eBay users spot the online auction house port-scanning their PCs. Um... is that OK?

2020-05-26 12:39

Users visiting eBay have spotted that the website runs port scans against their computer, using the localhost address to inspect what may be running on your machine.

Fraud is a big issue for eBay, and if the purpose of scanning for remote-control access ports is an attempt to detect criminals logged into a user's computer in order to impersonate them on the tat bazaar, it could have some value.

The payload is in the argument accompanying the requests, which when decrypted contains the results of the port scan and other information, including the user agent, public IP address, and "Other data, signatures and things I don't recognize," said Nemec.

The Register has come across ThreatMetrix before, when Halifax bank was found to be conducting port scans, with some claiming that the practice was in breach of the UK's Computer Misuse Act.

The bank retorted that it was perfectly legal and argued that the port scans helped it to pick up evidence of malware infections on customers' systems.

News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/05/26/ebay_port_scans_your_pc/

#ebay #online