In letters to sent Monday to 90,000 developers who work on eBay’s Developers Program, the company warns about a security hole that could cause problems, but hasn’t yet. It also takes pains to point out that the security flaw doesn’t affect eBay customers themselves. eBay says third-party software now accounts for 25 percent of its listings.

An eBay spokesman tells me that eBay came across the weakness itself not because a hacker had exploited it, and that the company is acting “out of an abundance of caution,” which is a term the eBay folks seem to favor (see email text below). “The information that *may* have been compromised consisted of basic contact information that could potentially be used in a phishing attack. At this point, we have not identified any unusual patterns in our developer accounts and we are notifying them and requesting they change their developer passwords out of an abundance of caution [sic].”

Here’s the complete text of eBay’s heads-up letter:

Hello [redacted], this is Kumar Kandaswamy, and I manage the eBay Developers Program. I’d like you to read this important message about account safety. The safety and security of the eBay Developers Program is a top priority. While we believe that people are basically good, we also must live with the reality that there are fraudsters out there who have made it their illicit “profession” to find ways to exploit others on the Internet.

Occasionally, fraudsters attempt to gain unauthorized access to the eBay Developers Program. eBay has recently identified a means by which someone could gain access to eBay Developers Program account information. This type of access DOES NOT allow the capture of financial or other sensitive information, such as credit card or bank account information or Social Security numbers.

Fortunately, we have not detected any unusual activity with any Developer account. Out of an abundance of caution and to help ensure the security of the eBay Developers Program, we are requiring that all developers take the following steps:

* Take advantage of our new, stricter password standards and change your eBay Developers Program (developer.ebay.com) passwords. It is not necessary to change eBay (www.ebay.com) passwords. If you believe you or your customers have been the victim of fraudulent activity, contact us immediately at apifeedback@ebay.com.

Sincerely, Kumar Kandaswamy

Most institutions or individuals who establish wireless Internet connections know how to set them up so that a log-in and password are required for access. If they decide not to do this, then the connection is open for anyone in range to use. While I suppose that an argument could be made that you should never use what you don’t pay for, I don’t think this would apply here–and I’m not even sure that I agree with the broad sentiment. Unless it is made clear to users tapping into wireless connections that they must agree to certain conditions before proceeding, they have not breached any ethical mandate by logging on in any way that they legally can.”

–The Right Thing, New York Times, Feb. 26, 2006

Wi-Fi piggybackers take note: An open wireless connection is not an open invitation. Certainly not in Michigan, anyway, where unauthorized access to a computer network, even an unrestricted one, is a crime. A Michigan man was arrested this week for using an unsecured Wi-Fi connection without its owner’s permission. Spotted checking his email from a car parked outside a local coffeehouse, Sparta resident Sam Peterson was arrested for unwittingly violating Michigan’s “Fraudulent access to computers, computer systems and computer networks” law, a felony punishable by five years in prison and a $10,000 fine.

A five-year felony. Something to think about next time your neighbor’s LAN pops up on your “available networks” list. That said, as a first-time offender without a prior record, Peterson wasn’t charged with a felony, though he was fined $400 and asked to do 40 hours of community service. It seems even local prosecutors haven’t yet come to terms with the law. “This is the first time that we’ve actually charged it,” Kent County Assistant Prosecutor Lynn Hopkins told Wood TV. “Oh, we’d been hoping to dodge this bullet for a while. We had not been looking for this. We knew it would come up eventually, and we’d have to make a decision as to how to deal with it.”

Most institutions or individuals who establish wireless Internet connections know how to set them up so that a log-in and password are required for access. If they decide not to do this, then the connection is open for anyone in range to use. While I suppose that an argument could be made that you should never use what you don’t pay for, I don’t think this would apply here–and I’m not even sure that I agree with the broad sentiment. Unless it is made clear to users tapping into wireless connections that they must agree to certain conditions before proceeding, they have not breached any ethical mandate by logging on in any way that they legally can.”

–The Right Thing, New York Times, Feb. 26, 2006

Wi-Fi piggybackers take note: An open wireless connection is not an open invitation. Certainly not in Michigan, anyway, where unauthorized access to a computer network, even an unrestricted one, is a crime. A Michigan man was arrested this week for using an unsecured Wi-Fi connection without its owner’s permission. Spotted checking his email from a car parked outside a local coffeehouse, Sparta resident Sam Peterson was arrested for unwittingly violating Michigan’s “Fraudulent access to computers, computer systems and computer networks” law, a felony punishable by five years in prison and a $10,000 fine.

A five-year felony. Something to think about next time your neighbor’s LAN pops up on your “available networks” list. That said, as a first-time offender without a prior record, Peterson wasn’t charged with a felony, though he was fined $400 and asked to do 40 hours of community service. It seems even local prosecutors haven’t yet come to terms with the law. “This is the first time that we’ve actually charged it,” Kent County Assistant Prosecutor Lynn Hopkins told Wood TV. “Oh, we’d been hoping to dodge this bullet for a while. We had not been looking for this. We knew it would come up eventually, and we’d have to make a decision as to how to deal with it.”