eBay

her last purchase before using ebay was over eight months ago, card is never used for anything but online purchases - she does not live in credit land.  Co-incidental i think it is part of a larger scam - she used her credit card as a guest i think, but maybe to do with a weak password or the like- nontheless she won't be using ebay again and i'm sure many in the office won't either.  Shame this place has gone so downhill but i guess it's an old fashioned way of selling or shopping that has been usurped by another behemoth on social media.

---

@supermussolinibros wrote:

her last purchase before using ebay was over eight months ago, card is never used for anything but online purchases - she does not live in credit land.  Co-incidental i think it is part of a larger scam - she used her credit card as a guest i think, but maybe to do with a weak password or the like- nontheless she won't be using ebay again and i'm sure many in the office won't either.  Shame this place has gone so downhill but i guess it's an old fashioned way of selling or shopping that has been usurped by another behemoth on social media.

---

Her point of complaint would be Paypal. eBay has nothing to do with payments.

Once again, you're drawing a long bow in trying to discourage people from using eBay. Just because it didn't work for you doesn't mean it won't work for others.

---

@supermussolinibros wrote:

gutterpunk i see you are making enough on here to buy some mixed lollies - kudos to you.

 

This year is going to be very tough economically for mum and dad sellers on here as the platform slides into becoming irrelevant, and especially with the economic damage from the fires- i guess i understand your anger, but don't despair this place is not the be all end all - you seem to have some skills in electrical which may help people rebuild after the fires - cheer up emo kid

---

This just shows you have absolutely no idea about ebay and the many accounts we are permitted,  I am also guessing both you and your friend have no idea about internet security protocols. 

Anger, you must be kidding, have never been happier, and take every day and every challenge with a grain of salt.

Emo Kid.    Ha Ha, you have no idea at all.

As for it being a financially challenging year ahead, that is something you are probably right about, but then again life would be pretty boring without the odd little challenge

Anyway, I will have to go and get my neighbour to count his horses, as you seem to be short a few in the top paddock.

Thanks for your answer - please explain the internet security protocols - i would be most enlightened by your understanding of the OSI layers and TCP/ip stack - please explain how on earth SFTP/HTTPS/ or even SSL relates to this matter  - at which layer do you think the failure has happened maybe you could SSL into her machine and show us your vast knowledge.  Could there be a failure in her BSD based system? would switching to another implementation of BSD that is more pure than her platform mitigate any possible breaches? which BSD system would you suggest as an alternative especially taking into consideration hardware support?  Is BSD even the correct path to take?  Do you think maybe someone has used aircrack to mitigate WPA2 encryption?

Don't lie to impress gutterpunk

hey gutterpunk maybe you could facilitate an RDP session into that horse paddock - but just wondering if that horse paddock uses LDAP or kerberos authentication or are tokens used?  please respond as you said i'm a few horses short.  Is there a SMB share setup on that horse paddock?  If a share is not setup directly is FTP implemented and what SHA level of encryption does it use?

---

@supermussolinibros wrote:

Thanks for your answer - please explain the internet security protocols - i would be most enlightened by your understanding of the OSI layers and TCP/ip stack - please explain how on earth SFTP/HTTPS/ or even SSL relates to this matter  - at which layer do you think the failure has happened maybe you could SSL into her machine and show us your vast knowledge.  Could there be a failure in her BSD based system? would switching to another implementation of BSD that is more pure than her platform mitigate any possible breaches? which BSD system would you suggest as an alternative especially taking into consideration hardware support?  Is BSD even the correct path to take?  Do you think maybe someone has used aircrack to mitigate WPA2 encryption?

 

Don't lie to impress gutterpunk

 

 

 

 

---

That's very impressive,but all you have shown is what and how a security protocol operates,we have the secure shell data stream,the tech encryption some operating systems and wifi security.

All of these things are in place to STOP hackers.

You have lost the support of members on here because you have tried every thing to lure us away from ebay and it hasn't worked so then you came up with this ridiculous story so no matter what ABCs you throw out there we don't care.

Build a bridge and get over it!

Move on it's as simple as that for your own sakes.

---

@supermussolinibros wrote:

Thanks for your answer - please explain the internet security protocols - i would be most enlightened by your understanding of the OSI layers and TCP/ip stack - please explain how on earth SFTP/HTTPS/ or even SSL relates to this matter  - at which layer do you think the failure has happened maybe you could SSL into her machine and show us your vast knowledge.  Could there be a failure in her BSD based system? would switching to another implementation of BSD that is more pure than her platform mitigate any possible breaches? which BSD system would you suggest as an alternative especially taking into consideration hardware support?  Is BSD even the correct path to take?  Do you think maybe someone has used aircrack to mitigate WPA2 encryption?

