User talk:75.7.240.28

From Wikipedia, the free encyclopedia

Contents 1 Ebay - Vladuz & ebay security - Citations needed 2 Hacking, legal threats, and a whole lot more 2.1 EBAY & FRAUD 3 Ebay scammed

[edit] Ebay - Vladuz & ebay security - Citations needed

http://en.wikipedia.org/wiki/EBay#Romanian_hacker_.22Vladuz.22_.26_website_security

Since Gordo wants to try hiding things and acting like they don't exist so he can delete additions, HERE is all that's been said to date.

Citation #1 - must be with-held, due to the fact that people's credit card numbers & bank details are listed. Citation #2, #3 - I'll check and see if the information is still availible (The main copy of the information, less the actual card numbers, was posted on the German website.) If you're asking for proof that Vladuz hacked into the Lawyer's ebay account, again that's tricky as the only proof happens to be a screenshot of it - WITH the financial info. 75.7.240.28 (talk) 18:04, 14 May 2008 (UTC)

Please discuss this on the article's talk page. However, what you're saying is there are no verifiable sources for these statements; as such, they will be removed. --jpgordon∇∆∇∆ 18:06, 14 May 2008 (UTC)

Gordon, are you a retard or something??? Or an ebay toadie?? Claiming it never happened, when WORLD NEWS reported on it, makes you out to be a biased little prick. Instead of sitting at your computer searching for porn, try typing in a search for "VLADUZ" if you don't believe it happened. 75.7.240.28 (talk) 20:02, 14 May 2008 (UTC)

BY THE WAY, oh high and mighty one....

http://arstechnica.com/news.ars/post/20071009-hacker-exploits-forgotten-ebay-administrative-system.html

http://www.suspendedfromebay.com/?p=86

http://www.pheebay.com/forums/viewtopic.php?p=43193&highlight=vladuz

http://www.ebaymotorssucks.com/vladuz-is-back-again.htm

75.7.240.28 (talk) 20:06, 14 May 2008 (UTC)

I've removed the filth-laced response to this, by an anonymous contributor who seems to misunderstand Wikipedia's requirements for verifiability. --jpgordon∇∆∇∆ 21:27, 14 May 2008 (UTC)

Thanks for showing your TRUE nature JP - that of a liar who will twist things around. I notice you ALSo deleted the information I provided - was that so you could claim the Vladuz thing never happened?

http://en.wikipedia.org/w/index.php?title=User_talk:Jpgordon&oldid=212429415

And of course, YOUR comment about the whole thing is....

21:23, 14 May 2008 Jpgordon (Talk | contribs) (26,030 bytes) ( Piss off. ) (undo)

Now, brat, I suggest you quit looking for any excuse to hide the truth before you get you hand smacked with a ruler. 75.7.240.28 (talk) 00:30, 15 May 2008 (UTC)

Notice how he Includes the links to news as "filth" so he can delete it? If you ask me this bozo needs to be removed as a "boss" asap.

Oh, and gordo? I wouldn't delete this off my page if I were you - or get any of your "good old boy" friends to do it either. Doing so will only bring trouble down on you.....

By the way, if you're going to go around deliberately trying to tick people off, you MIGHT want to delete certain info off your page - makes it a walk in the park to find you in RL ;)

75.7.240.28 (talk) 18:53, 15 May 2008 (UTC)

Jpgordon, I've heard him get crticized by various people, but I've found he's one of the better high ranking wikipedians. A lot of those sources you quoted above are from personal sites instead of news sites, which if wikipedia allowed personal sites, there'd be 50 articles tens of pages long on how PayPal is a scam run by criminals, etc. And I'm not saying PayPal isn't, just that Wikipedia is picky about sources. The first one you listed above looks like a news site. When someone added the Vladuz paragraph I just searched in google news and pulled what came out. William Ortiz (talk) 02:57, 16 May 2008 (UTC)

Well, the reason I'm sticking to my guns concerning this is that I actually witnessed some of what went down (Seriously, I haven't laughing that hard in quit a while - imagining Meg & company having fits every time he did something. :)) )

The whole problem is that most news organizations all out ignored this. Ebay itself has done a lot to try and sweep this incident under the rug. I HAVE been trying to re-find the stories I saw from places you guys would consider "real news", but so far no luck. If I thought you guys would accept the PDF saves I made of them, i'd upload them somewhere.

