原文: http://www.pcworld.com/article/id,130516-c,onlinesecurity/article.html
A PC World reader alerted me to a flaw on eBay’s Web site that enabled a scam designed to trick people into handing over their personal information. eBay promptly patched the flaw last week, but experts I spoke with are wondering how long the fix will hold.
The flaw allowed a scammer to use an increasingly common type of attack called cross-site scripting, or XSS, to redirect people From an eBay listing to a spoofed eBay site. Though eBay may have plugged the hole for now, experts say, similar problems have surfaced in the past on eBay and other sites, and it’s a safe bet they will again. The problem is not going away, and it will continue to cause visitors to eBay and other sites trouble for the foreseeable future.