 
GOLFnSUN
Enjoy the sun
Premium
join:2002-03-03
Avalon, NJ
 ·Sprint Mobile Broa..
 ·Comcast
2 edits | Secure, but inconvenient This may be a way to provide secure communications from E-bay, but if everyone you do business with on the Internet goes this route, then you will have to go from site to site just getting your messages. How time consuming and inconvenient this method will be instead of checking your 1 email Inbox instead. Maybe they should just find a universal way to use secure communications and fix the email systems.
My Web Page
My Blog
Join Red Room Forum | |
|
 | |
| |
| | Bobby_Peru
Premium
join:2003-06-16
| Re: Secure, but inconvenient said by justin:
they may get together and offer a standard XML based message query interface. And then someone can develop a message monitoring app that can keep track of multiple sites. Great idea!
said by justin:
But then the phishers will work with the trojan writers to infect the local app and the battle will move on... Grinch! 
--
**~~Infected/Hijacked? FAQ~~~Protect/Secure Your Box/Data FAQ~~~Security Forum FAQs~~** | |
|
| | 
Jason Levine
Premium
join:2001-07-13
USA
| This type of thing is why secure RSS (RSS dynamically generated using a username and password to authorize the user) would be so nice. Imagine if you could set your RSS feedreader to download your eBay Message Center messages using your eBay username/password, your BBR post list using your BBR username/password, etc. This method would be nearly immune* to spamming, phishing, or password sniffing.
*Immune, that is, assuming that the local computer hasn't been trojaned. Once a PC's security is breached, all bets go out the window.
--
-Jason Levine
http://www.jasons-toolbox.com/
http://www.PCQandA.com/
http://www.urateit.com/ | |
|
| | | 
justin
Australian
join:1999-05-28
Brooklyn, NY
Host:
IPv6
Business Connectiv..
Home/Office setup ..
Console/Handheld g..
Console Tech
| Re: Secure, but inconvenient well if RSS requests were automatically made with any domain cookies then they could be personalized. RSS readers in-built into browsers could certainly do that. There is nothing stopping XML servers from checking login cookies and producing personal content. | |
|
| groupofone
Premium
join:2004-02-02
Atlanta, GA
| I am surprised that many of you receive 'spam' via the Ebay inbox. I have yet to receive anything other than the original 'welcome' message that explained the My Messages center.
The Ebay inbox *should* be for a) account related messages first and foremost (billing, passwords, login issues, etc., etc.) and b) selling/buying/marketing related messages second (opt-in). The My Messages inbox is really an adjunct/complement to any regularly (or not so) checked inbox. Yes, it is still susceptible to smart phishing schemes, but could be used for improved customer relations, *if* it is not abused by Ebay marketing. | |
|
| |
justin
Australian
join:1999-05-28
Brooklyn, NY | Re: Secure, but inconvenient who says anyone receives spam via the ebay inbox? | |
|
corrosive23
join:2002-06-06
Yucaipa, CA | Im calling bull on this statement Ive already received spam in my ebay message box. I bid on something and then the next day someone sent me a message saying he had similar items and would I like to bid on his auctions. | |
|
| 
Frink
Professor
join:2000-07-13
Scotch Plains, NJ | Re: Im calling bull on this statement After having this "feature" for a day, I have 5 SPAM messages in my ebay inbox. This negates this service's value at the start...very poor. | |
|
| 
starstuff
Fly By Wire
Premium
join:2001-12-05
Mcallen, TX
| said by corrosive23  :Ive already received spam in my ebay message box. I bid on something and then the next day someone sent me a message saying he had similar items and would I like to bid on his auctions. SPAM is not the problem, fraud is.
I got the following message from ebay after receiving two outside (fraudulent?) invitations from the same person.
Dear me (me@mydomain.com):
Our records indicate that you recently interacted with bluecoi4 through the eBay email system.
Sometimes eBay accounts are used to send email solicitations for transactions outside of eBay, or to send unrelated questions in an attempt to discover your email address. We wanted you to be aware of the potential fraud risk these solicitations pose and encourage you to ignore the email you received from this member. Sales that take place outside of eBay are not eligible for any eBay or PayPal protective services and you run the risk of losing your money or your item if you complete these transactions.
We would encourage you to review the eBay pages related to Fraud Protection at the address provided below for information on steps you can take to ensure that future transactions are completed successfully:
»pages.ebay.com/help/confidence/i···-ov.html
If you have already sent the item or sent payment for the item, please reply to this email and we will send you additional information about how to protect yourself.
Regards,
Customer Support (Trust and Safety Department) | |
|
| 
schnuggles
Stays Crunchy In Milk
join:2003-06-07
Deming, NM | So far *all* I've gotten is spam: gotta find a way to eliminate this "feature."
