By Graham Cluley on Jan 13, 2016 | It’s 2016, and it would be nice to think that after several years of doing business online, companies have got a better handle on how to protect their websites from attacks. I’m afraid I have depressing news for you. Many sites are continuing to make big mistakes. Well-known threats like cross-site scripting (XSS) attacks continue to challenge many websites, including household names. Take eBay, for instance. As Motherboard reports, a security researcher going by the name of MLT discovered a critical XSS flaw on eBay’s website in early December, which could allow malicious hackers to create fraudulent login pages and steal passwords. As far as the user is concerned, they have clicked on a link to the main ebay.com site and are being asked by eBay to enter their password. Even sceptical users who check the browser bar will probably be reassured that the password request is legitimate because they see ebay.com as the domain they are visiting. MLT has even produced a YouTube video demonstrating the XSS attack against eBay for non-believers, showing how simple it would be to trick users into handing over their passwords to hackers.

By Graham Cluley on Jan 13, 2016 | 1 Comment It’s 2016, and it would be nice to think that after several years of doing business online, companies have got a better handle on how to protect their websites from attacks. I’m afraid I have depressing news for you. Many sites are continuing to make big mistakes. Well-known threats like cross-site scripting (XSS) attacks continue to challenge many websites, including household names. Take eBay, for instance. As Motherboard reports, a security researcher going by the name of MLT discovered a critical XSS flaw on eBay’s website in early December, which could allow malicious hackers to create fraudulent login pages and steal passwords. As far as the user is concerned, they have clicked on a link to the main ebay.com site and are being asked by eBay to enter their password. Even sceptical users who check the browser bar will probably be reassured that the password request is legitimate because they see ebay.com as the domain they are visiting. MLT has even produced a YouTube video demonstrating the XSS attack against eBay for non-believers, showing how simple it would be to trick users into handing over their passwords to hackers. Full article

I was on the bus when ticket inspectors got on clicked my oyster card and asked for my ID card as I a discount card due to being unemployed. I did not have my card he asked for my address and name which I gave him he checked with his operator and asked if I had any other ID which I did not I normally carry all my cards but on this occasion had left them indoors. He issues me with a penalty of 80 reduced to 40 if paid before 21 days. My card is rgistered and they had my name and address but still issued the fine is this fair? Mashmallow

I have been a Vodafone customer for quite a few years and I have been so happy with them that in the Christmas of 2012 I took on 2 iPads(one for my daughter) with SIM contracts coming with data allowance of 2GB per month. I had been a happy customer for 8 months and I had previously never paid attention to my data use as our iPad use is limited to checking/writing emails in bed(where I have wifi) or using the Google-maps application when I am out and about. I had never been over my data usage either. In July/August 2013 i received a whooping great data usage bill of £500 alleging I had used almost 30GB of data in one month. Thinking this was all some sort of mistake I wrote a letter to Vodafone in September 2013 disputing this amount of data usage for mere email and Google-maps usage but this letter was ignored. I then made a follow up telephone call, only to be told that I was browsing the internet between midnight and 7am non-stop every single day when we are supposed to be asleep and then occasionally between 8am - 11am when I and my daughter are supposed to be on the tube to work. Before I could catch my next breath, the August/September 2013 bill arrived, again alleging I was using almost 30GB per month despite absolutely no change in use on my part. In fact, usage was mostly through wifi at home. Whilst the previous bill was being investigated, I then refused to pay this bill because I am convinced that this is fraudulent. Again I wrote a letter but on this occasion I lost the proof of postage and Vodafone low and behold did not respond and claim not to have seen the letter again. I then telephoned Vodafone who advised me to go into a Vodafone shop to get the offending iPad looked at. The Vodafone technicians’ instore said they could not see what was downloading data and could not even verify that the data had ever been downloaded. They advised me to go to an Apple store which I did. At the Apple store, the technicians advised that the iPad had never downloaded the level of data suggested and even PUT THIS IN WRITING and went on to suggest there could be a billing error. My next solution was the Ombudsman whose levels of incompetence are breathtaking. The first letter I wrote to them about this matter with vodafone came back with a standard reply on the subject matter of 'fair usage'. It took a 30 minute phone call to explain that this had nothing to do with fair usage . It is at this point that they halfheartedly agreed to investigate the matter and got back to me after 7 weeks sounding like vodafone employees. They disregarded the letter from Apple because it did not have a signature and the Ombudsman representative in desperation went on to highlight a spelling mistake as more reason to discredit the letter from Apple. They suggested that there is no evidence that the Vodafone charges are wrong, despite being unable to provide proof that they are correct. I am retiring soon and so I will have plenty of time and resources to fight this. My next step is to return to Apple to get a signed statement with a correct spelling and prove that these data charges are fictitious. I have read of similar problems with Verizion in the USA and I will draw inspiration from those who took on these mobile giants. PS-This is the first commercial dispute I have ever had in my 64 years of life. has anyone had this problem ]

opus energy, i have never come across this company but was duped and misled into signing a contract, the prices i was charged a unrealistic and the way i was disconnected to a building with my new born and parents living above the commercial premises. they have no regard after paying them 2500pounds and then being disconnected with a demand of a bond of 5000pounds or risk of not being swithed on??? surely this is criminal, they came for electricity bill which i have said cannot be correct after spending 1500pound on led lights to reduce a 50w to 2w. now they want the gas paying or will not turn my supply on????? can anyone help and how can i get out of this contract, this has nearly driven me to seriously think about suicide, to have no hot water and heating as the boiler wont run without the supply after paying 2500pounds, i only agreed to pay this if they kept me on.

http://www.bbc.co.uk/news/health-19944217