Shoot, until recently(after his supposed capture) mearly mentioning his name on the ebay boards would get the post or thread deleted, and the person who made it a "vacation". :O (No lie - both myself and a friend asked of anything news on Vladuz... Mine was deleted after 3 minutes, my friend's after 5 minutes - each of us recieving an email saying we were temporarily suspended. :)) )

In general, Gordo presents the attitude of someone looking for any excuse to get rid of information on an actual event.

75.7.240.28 (talk) 03:12, 16 May 2008 (UTC)

• I really don't think that's fair. Ask William -- I've repeatedly been all over him about sourcing for stuff he's wanted to include in eBay, but when proper sourcing is provided, there are no problems. Wikipedia is very strict about sources of information; things that you happened to have witnessed yourself are only usable if they are verifiable, and this always requires reliable sources. That's all I've been saying from the start, and why I was so annoyed when you reacted by insulting and threatening me. What was the point of all that? It certainly didn't increase the likelihood that the material you wanted would be included. If I offended you by being too terse or curt, I do apologize for that; it's a tendency I have to work to keep in check. --jpgordon^∇∆∇∆ 04:33, 16 May 2008 (UTC)

• Here's a simple way to find sources: http://news.google.com/news?hl=en&tab=wn&ned=us&q=Vladuz , though I already did that and the sources were sorted through. If google news fails, this http://www.google.com/search?hl=en&q=Vladuz+news sometimes works but you have to really dig through it. Just avoid personal sites and if it looks like news and you see a bunch of commented text added or the word blog anywhere then it's very likely a blog and can't be use. William Ortiz (talk) 04:51, 16 May 2008 (UTC)

I think I'll go offtopic. I read that eBay was originally written in perl (I remember writing in perl, if there's a tiny error then you just get a vague error and have to make each tiny change one at a time and it took forever and the code was hard) and then rewritten in C++ (I once tried that language and it was really slow to make programs in compared to other languages). You see a .dll in eBay's URL. There was a test that said C++ was hundreds of times faster than PHP and Perl. Auctiva.com (a useful site to do ebay listing) runs on ASP which I've heard is a little slower than PHP. I also don't know if eBay uses MySQL (skype uses prostgresSQL) but whatever the case eBay is probably very hard to hack compared to the normal PHP website and their code is likely to run very fast. Plus eBay has a large programming team so even though their site is complex and sometimes buggy, they're likely to fix errors fast. So I doubt people like Vladuz come along that frequently. William Ortiz (talk) 05:00, 16 May 2008 (UTC)

But therein lies a paradox of sorts - if ebay would fix problems quickly, how was it that he (Vladuz) was able to repeatedly gain access over the course of at least a year's time????

And JP, it sounds like you and William don't know how things work with companies like ebay, so (And don't be offended) I'll give you a quick rundown.

In short, if they don't want it known, they can & do use leverage to keep it largely out of mainstream media. Think of it this way, if it became widely known, what do you think would happen to their stock prices? Only when he was supposedly captured, then did ebay come out tumpetting it, but while he was loose they did their best to squash as much information as possible, downplaying the whole thing. :( In short, they're only interested in raking in cash - and normally could care less about fraud & criminal activity on their site. And that's no "fairytale". :(

Believe me fellas, there's a lot of stuff most people don't realize about ebay - if you want, I'll upload some of it and give you links. It'll really raise your hackles.

75.7.240.28 (talk) 09:16, 16 May 2008 (UTC)

ROFL - I just had to post this!

http://tagchat-oai.com/forum/index.php?topic=18.0

SEPT. 2007 8:18:22 AM jackie9978 is EBAY safe or is EBAY unsafe?

8:19:49 AM Steven S. S. Please be assured that eBay is a safe online trading site ad doesn't share any personal information.

8:20:13 AM jackie9978 Then, can you explain what happened yesterday on your Trust & Safety Discussion Board, please?

8:22:09 AM Steven S. S. Sure.

8:23:59 AM Steven S. S. Due to an exploit of a feature on the PayPal site, some eBay users’ contact information may have been exposed. As soon as we learned of this exploit, we worked very quickly to shut it down.

