOW did that non-existent person fall for a phishing scheme that allowed "his" information to be added to a phishing database? And if the account was hijacked without such access, then ebaY is lying about all of their alleged facts, and about phishing being the road to access to all these hijacked accounts, ebaY's and everyone else's.

At what point does ebaY's lies become criminal activity? At what point do they become liable for what is going on? They might already be violating the California law that requires them to contact California account holders when their ebaY accounts are compromised through access to ebaY's servers. What other laws are they breaking? Customer trust is eroding fast; will stockholder trust be far behind?

No comments: