The Register (always an amusing thing to read) talked about this a few days ago. I think it works as follows: The you go to eBay's web page, it downloads a lot of Javascript (nearly all web pages do today). In this case, that contains a security toolkit, which tries to figure out whether the machine that the web browser is running on has been hacked or not; one of the indication they use is whether the machine has open ports that allow remotely controlling it (like remote desktop applications, such as Microsoft's version of VNC). That sounds like a sensible security precaution on the part of eBay. Except the way they're doing it is pretty heavy-handed: Touching ports on the local machine is kind of rude. It's like you've been invited into a house (the user downloaded the web page after all), and when you go to the bathroom you open the cabinets looking for embarrassing things. The Register even had a picture of the source code that runs. It seems pretty obvious using JS to do this.
The need for eBay to make a determination whether a user of their service is a fraud or not is obvious. That includes reasonable precautions against hacked computers connecting to them. This makes sense. The question is whether port-scanning their computer is an ethical and legal way to do this is obviously nasty and difficult. To get back to my example above: when I get invited for dinner, I obviously make sure that the invitation is legit; for example, if the dinner host is wearing a mask and swinging a chainsaw around, that should legitimately raise some alarm bells. But would it be ethical to rummage through their bathroom drawers, looking for hemorrhoid medication and sex toys? Most of us would probably not thing so.
I have no idea whether the JS would do this on other OSes (they typically don't use the same remote control applications). I'm sure the good people at eBay and their security contractors know how to be efficient.