8:24:26 AM Steven S. S. This occurred when eBay users clicked on the PayPal account signup URL from the eBay Web site. Third parties may have been able to enter an eBay ID and get the user’s contact information. [IF PRESSED, this information includes name, e-mail address, shipping information and phone numbers]

8:25:04 AM Steven S. S. Information accessed did not include financial information like credit card numbers or bank account numbers. This information is kept under the highest levels of encryption on eBay’s and PayPal’s secure servers.

8:25:28 AM jackie9978 Then, why did that information appear on your Trust & Safety discussion board?

8:27:49 AM Steven S. S. eBay and PayPal are very safe ways to buy and sell online. We have more than 2,000 professionals working to ensure the trust and safety of our systems every day. Because PayPal doesn’t share users’ financial information, privacy is built into the service.

8:28:06 AM jackie9978 Well, that isn't my question. You claim something never happened and it certainly did happen.

She asked a question, and the livehelp guy sidestepped it like he though he was George W. :))

http://www.ebaymotorssucks.com/where-is-the-sheriff.htm

Whether you agree with it or not, you got to admit.... this is some FUNNY S***! (Imagine Jackie Gleason in 'the toy' : "Here they come AGAIN!!! " roflmao! )

75.7.240.28 (talk) 12:19, 16 May 2008 (UTC)

[edit] Hacking, legal threats, and a whole lot more

All this in one news story.

http://www.guardian.co.uk/technology/2007/oct/25/ebay.hacking

Hacker taunts eBay with attacks The auction site has been the target of a hacker called Vladuz, whose actions are causing concern to the website's users and owners alike. Danny Bradbury reports The Guardian, Thursday October 25 2007

Who is Vladuz? Since at least the start of this year, eBay has been looking for this hacker from eastern Europe. According to evidence seen by the Guardian, he is able to see the listings of and listen to telephone conference calls within eBay. Sources in the hacking community say that he claims to be listening in on some meetings held by eBay chief executive Meg Whitman.

Says eBay: "This fraudster is known to eBay, Romanian authorities and the US Secret Service who are all working towards securing an arrest and successful prosecution."

Concerned to reassure users, it adds: "The central eBay site is and always has been secure." The company says, however, that the "phone system is 'open' because we conduct calls with external parties who need access to it. Confidential calls made through our system require separate security information."

Despite the reassurances, this is not the first time Vladuz has embarrassed eBay. And he is extremely good at covering his tracks. "He covers himself very well with Gmail, and uses anonymous proxies [remote computers] to access those accounts too," says David Steiner, editor of online auction news publisher Auctionbytes.

Hacker's background

What is known from the hacking community is that the individual is in his mid to late 20s and has a strong background in programming. He operates from Romania, where he was born, and has years of experience working in a corporate environment.

He also has a history of both operating and facilitating eBay-based scams. As early as 2004, someone calling themselves Vladuz was selling a set of PHP files designed to create phishing sites that would collect eBay data. "It is a very basic SDK [software development kit], allowing script kiddies to set up a phishing email scam," says Simon Heron, director of UK security company Network Box. "It sets up a website that uses as much as it can from the genuine eBay site to give it the right look and feel. The logon and password are sent to the scammer." In the readme file that he used to distribute the kit was the message: "Well go there and scam the fucking bastards! For ANY scam email me and I'll do it in max 30 hours."

While he has been in operation for several years, the spotlight has only recently fallen on Vladuz. He first came to notice in December, when Rosalinda Baldwin from The Auction Guild, an independent publisher that monitors eBay's activities (auctionguild.com), began seeing large numbers of fake auctions emerging from Chinese scammers using accounts hijacked from their real owners. "Researching that, I came across the name Vladuz in association with someone writing programs that Chinese hackers were using and building on to do these hijacks," she alleges.

At the start of the year, he turned up again, this time posting several times on eBay's forums. His posts were coloured pink, indicating that he was posting as an eBay employee. The company said that the pink postings were due to a handful of compromised eBay accounts.

"The funny thing was that he emailed through eBay, and when he was doing that he emailed me eBay employee passwords and user names," says Josh Shaffer, who founded the site FireMeg.com, which attacks the auction site's management.

In February, he attempted to highlight perceived flaws in eBay's security systems by publishing a plugin for the Firefox browser designed automatically to solve eBay's "Captchas". A Captcha is a security challenge displaying distorted text which users must type in to prove that they are real people. They work because the text is supposed to be too difficult for computers to read. Heron confirms that the plugin code (linked to a site registered with a stolen credit card) was clean; it only did what it said, without tricking the user. But others suggest that there was a payload: it directed users to a site with a Romanian domain hosted by Yahoo! (now taken down), which reportedly required users to enter some credentials. That could be a phishing route.

