eBay PayFlow Checkout, Hacker Approved?? 26 March 2009 EventHorizon1984
eBay plans to deactivate 3rd party checkout around June 2009. Meaning eBay Sellers with Merchant Accounts (using 3rd party checkout), allowing non-PayPal credit card payments, are required to sign up for a mandatory PayFlow account beginning March 1st 2009.
Well an event that appears interestingly timed with eBay's new PayFlow checkout occurred. It appears that someone may have conducted the first large scale test of the vulnerability of eBay's new eBay/PayFlowcheckout.
"There were several disturbing characteristics of this attack. It appears that scammers could use bogus information (including email address, physical address, and phone number) to send payments with credit cards that were, one would conclude, compromised or stolen. In some of those cases, it seems PayPal failed to identify them as suspicious to the merchant in a timely fashion."
"But we know that when one incident surfaces, they are bound to be followed by more, so keep an eye out for strange activity in your PayPal account, and keep a close eye on your credit cards!"
Not that we find this surprising.
Look up active registered eBay Developer spopa2006 ( 3 ) sometime, as we blog back in time.
"According to the affidavit, Popa was sentenced to 71 days in jail in Michigan in 2006 after being charged for using a hijacked eBay account to defraud someone into paying $1,448 for an item that didn't exist."
Remember, eBay code monkeys and Developers are working on and implementing software to allow buyers to input their credit card information directly on the eBay site and through eBay owned PayPal/PayFlow.
Hey there. I wrote a similar project in C++ by using pointers. However, the implemented network interface i used in C++ is no longer supported and I am not a C# guru as I am in c++. Tell me whether or not you got your solution. You can email me at [email protected]
"A Romanian immigrant was indicted Tuesday in federal court in Minneapolis on charges that he operated a computerized "phishing" scheme for several years that raked in financial records and personal identification from thousands of individuals, including many from Minnesota."
"Sergiu Daniel Popa, 20, of Shelby Township, Mich., was indicted on three counts of possessing 15 or more devices designed to collect data on the Internet without authorization, and three counts of aggravated identity theft."
"According to {FBI Special Agent Theodore} Theisen's affidavit and the indictment:"
"Popa had more than 7,000 identities of victims of various phishing schemes, together with bank account, credit card and Social Security numbers, and passwords for some eBay, online banking and e-mail accounts. He offered to sell the stolen information to others."
"Popa was convicted of larceny by conversion on June 12, 2006, stemming from a case in Saline, Mich. He was accused of using a hijacked eBay account to trick an individual into sending him $1,448 to buy a product that didn't exist. He served 71 days, Theisen said."
spopa2006 (2 ) View Listings | Report Jun-26-07 13:34 PDT 3 of 3 Listen guys. I am Sergiu D. Popa. I am that horrible guy!
Now let me make things a bit clear for you. First and foremost, I think that the Feds are a bit mentally challenged to put me behind bars because I have access to a lot of databases and I can predict every single move one tries to make against me.
And by the way, employing the described techniques by the newspaper article I successfully obtained about 1.1 Million dollars. I never run a Western Union Scheme as the newspaper says. I run an insurance scheme and therefore there shouldn't be any complaints. Insurances have plenty of money.
They also fail to mention in the newspapers reports who I really am in terms of my education and my real story. If you would really know my background and my level of education, you would probably realize that I can listen to your phone conversation, or maybe take a refinance loan on your house without you knowing. I am really appalled by the fact that you guys are making such comments on my behalf. Who are you to judge me? You guys make me laugh.
They also failed to say that I used to work as a mortgage broker and I regret the mistakes I made by scamming insurance companies but I was only 16 at the time I was doing it. I also offered to pay restitution to the Government. However, they always have to win, and they will never accept restitution because they want to prosecute me.
