Javascript lols on the bay of fleas!
 
What's that you say, ad-hoc script execution without using any alpha-numeric characters?
 
Yup:
 
http://thedailywtf.com/ar.cles/bidding-on-security
 
blog.checkpoint.com/2016/02/02/ebay-platform-exposed-to-severe-vulnerability/
 
This is no crypto-breaking or man-in-the-middle style of exploitation, this is running ad-hoc java script directly on the client (i.e., your) machine by using a rather nasty JSF**k trick.  The exploit could embed malicious code within legit fleabay pages which are delivered to you and neither the server nor you would be any the wiser.
 
Personally, I am going nowhere near fleabay until they've addressed the problem.
 
 

ston
Personally, I am going nowhere near fleabay until it becomes a viable way to sell things like it was in the beginning.
 

My take.

Wait, you can sell things there? :-)
 
I've never tried tbh, I tend to Give Away With Extreme Prejudice things that I no longer need, i.e. when the space they're occupying becomes more valuable than the thing doing the occupying.
 
I shouldn't worry too much about the exploit tbh; I'm saving all my energy up to worry about the $%&@#! DROWN TLS-breaking bug caused by exploiting 1990's SSLv2 tech which many servers still support (why?!)  Don't worry, only about a 3rd of ALL servers are vulnerable.
 
For those with Marvin-esque sized brains: https://drownattack.com/drown-attack-paper.pdf

67% is a better chance than in Vegas though!

Hi,
 
Hey ... the Coffee House is TRUTHY!

craigb

ston
Personally, I am going nowhere near fleabay until it becomes a viable way to sell things like it was in the beginning.
 

My take.

Haven't sold anything for a good while, it's just a minefield for sellers now and the Ebay/Paypal fees have become prohibitive IMO.