 

Don't lie to impress gutterpunk

 

 

 

 

---

01110111 01101000 01101111 00100000 01100111 01101001 01110110 01100101 01110011 00100000 01100001 00100000 01110011 01101000 01101001 01110100

@supermussolinibros,

Your tone strikes me as confrontational... although perhaps I am misreading what you have posted.

Firstly, the issue of internet security protocols... It should have been clear from the context that gutterpunkz was actually talking about internet security behaviour - that is, how to conduct transactions safely online or how to how handle one's personal (particularly financial) data securely online. In my opinion there was no need to segue into discussing iPsec with jargon relating to it...  🔒 and 🔑 and 🛡 and 🤝 etc. Secure transmission of data is - probably (I think) not the issue, is it?

If you think the lady's O/S is the issue, that isn't something for anyone here to tackle. She would be best off contacting a reputable computer technician and perhaps moving to a new computer. I'm a bit bewildered by your throwing in mention of very specific O/Ss that are honestly not likely to be used by the lady you have mentioned - at least not by what you've said of this lady. I have the impression that she uses a PC running Windows or an Apple computer running macOS... Or do you mean that she used a workstation connected to a server in a business, when she made her first eBay purchase?

You're not suggesting, in the case of the lady concerned, that the bank's security protocols have been compromised...? If not, no need to consider those protocols.

You said "she did use paypal - credit card details have been hijacked after ebay purchase". I'm certainly not going to say that the lady's PayPal account could not have been breached. PayPal has had data breaches in the past. It is at least possible that the lady's credit card information was hacked in this way.

(But... even though the misuse of her financial information occurred subsequent to the lady's eBay purchase, there may be no relationship between the two things. Correlation is not causation, of course...)

If the lady used eBay as a seller and stored her credit card for her seller fees, logically it's possible that her card details could have been hacked. From what you say, though, the lady is not an eBay seller. Therefore we can discount this possibility.

If - as you say - the lady paid using PayPal, then the Melbourne bookseller never had access to the lady's card details. That is why it's impossible for the card details to have been hacked from the seller, or for the seller to have misused those card details. Therefore when you say "I was thinking maybe the melbourne bookseller maybe has their account compromised", that is incorrect.

You then add further information: "her last purchase before using ebay was over eight months ago, card is never used for anything but online purchases". I hope you don't mind, but I find that a little difficult to believe. It doesn't make sense, and as has been famously said, "If it doesn't make sense, it isn't true." Eight months ago? A card used only for online purchases? Are you sure that this lady is recollecting her card use correctly?

Even if she last used her card eight months for a purchase from Kogan or Target or K-Mart, one of these sites could have had a recent data breach (or a data breach months ago with the lady's card being one of thost used later than others). The lady should at the very least consider this as a possibility.

You say "she used her credit card as a guest i think". This is not in line with your previous comment that "she did use paypal". Did she have a PayPal account or not? While it's true that her credit card payment would have been processed with PayPal as the payment gateway if she used her credit card as a guest, that is certainly not the same thing as "she did use paypal". Were her card details stolen at the time of entering  the card number etc. in the eBay checkout, you would in effect be suggesting that the data is hijacked during transmission, I presume? (The card details are not stored.)

I'm also a little confused by your comment that it was "maybe to do with a weak password or the like". If the lady paid as a guest, she used no password. If she paid using a PayPal account, she would have been prompted to use a strong password; to the best of my knowledge, it's not possible to set up a PayPal account with a weak password. Perhaps the lady has given you conflicting information...?

Of course we should never be too complacent when it comes to security protocols; it's a never-ending war between information that must be transmitted or stored to facilitiate transactions, and criminal attempts to breach the protections in place for that information transmission and / or storage. However, is it perhaps more likely that the lady has a keystroke logger, or other malware, on her computer? It is amazing how often people click onto things they shouldn't...

This lady is apparently "having money stolen out of her account by a US company". It's a nasty feeling to see unauthorised transactions in one's statement. It happened to me some years ago, on a card which I had never used for anything online. Neither the bank nor I could determine the source of the breach, although the likeliest explanation is that scammers used a card skimming device or a contactless device. Because the fraudulent use of the card details was by someone overseas, it's less likely that a thief here in Melbourne physically stole the card details - but it's not impossible. (In that case, the thief would have been just one of a global network stealing card details routinely, and sending those details up the chain in criminal organisation for which they were working.)

Just by the way... when you say that "This practice of the moderators removing crucial details and company names which have nothing to do with ebay is like they are facilitating fraud and theft', you are not correct. eBay's moderators will remove such details and names in line with their policies (Community content policy, Contact information policy (not quite as relevant, though), and (very pertinently) the Community Rules of Engagement). The reasons for that are too obvious to require any explanation.