I have also seen a newspaper article where I was described as speaking a broken English. Let's analyze that for a second. At 14 I was teaching Differential Equations and Mechanics at a 4 yr college in New Hampshire, and by the time I was 15 I graduated high school. I am not a wannabe. As a matter of fact, I think I read more books in my life than the whole FBI Minnesota office. If the newspapers are going to write an article about me, I ask them to tell the whole truth. Call my college professors and ask them who I really am.
I know FBI, NASA, BOP and all those other government bonehead agencies are not happy when a kid who immigrated from another country penetrates their systems, but such is life. Get used to it. If in this life, we would all have an equal level of intelligence the world would come to an end. But how would you guys know that? I bet you guys never actually read a sociology, philosophy or psychology book and actually made something out of it.
But here is a warning to everybody who will post bogus information about me:
I will make your life a hell. Do not test me. Do not post information that is not accurate. I already have enough bad publicity and I do not want more. I want to be left alone.
This also applies to the Feds. I have been a nice guy with you, but once again, you are not smart enough to catch me for one, and I would really hate to see you guys back to stone age. How much would the Feds loose if one of their databases were to be completely deleted?
I am not an evil person, but I could be if I wanted to. Let's all live in peace and harmony. Mind your own business and I will mind my own.
Very Truly Yours, Sergiu D. Popa
.
spopa2006 (2 ) View Listings | Report Jun-26-07 23:56 PDT 5 of 5 Why would you think it is a joke? Better yet, what are the reasons for which you think this is a joke?
"Sergiu Daniel Popa, who for the past seven years has lived in New York and Michigan, pleaded guilty in federal court in Minneapolis to two felonies related to the scheme. He faces a maximum of 10 years in federal prison and a fine of $500,000. Sentencing has not yet been scheduled."
"According to Popa's plea agreement, the scheme snagged the identities of 7,000 individuals who suffered a net loss of about $700,000. When his house was searched earlier this year, authorities found a machine for imprinting graphics on blank plastic cards, foil ribbons for making holographic images that appear on finished cards, blank cards, and partially created fraudulent drivers' licenses."
Popa also possessed pre-built websites spoofing the online destinations of multiple financial institutions, such as PayPal, SunTrust Bank, and CitiBank, according to an affidavit filed in the case. He offered to sell phishing kits with step-by-step instructions for $1,500 and software and hardware capable of counterfeiting credit cards.
According to the affidavit, Popa was sentenced to 71 days in jail in Michigan in 2006 after being charged for using a hijacked eBay account to defraud someone into paying $1,448 for an item that didn't exist.
"The eBay you knew is not the eBay of today or the eBay of the future."
Translation: eBay of yesterday is dead.
"We were the biggest and the best. And when you're the biggest and the best, there's a strong tendency to try to preserve that," "EBay has a storied past. But frankly, it's a past we've held onto too much."
Translation: eBay was successful, and we're changing that.
Donahoe pointed out that e-commerce is just 6% of real-world retail.
Translation: eBay may think it's the 800 pound gorilla, but it's not.
EBay's pitch: Skype would help eBay users buy and sell goods. "We were wrong," eBay Chief Executive John Donahoe told analysts and investors Wednesday at its San Jose, Calif., campus. "We thought it would reduce friction in commerce and payments.”
We found this interesting piece on the eBay Seller Central public forum. Historically eBay "archives" these types of comments. We're posting it before it disappears permanently.
If you have any comments, post on the forum or drop hermanns_attic a line.
"I can't hardly stand it!!" Sheriff Andy Taylor of Mayberry, The Andy Griffith Show
As a buyer & seller of antiques and collectibles, I have many opportunities to talk about . . . buying and selling antiques and collectibles. I go to two or three, rural, mid-western estate auctions a month and I visit at least that many antique malls & thrift shops each week. I'm a talkative person and I always like to talk about . . . buying and selling antiques and collectibles. In the last six months I have noticed a sea-change in the way eBay is discussed around town and elsewhere. I simply don't recall ever hearing so many, real-world negatives regarding eBay. One might like to believe that the negative attitudes on eBay's forums were not reflective of the "real world". I've tried to keep that perspective as well, but lately, I'm noticing just as much eBay negativity on the street as I am on the forums.