The most spectacular hack for which he has claimed responsibility involved the posting of at least 1,200 eBay users' personal information on an eBay discussion board late last month. The postings stayed up for over an hour, in spite of complaints from users, before the whole board was taken down. The company insists that the credit card details posted did not belong to users.

What drives Vladuz? "He told me in one email, 'I'm not a good Samaritan. I'm in it for the money'," says Baldwin. "It sounds like he's selling the tools as well as using them." But other incidents on eBay point to different motives. Days after the credit card hack, the "About me" page for eBay lawyer Scott Noyce was altered and his personal details were posted on the page. At the bottom was the signature "SGI Inc - V". SGI stands for Solutions for Generating Income, and is the name that Vladuz gave to the team of people that helped him to run his scams earlier in his career.

He used a thread on the auction watching site Pheebay.com to boast of the Noyce incident and also to claim responsibility for the credit card hack. On that thread, he pointed to a February report about Noyce contacting German scam monitoring site Falle-Internet.de. The letter threatened them with legal action unless they took down some eBay-related pages. "Revenge time," said Vladuz.

"I demand an explanation," posted one eBay user on an eBay forum a week later, when his account was mysteriously shut down and reinstated. Another replied that the same had happened to him, accompanied by an email that read: "Stop saying shit stuff about me, asshole. vladuz." eBay posted a response saying that the hacker had found some old administrative functions that had not been turned off after a security change. "We are undergoing an audit to ensure obsolete code that may still exist for other reasons is secure," it said.

Security fears

"If there's an administrative portal that was visible on an external server, how many other scammers have been using that?" asked Ed 'Doc' Koon, who runs the eBay monitoring site ebaymotorssucks.com. In the past few months, eBay has downplayed Vladuz's significance, but Koon is one of a number of eBay watchers who believes that the company's security is far from watertight.

eBay makes the rules of engagement clear for customers, describing the dangers of phishing emails that lure users to enter their details into fake eBay sites. But what about the redirect scams? "You have people actually embedding in auction pages redirects to fake sign-in pages," says Pheebay. Clicking on a valid eBay page would thus take you straight to a phishing site. "I probably get a couple of emails a week from people that fall for these redirect scams," says Koon. Redirect scams have been seen on eBay for more than a year. "I had one last week from a guy who sent $7,200 for a 57 Chevy convertible," Koon says. "Hello? Your money's gone."

Others worry about "second chance" scams, in which fraudsters contact auction losers pretending to be from eBay, offering them the chance to bid on an item again. The link takes them to another site where their information is stolen. "How are these scammers getting these peoples' direct email addresses?" asks Koon.

Rodger Flemming, who helps run Falle-Internet, speculates that scammers may have access to the eBay database. Screenshots of tools) purported to have been created to manipulate eBay's systems have been posted on eBay watchers' sites, but it is difficult to prove their authenticity. eBay maintains that the website has not been hacked, but such denials are always tainted with the obvious question: how can you be sure? When presented with news of the recent phone system hack, which targets internal corporate systems rather than the website, eBay admitted that it had no knowledge of it.

Intimate knowledge of systems

That hack, revealed to the Guardian by a source close to Vladuz, demonstrates an intimate knowledge of systems central to eBay's day-to-day business operations. It has given the hacker access to a broad range of information. And nobody knows for how long Vladuz may have been eavesdropping.

While the community mulls these issues, some have said that Vladuz could be more than one person. Another theory, perhaps both more likely and more frightening, is that there are more like him. "There are thousands of hackers. It doesn't make much sense that he'd be the only one out there," says AuctionBytes' Steiner. "It makes no sense to me that if these things are as wide open as he says, he would be the only one."

And there's the worry. For every loose-tongued, forum-happy blackhat, there could be many silent, disciplined ones. This latest revelation will do little to reassure users. Millions of dollars each day are transacted via eBay. The company made a net income of $1.1bn (£543m) last year on almost $6bn of revenues, and people depend on it for their livelihoods and it is a linchpin of the online economy. But just how safe is eBay from the dark side of the web?