--
Salus Populi Suprema Est Lex-Cicero (106 BC - 43 BC) | |
|
Neil
Stop All The Downloadin
join:2003-08-20
New York, NY | it doesn't matter.. People will still fall for e-mail phishing scams. | |
|
salahx
join:2001-12-03
Saint Louis, MO
| Why not just use PGP or X.509? Almost all mail client support X.509 certificates, and PGP support is available for all platforms. The companies could sign their messages, that way, the mail client would only need to check the signature and you could be sure it was genuine.
Maybe its not foolproof, as phishing is a social engineering game, but "check the signature" is a lot easier than explaining to to someone how the check the headers. | |
|
| 
sivran
Long Live The Suite
Premium
join:2003-09-15
Arlington, TX
clubs: | Re: Why not just use PGP or X.509? The unwashed masses don't a) know what PGP and digital signatures are, b) probably use some sort of webmail, which makes the signature useless because viewing through a browser actually breaks it, and c) wouldn't know how in any case. | |
|
| 
Combat Chuck
Too Many Cannibals
Premium
join:2001-11-29
Erie, PA
| said by salahx :Almost all mail client support X.509 certificates, and PGP support is available for all platforms. Try explaining digital signatures to joe user and watch their eyes glaze over.
You want people to check PGP sig's while I'm still working on getting people to read and think about the warnings their browser pops up.
--
Attention all decks! Brace for whining! | |
|
| | VirtualLarry
Premium
join:2003-08-01
| Re: Why not just use PGP or X.509? said by Combat Chuck :Try explaining digital signatures to joe user and watch their eyes glaze over. You want people to check PGP sig's while I'm still working on getting people to read and think about the warnings their browser pops up. Yeah. A functioning "idiot light" indicating the correctness of crypto sigs on e-mail messages would be a Good Thing, if it would teach the masses to use them. (Ok, I consider myself fairly security-concious, and I still don't use them, mostly because no-one else does.)
I propose a picture of a traffic light, but with only two lights, red on the top, and green on the bottom.
No signature = no traffic-light picture.
Good signature = traffic light displaying green.
Bad signature = traffic light displaying red.
What do you think? The parallels between the no-lock/lock/broken-lock for SSL should be obvious. | |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL | It's all about spam With this new "in box", Ebay can spam you as much as they want, yet not be blocked by spam filters. | |
|
| 
ropeguru
Premium
join:2001-01-25
Bridgeport, WV
clubs: | Re: It's all about spam Just something else for me to ignore. I wonder how many messages I will get from Ebay in that box before they get the hint that I am not going to be reading them. | |
|
| | 
Andrew J
Premium
join:2001-11-09
Lancaster, PA
clubs: | Re: It's all about spam Yeah, the first five they sent me were pointless and really no different from spam. | |
|
| drharry
join:2001-02-12
Hopatcong, NJ
| said by nwrickert :With this new "in box", Ebay can spam you as much as they want, yet not be blocked by spam filters. First time I checked the "messages" they were all spam. At least with regular email I can control what Ebay sends me. I assume with this I/we can't. | |
|
copperdoctor
Premium
join:2003-12-08
Palatine, IL
| Noticed this Got a message the other day, caught me by surprise but I didnt think much of it since I dont do much on ebay. As far as a hassle... we live in a world of hassles...whats new.
--
»kidcubfan.blogspot.com/ | |
|
| 
ObdH
Premium
join:2003-06-11
| Re: Noticed this said by copperdoctor :Got a message the other day, caught me by surprise but I didnt think much of it since I dont do much on ebay. As far as a hassle... we live in a world of hassles...whats new. agreed... every few months I may come across something on ebay I want... but it's not like I care whether they're using email, or private messages, or packed mule... It's of little importance to me.. | |
|
JPCass
join:2001-01-23
Denver, CO
| How much does this really help? My first thought is that unless it's a site that I use frequently, I'd want them to send me an e-mail letting me know that I have messages on the site and should come check. On-site messages are really only convenient for very frequent users, who are probably more likely to be savvy about spoof e-mails anyway.
My next thought is that spoofers will just start sending messages that say "you have secure mail on the site", and then use that as just one more way to link users to a fake login. That will continue to catch a lot of the people who don't know better to begin with.
It seems that what's still needed is a widely usable standard for secure e-mail. I've also started to wonder if there shouldn't be a whole domain that could only be used by verified, bonded institutions for secure logins to their main sites - something like .sec, which users would know to watch for, and e-mail clients could check for spoofing. | |
|
|
|
|
·
·