Sure, sometimes it's me who starts in with the "eBay s*cks" routine & sometimes it's someone else. One thing's for certain though . . . the conversations always come around to "eBay s*cks". Used to be we'd talk about how great eBay was and all of the one-dollar items we'd sold for a hundred dollars or more. No more.
Last weekend the eBay bashing began when the auctioneer said something like "you can sell this on eBay and make a fortune". This time last year his statement would've brought an eager bid. This time, this year, it brought a sneer from the couple in front of me. Of course, I had to agree with them and we ended up talking about how much eBay s*cks with the people around us. So, at this one auction, there were at least a half-dozen people who left with the impression that eBay s*cks.
Just this afternoon I saw our local auctioneer at the Post Office. We talked about how much eBay s*cks. The postal workers are well aware of eBay's recent s*ckiness. They've noticed. Not only have they noticed that I no longer bring in lots of 200 eBay packages at a time . . . but that there are a number of others who don't either.
This afternoon I went to rent a booth at a local antique mall. The clerk was the first to mention how much eBay had started to s*ck over the last six months. We talked.
All of this talking got me thinking . . . I'm just one disgruntled former eBay seller who talks alot. Multiply me by how many? If in one week I've already spoken with, say, ten people, those people are talking to people and so on and so forth. Each conversation starts with a negative. At what point does eBay go from being a good thing to a bad thing where it really counts? On Main Street, USA. It occurs to me that eBay got it's start by people talking positively. My brother talked to me about it in 1997 or 98. For ten years I was talking to other people. In all that time I was saying good things and I was hearing good things. For the last year to six months, just the opposite.
The bottom line after all is said and done seems to be "eBay is out to screw the little guy". I hear this from both buyers and sellers. Buyers seem to say that eBay is chock full of "Chinese crap" (no offense, but that's what I hear most) and that deals are, literally, hard to find. Sellers say . . . well, you know what sellers say.
I know a few power-sellers. They aren't happy. I don't know any eBay millionaires. I doubt I will ever know an eBay millionaire and I've certainly given up on my day-dream of ever being an eBay millionaire. I was happy being an eBay thousandaire . . . but I digress.
So, just curious, what are your experiences, good or bad, with the "word of mouth" on Main Street? I wonder if it's just ME and my personal bias', or is it, as I suspect, a rising flame of resentment and discontent among the common population. I wonder how this sort of thing spreads. How quickly and by what mechanism? I wonder if eBay studies the power of "I've got a secret". If they do, I wonder how they interpret the info. Seems to me, eBay views it's world through rose-colored glasses with blinders on the sides. However, I admit that my view of eBay has become very dim. Problem is, I see a lot of other people taking the same dim view of a once bright and shining beacon of prosperity.
Am I the only one?
I am not the only one.
There are many like me and many more each day.
Should eBay take notice? Has eBay taken notice? I wonder.
I think it's sad but Ebay became a sour name long before the new policies.
New policies just made it worse.
Prior to last May, I remember hearing an occasional sour note when eBay was mentioned . . . but I always followed it up with a positive. If someone had something bad to say, I'd give them an example of something good. There were plenty of good examples to give. If a buyer got hosed by a bad seller, I'd give them an example of good service that I'd given or received. If someone lost money on a sale, I'd share a story of how I had made BIG money on the sale of something I paid pennies for, and the FUN of a surprise windfall. Usually that story would remind them of a good sale they had made in the past, which would put them in a good mood . . . or they'd be inspired to keep buying and trying. We'd share inspiring stories of treasures bought and sold. Things that meant something more than money to someone. Those intangible "good things" are at the heart of why people buy/sell collectibles. Money is as much of a motivator as is a respect for the sentimental value of things bought & sold.