If you'll notice, ebay's story constantly changes. Ask any cop what that means ;)

75.7.240.28 (talk) 12:39, 16 May 2008 (UTC)

• JP, it sounds like you and William don't know how things work with companies like ebay -- perhaps you're still confused. I've not criticized the content of your material; I've solely questioned the sourcing of your material. We're not having an argument about what may or may not have happened. Just source it in the article; you don't need to publish long extracts here (we're all real good at following links.) --jpgordon^∇∆∇∆ 13:27, 16 May 2008 (UTC)

• Scientology uses lawyers like crazy, probably more than eBay. Scientology fought hard to cover up things like Xenu and yet there's lots of sources about it notable enough for Wikipedia. So there'd likely be the same of things eBay wants to hide. William Ortiz (talk) 15:16, 16 May 2008 (UTC)

(Sigh) fine. The section's been deleted for "lack of proof". :(

75.7.240.28 (talk) 05:51, 17 May 2008 (UTC)

I thought you had some proof. There's a bunch of stuff in google news if you search "Vladuz" in there. William Ortiz (talk) 09:16, 17 May 2008 (UTC)

I could offer up news stories, screen shots, interviews, hell even the source code that allowed however he did it... no matter what it is It would never be considered "proof".

75.7.240.28 (talk) 09:54, 17 May 2008 (UTC)

I've restored the section; possibly some other editor who understands our verifiability requirements will provide adequate sources. --jpgordon^∇∆∇∆ 14:59, 17 May 2008 (UTC)

The news reports are proof. Really, you got a big hacking story in the news and that's proof, simple as that. The news may not have all the details, but that's pretty much proof. Also when you said, "And JP, it sounds like you and William don't know how things work with companies like ebay". Please read JP's userpage where he gives his work history. I think JP worked there some years back, before eBay got the problems with real intellectual property holders doing fake VERO reports to keep their prices from selling to low on ebay, phony intellectual property holders signing up for VERO to hurt their competitors, and all the stuff eBay makes new seller accounts go through like personally verifying they have a merchant account to accept payments other than paypal, being called on the phone and phone-screened even if they do only take paypal, random automated suspensions for a fake reason like "abusing ebay" if a new account sells more than a few items a day varying upon the category, how ebay now requires all sellers to verify by phone every time they clear their cookies or flash objects, paypal immediately limiting your account when you have money in it and then demanding a social security number, etc. (I didn't see all this stuff myself, it's on message boards all over the place.) Oh and the biggest one is (if they did before?) eBay doesn't encrypt passwords and uses them to link accounts together as the same person, which may be related to how Vladuz hacked into eBay. William Ortiz (talk) 22:29, 19 May 2008 (UTC)

[edit] EBAY & FRAUD

Also, what's the story of the stop4bargains? I googled it and didn't find anything but some vague stuff. I see they're suspended and feedback missing. William Ortiz (talk) 22:38, 19 May 2008 (UTC)

Here's some of what I compiled on the bozo "stop4bargains" - I have more (including PDF saves of a lot of his auctions)... I just need to figure out which old HD they're on :))

http://www.sendspace.com/file/z5qqj9

75.7.240.28 (talk) 00:59, 20 May 2008 (UTC)

[edit] Ebay scammed

Whether the edit has a point or not isn't relevant, and it may even be true. But you don't get to make a statement like that on an article without a cite. And besides, what does it mean exactly? EBay isn't a webpage, it's a web site. What exactly does it mean by "scammed"? --Escape Orbit ^(Talk) 09:10, 20 May 2008 (UTC)

OFFS! That comment makes it sound like you're grasping at straws trying desperately to exclude anything you personally don't like or agree with.

And then people like you wonder why wikipedia has such a shitty reputation & isn't considered a reliable reference.

75.7.240.28 (talk) 11:12, 20 May 2008 (UTC)

• Have you so much as glanced at our policies regarding verifiability and reliable sources? --jpgordon^∇∆∇∆ 15:10, 20 May 2008 (UTC)

---

This is the discussion page for an anonymous user, identified by the user's numerical IP address. Some IP addresses change periodically, and may be shared by several users. If you are an anonymous user, you may create an account or log in to avoid future confusion with other anonymous users. Registering also hides your IP address. [WHOIS • RDNS • RBLs • Traceroute • Geolocate • Tor check • Rangeblock finder] · [RIRs: America · Europe · Africa · Asia-Pacific · Latin America/Caribbean]