A few more points... You say that the lady reported eBay to the ACCC. That truly doesn't seem likely. Are you sure that the lady is being truthful with you? The ACCC's "primary responsibility is to ensure that individuals and businesses comply with Australian competition, fair trading, and consumer protection laws - in particular the Competition and Consumer Act 2010."  Having one's credit card details being used by an overseas entity does not fall under this at all, even if the complainant were able to demonstrate a link showing eBay were the source of the breach. There are other bodies to which such a complaint could be made, but the ACCC? Something seems off with this. Perhaps the lady meant another organisation, and misspoke when she said ACCC to you.

You also say that the lady filed a report with ACORN. That's not possible; ACORN has fallen from the tree. Is it possible that the lady misspoke to you and meant to say ReportCyber? If she did make a report to ReportCyber, did she state that her details were part of a data breach? What evidence did she supply in relation to this? (Bear in mind that suspicion or a conclusion is not evidence.) Hopefully she would have included the information that her financial institution resolved the issue...  In the description of events, this lady would have been able to outline what happened, but it would be clear that what actually happened does not point to eBay as the source of the data breach. It would have been evident in the report that the lady suspected a connection - but this would not even cause a whisper of an investigation into eBay. The overseas entity that used the card details would have their details passed on, probably, by ACSC to the relevant overseas law enforcement authorities, but since the financial loss (not a large one) has already been resolved, I am very certain that this isn't one of those cases likely to be pursued with any sort of vigour - if at all.

The lady in question should be relieved that she has had no unrecovered financial loss.

Also, just briefly addressing a few other things...

"Bank teller told her that ebay is a very bad dodgy place." To which I can best quote "feruntque reprehensum a sutore, quod in crepidis una pauciores intus fecisset ansas, eodem postero die superbo emendatione pristinae admonitionis cavillante circa crus, indignatum prospexisse denuntiantem, ne supra crepidam sutor iudicaret, quod et ipsum in proverbium abiit. fuit enim et comitas illi, propter quam gratior Alexandro Magno frequenter in officinam ventitanti — nam, ut diximus, ab alio se ingi vetuerat edicto —, sed in officina imperite multa disserenti silentium comiter suadebat, rideri eum dicens a pueris, qui colores tererent."

(See Work in Progress: Literary Revision as Social Performance in Ancient Rome for translation and contex...

You say "Ebay used to be a safe trustworthy place to shop and secure - what the hell has happened?" If you are familiar with iPsec issues, you can answer this just as well as I. None of it is specific to eBay; it is a global online problem. However, it is yet to be established that eBay is - on the basis of this lady's experience - not a safe and trustworthy place to shop. CAVEAT: I make no claims relevant to eBay's security. I'm not employed by eBay in any capacity, let alone as someone responsible for its security protocols, its architecture, etc.

You say "She has been telling quite a lot of people around our very very busy workplace how bad ebay is and dangerous." The lady can say whatever she wishes about her personal experience. No doubt other people have their own experiences about credit cards, security, online purchases, eBay, etc. Presumably your emphasis in repeating the word "very' in front of the word "busy" is to imply that there will be some sort of dire fallout through this lady's anecdote. I doubt that eBay cares; there have been much more damaging stories by eBay buyers which have failed to stop ever-increasing buyers purchasing on eBay - and doing so in far more risky transactions than the one you've related here. If the lady's experience instils a soupçon of caution in at least a few people when it comes to internet purchases, then good.

You say "she won't be using ebay again and i'm sure many in the office won't either." That is their choice. There are plenty of places from which to purchase online. My own spending on eBay has drastically fallen - but that's not due to any data breach issues.

You say "Shame this place has gone so downhill but i guess it's an old fashioned way of selling or shopping that has been usurped by another behemoth on social media". Presumably you mean Facebook...? That works for some sorts of things, and not for others. To the best of my knowledge, these are apples and oranges. I've no skin in this game as I'm not a seller. I will say that while I purchase from many different online sellers and sites, I've never bought via/on Facebook. Each to their own...

The overall sense I am getting is that you have serious beef with eBay, and that this beef is not due (or not solely due) to the anecdote you have posted here.

I am put off by your denigrating comments towards members posting here - in particular towards gutterpunkz. Some of what you say is deliberately offensive to an uncalled-for level. Some level of debate - even namecalling - could have been appropriate, since gutterpunkz did post the horse excrement comment. That would have been some spirited and possibly funny interaction. I was sorry to read how it played out.

For the record... several people have posted on this thread saying that they found the story unconvincing. I am of that ilk too. There's too much in the story which doesn't add up.

Amazing, I actually read all of that and found it a succinct and intelligent response to a very silly story. Well put Countess.