Griff believes it is mainly/only about money, so does eBay . . . hmmm, something to discuss at the next auction?
Then the veil was ripped away in May.
Summer is a big time for auctions. I attend about one a week.
Summer of '07 was wayyy different than summer of '08.
In '08, the bad eBay examples began to trump the good. It became more interesting to talk about how unfair, unsafe and flat-out stupid eBay was becoming. People love a good story and sitting around the back fence shaking our heads at some "durned fool" is about the best kind of gossip there is. Sure, it's a sin . . . but so is pride and betrayal. Ebay's foolish pride and small-seller back-stabbing has become small-town gossip fodder. People are more likely to talk about how they've been screwed over, one way or another, by "eBay" (either as a buyer or seller) rather than how much money they've made or what a great deal they've gotten.
Now we online sellers need to get the word out there are other places online that can be just as good.
Yep, problem is that eBay is still the only place for the little guy to successfully auction your average antique & collectible. My point is, that more and more I hear less and less "little people" talking about selling on eBay. It seems that many (if not most) who I speak with are either putting their things (back) in antique malls, on Craigslist or they're simply hanging on to them. I've heard Etsy mentioned a lot. Particularly when I'm talking to the local arts & craft folks. (In my town there's a lot of those.) I've also heard about many of the other online outlets, but the consensus seems to be that sales on those places are slow. Again, the things I hear in the "real world" are really very similar to the things I read in cyber-space.
Everyone still agrees that auctions are/were the way to go for antiques & collectibles on the internet and that, unfortunately, eBay is still the only place in town. That doesn't mean eBay is best place, just the only place. A last resort which also happens to be the only option. The consensus seems to be that selling on eBay is a risk and a hassle. People believe eBay is run by arrogant bozos who've stocked it chock full of cheap crap at the expense of good Americans.
That sort of thing doesn't play well in flyover country.
The only reason I'm ranting about this now is that prior to the last few months . . . I figured it was only my bias' which was clouding my vision, fueled by the negativity of this forum. I kept the perspective that "it was just me". Now, the fact is, there is no denying that the "word of mouth" regarding eBay is more negative than positive and it's not just me who's noticing.
Ebay threw a match on it's grassroots which seems to have sparked a prairie fire. How soon till it reaches from Kansas to the Coasts?
eBay PayFlow Checkout, Hacker Approved??
eBay PayFlow Checkout, Hacker Approved??
26 March 2009
EventHorizon1984
eBay plans to deactivate 3rd party checkout around June 2009. Meaning eBay Sellers with Merchant Accounts (using 3rd party checkout), allowing non-PayPal credit card payments, are required to sign up for a mandatory PayFlow account beginning March 1st 2009.
Well an event that appears interestingly timed with eBay's new PayFlow checkout occurred. It appears that someone may have conducted the first large scale test of the vulnerability of eBay's new eBay/PayFlow checkout.
Cyber Attack: Unsolicited, Unstoppable PayPal Payments
By: Ina Steiner
Wed Mar 18 2009 22:42:14
Not that we find this surprising.
Look up active registered eBay Developer spopa2006 ( 3 ) sometime, as we blog back in time.
Remember, eBay code monkeys and Developers are working on and implementing software to allow buyers to input their credit card information directly on the eBay site and through eBay owned PayPal/PayFlow.
So your credit card can be safe.
"What's in Your wallet?"*
* What can we say, we like the Capital One commercials.
//
spopa2006
Re: Mail address of an ebay User ?
Posted: Jun 7, 2007 12:41 AM
Hey there. I wrote a similar project in C++ by using pointers. However, the implemented network interface i used in C++ is no longer supported and I am not a C# guru as I am in c++. Tell me whether or not you got your solution. You can email me at [email protected]
//
Suspect in 'phishing' scheme indicted
A Romanian immigrant is accused of using e-mails to dupe thousands of people into sharing financial records.
