Gary Chottiner wrote:
> There is however one careless thing I did on the trip to Le Cirque; I
> brought along a laptop computer and used it to check some eBay
> auctions. The wireless networks at The Battleground Inn and another
> place I stayed were not secure and someone could have stolen my eBay
> password by monitoring the wireless signal. I knew that I was taking
> a risk but I did find out that I won, using eSnipe, a set of four NOS
> Campy NR/SR brake pads for about $14! I didn't win the Richard Sachs
> bike that was being auctioned at the time. I console myself by
> thinking of all the money I saved.
The eBay login session is always encrypted -- even when services such as eSnipe bid for you -- so it would have been difficult for the username/password to have been sniffed at that point. Is there any other place where a plaintext username/password could have sniffed? E.g. eSnipe does allow for plain text logins (although there is a secure link available in the fine print under the login fields). Do you use a different username/password for accessing eSnipe, or could the perp have captured your eSnipe credentials, and used that to access your eBay credentials?
Personally, I use a perl script running on my own network to do my sniping. No third-parties involved.
And BTW, apparently some mathematical modeling has been done to support the notion of sniping as an effective means to purchase things on eBay:
http://www.usatoday.com/
--
-John Thompson (john@os2.dhs.org)
Appleton WI USA