1. XSS Redirect Cross Site Scripting Source Code Revealed 2014

    10:37

    from @BloggingCarDude / Added

    Here is another XSS Cross Site Scripting Redirect scam on eBay Motors UK. We dig into the source code of the listing and reveal how the scammers are redirecting you off to their cleverly baited trap.

    + More details
    • XSS Cross Site Scripting Redirect Caught On Screen Video 01/20/2014

      04:37

      from @BloggingCarDude / Added

      Watch as this scam listing and 2 others whisks me off to a hacked website. This XSS Redirect Phishing Scam has been hooking suckers on eBay for many years. If you get Phished they could care less!

      + More details
      • eBay XSS Fraud How Seller StupidToy99 Lost $8500

        05:19

        from @BloggingCarDude / Added

        It's my personal opinion that a merchant should be responsible for their shoppers safety and well being. Regardless whether it's a brick and mortar store or an eCommerce shop. With today's modern technology eBay very well could put a stop to their shoppers getting defrauded. It's as easy as scanning a listings code upon submitting it or whenever a listing is revised. But i suppose that attempting to keep up with Amazon is the corporate priority.

        + More details
        • Suspected Scam ATV Website BestAtvStore

          07:11

          from @BloggingCarDude / Added

          This poster on eBay's Motors Forums claimed he was redirected to www.bestatvstore.com after clicking on an eBay search result. That sounds like another eBay XSS cross site scripting redirect that has been uncorrected for many years.

          + More details
          • eBay Motors 07 Tahoe Scam Listing 320499691440 Still Scamming After 6 Days

            07:39

            from @BloggingCarDude / Added

            I thought for sure this eBay xss cross site scripting scam would be gone when i woke up this morning - but no such luck! Where is eBay's TRUST and SAFETY when you need them? They sure are not watching the site! This must be more proof of John Donahoe's staff cuts. And what about the eBay account owner? Where is this guy? I'm sure he must have been contacted by concerned eBayer's by now. eBay has also recently started suspending members for posting fraud auctions like this one on their discussion boards. A member recently got a permanent board suspension for posting a link to Ina Steiner's auctionbytes.com blog. Nothing like eBay shooting the messengers!

            + More details
            • eBay Motors Redirect Scam Still Going Sunday Morning

              04:22

              from @BloggingCarDude / Added

              320499691440 Wow.. I guess the lights are still out in San Jose. Meanwhile sometime last night the scammer cancelled all the bids! Last night it was at 27,100 now it's at 17,500.. But wait a minute.. How does an auction become a Buy Now in the flash of the eye? When it's an eBay Motors Redirect Scam.. That's How! Somewhere on the net I remember reading an article where John Donahoe said, Meg Whitman prepared me well for my tenure with eBay.. She always lied and denied about eBay being hacked and the amount of fraud on eBay.. Dumbo is just following the orders Meg gave him..

              + More details
              • The Lights Are OUT In San Jose Redirect's Still Going

                06:45

                from @BloggingCarDude / Added

                320499691440 the scam redirect eBay listing that authenticates your confidential eBay user information. It's ran 82 HOURS So Far out of 7 Days! I guess the lights are OUT in San Jose on the weekends! This is nothing new.. When Meg Whitman ran eBay there was nobody home on weekends either. How many people will get scammed by this one listing? It has had over 5600 Page Views so far! If there is anything good about this scam at all, It is for this large sum of money, the buyer will have to go to the bank and do a wire transfer. And they can't do that until Monday morning. Hopefully anyone that has been hoodwinked by this thing will do their homework and realize it is a SCAM before they loose their money! The way this kind of scam goes is, someone will fall for a work from home job offering, either on a job site or from a spam email address. The fraudster has the "Money Mule" accept a bank wire transfer from his client keep %10-20 and then wire the balance to someone else. This process is often repeated several times to help cover the scammers tracks. Unfortunately for the victim eBay will pull there listing and deny it ever existed. The eBay VPP will not pay the claim, and without the original eBay listing in the system the victim can not even file a protection claim. It's all over for the victim - money gone and no car!

                + More details
                • eBay SUV Redirect Scam Caught On Screen Video

                  04:15

                  from @BloggingCarDude / Added

                  Watch as i am redirected from eBay to a hacked website containing an exact mirror copy of an eBay Motors listing. To slow the speed of the redirect down i used my Blackberry as an IP Modem to capture the scam in motion on video. They have not fixed this xss cross site scripting redirect since at least 2006 when the US-CERT issued their warning. Don't get phished read my popular article "Internet Car Buying and Selling Tips" available here: http://wp.me/P4zfF4-2MM

                  + More details
                  • Before and After: Installing Prevoty Plug-In for Java

                    04:03

                    from Prevoty / Added

                    222 Plays / / 0 Comments

                    Prevoty Plug-ins enable enterprises to give existing published, legacy and third party applications an injection of security without requiring access to source code or having developers make any changes to the applications whatsoever. Using a Java app as an example, Prevoty CTO Kunal Anand demonstrates how easy it is to implement the Plug-In: a single install script will add Prevoty capability to the application - for Java this is implemented via a servlet filter.

                    + More details
                    • Devouring Security - Cross Site Scripting (XSS)

                      01:11:08

                      from gmaran23 / Added

                      57 Plays / / 0 Comments

                      Agenda in • Risk, Stories & the news • XSS Anatomy • Untrusted Data Sources – Well, Where did that come from? • Shouldn’t it be called CSS instead? • Types of XSS • Type 0 [DOM based] • Type 1 [Reflected or Non-persistent XSS] • Type 2 [Persistent or Stored XSS] • Live Demo: XSS 101 with alert('hello XSS world') • Live Demo: Cookie Hijacking and Privilege Escalation • Face/Off with John Travolta and Nicolas Cage • Live Demo: Let’s deploy some Key loggers,huh? • Mitigations • Input Sanitization • Popular Libraries for .Net, Java, php • Demo: Input sanitization • Whitelists (vs. Blackists) • Output Encoding • Contextual • Demo: Output Encoding • Browser Protections & bypasses • Framework Protections & bypasses • Content Security Policy (CSP) in brief • Secure Code reviews: Spot an XSS, How? • Tools: Do we have an option? • XSS Buzz and how to Fuzz • Renowned Cheat sheets • Further reading & References

                      + More details

                      What are Tags?

                      Tags

                      Tags are keywords that describe videos. For example, a video of your Hawaiian vacation might be tagged with "Hawaii," "beach," "surfing," and "sunburn."