ebpd – The ebay password daemon by Richard Fromm: “This script sniffs traffic on the network watching for ebay userids and passwords. This is only possible because (as of this writing), ebay does not encrypt passwords — they are sent in the clear. It is hoped that the writing and dissemination of this program causes this situation to change. (Repeated attempts at resolution of the situation through other means, prior to the posting of this script, failed.). This isn’t rocket science. I don’t pretend to have discovered anything fundamental or new here. It’s a simple little script that countless

other people could have written. The pitfalls of sending passwords in the clear have been recognized for many years. The only surprising

thing is that too many people still don’t take security seriously and continue to repeat the same mistakes over and over again.”

[via Phil Agre]