By Dan Browning, Star Tribune
Last update: June 20, 2007 – 9:55 PM
"Popa had more than 7,000 identities of victims of various phishing schemes, together with bank account, credit card and Social Security numbers, and passwords for some eBay, online banking and e-mail accounts. He offered to sell the stolen information to others."
//
From eBay Stores Forum
Phisher Indicted - check out this article
spopa2006 (2 ) View Listings | Report Jun-26-07 13:34 PDT 3 of 3
Listen guys. I am Sergiu D. Popa. I am that horrible guy!
Now let me make things a bit clear for you. First and foremost, I think that the Feds are a bit mentally challenged to put me behind bars because I have access to a lot of databases and I can predict every single move one tries to make against me.
And by the way, employing the described techniques by the newspaper article I successfully obtained about 1.1 Million dollars. I never run a Western Union Scheme as the newspaper says. I run an insurance scheme and therefore there shouldn't be any complaints. Insurances have plenty of money.
They also fail to mention in the newspapers reports who I really am in terms of my education and my real story. If you would really know my background and my level of education, you would probably realize that I can listen to your phone conversation, or maybe take a refinance loan on your house without you knowing. I am really appalled by the fact that you guys are making such comments on my behalf. Who are you to judge me? You guys make me laugh.
They also failed to say that I used to work as a mortgage broker and I regret the mistakes I made by scamming insurance companies but I was only 16 at the time I was doing it. I also offered to pay restitution to the Government. However, they always have to win, and they will never accept restitution because they want to prosecute me.
I have also seen a newspaper article where I was described as speaking a broken English. Let's analyze that for a second. At 14 I was teaching Differential Equations and Mechanics at a 4 yr college in New Hampshire, and by the time I was 15 I graduated high school. I am not a wannabe. As a matter of fact, I think I read more books in my life than the whole FBI Minnesota office. If the newspapers are going to write an article about me, I ask them to tell the whole truth. Call my college professors and ask them who I really am.
I know FBI, NASA, BOP and all those other government bonehead agencies are not happy when a kid who immigrated from another country penetrates their systems, but such is life. Get used to it. If in this life, we would all have an equal level of intelligence the world would come to an end. But how would you guys know that? I bet you guys never actually read a sociology, philosophy or psychology book and actually made something out of it.
But here is a warning to everybody who will post bogus information about me:
I will make your life a hell. Do not test me. Do not post information that is not accurate. I already have enough bad publicity and I do not want more. I want to be left alone.
This also applies to the Feds. I have been a nice guy with you, but once again, you are not smart enough to catch me for one, and I would really hate to see you guys back to stone age. How much would the Feds loose if one of their databases were to be completely deleted?
I am not an evil person, but I could be if I wanted to. Let's all live in peace and harmony. Mind your own business and I will mind my own.
Very Truly Yours,
Sergiu D. Popa
.
spopa2006 (2 ) View Listings | Report Jun-26-07 23:56 PDT 5 of 5
Why would you think it is a joke? Better yet, what are the reasons for which you think this is a joke?
//
Romanian national cops to $700,000 phishing trip
Who's your underworld Popa?
By Dan Goodin in San Francisco
Posted in Crime, 9th October 2008 18:47 GMT
/*
Technorati Profile
EventHorizon1984 Log
//
Posted at 12:45 in Commentary, eBay, eBay Customer Service, Legal, PayPal | Permalink | Comments (0) | TrackBack (0)
Tags: Capital One, checkout, credit card, credit card, Dan Goodlin, eBay, [email protected], gateway, hacker, merchant account, Michigan, PayFlow, PayFlow Pro, payment, payment gateway, PayPal, Popa, Romania, scammer, Sergiu Daniel Popa, Sergiu Popa, spopa2006, Star Tribune, What's In Your Wallet
| Reblog (0)