Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Paypal Security Flaw Allows Identity Theft


  • Please log in to reply
3 replies to this topic

#1 no one

no one

  • Members
  • 843 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:PCLinuxOS Land
  • Local time:10:54 AM

Posted 16 June 2006 - 11:31 AM

A security flaw in the PayPal web site is being actively exploited by fraudsters to steal credit card numbers and other personal information belonging to PayPal users. The issue was reported to Netcraft today via our anti-phishing toolbar.

The scam works quite convincingly, by tricking users into accessing a URL hosted on the genuine PayPal web site. The URL uses SSL to encrypt information transmitted to and from the site, and a valid 256-bit SSL certificate is presented to confirm that the site does indeed belong to PayPal; however, some of the content on the page has been modified by the fraudsters via a cross-site scripting technique (XSS).
http://news.netcraft.com/archives/2006/06/...tity_theft.html


"Not everything that counts can be counted, and not everything that can be counted counts."

"Whoever fights monsters should see to it that in the process he does not become a monster"

Posted Image


BC AdBot (Login to Remove)

 


#2 jfirestorm44

jfirestorm44

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 17 June 2006 - 02:48 PM

Well that's no good. I just used Paypal the other day to donate $20 dollar to this site and now you tell me this. So do you recommend closing my paypal account or can they only access my information when I'm actually using it?

#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:54 AM

Posted 17 June 2006 - 04:00 PM

This hole has been fixed. THis would only have affected you if you clicked on a specially crafted link and logged into your paypal account. if you clicked on the the buttons here or went directly to paypal you would not be affected.

http://news.com.com/PayPal+fixes+phishing+..._3-6084974.html

#4 jfirestorm44

jfirestorm44

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 17 June 2006 - 11:26 PM

okay that's good to know




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users