Members
  • Total Members: 12816
  • Latest: t114563
Stats
  • Total Posts: 28524
  • Total Topics: 8240
  • Online Today: 993
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: PayPal XSS vulnerability affects EV SSL  (Read 1496 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
PayPal XSS vulnerability affects EV SSL
« on: 17. May 2008., 08:16:47 »


A new attack on PayPal could have allowed users who thought they were on a trusted page to access a fraudulent page and possibly expose personal information. On Friday, Finnish researcher Harry Sintonen reported the vulnerability on an IRC chat room.

In an interview with Netcraft, Sintonen said the issue was critical. "You could easily steal credentials." He added that in this case you can't trust the URL http://www.paypal.com.

A few weeks ago PayPal announced it would block users whose browsers did not support EV SSL. Sintonen, who is credited with finding an XSS attack on Barack Obama's Web site in April, said his vulnerability also affected EV SSL pages.

In response, a PayPal representative said: "At PayPal, we take safety and security very seriously. As soon as we were informed of this exploit, we began working very quickly to shut it down. To our knowledge, this exploit was not used in any phishing attacks.

"However, as in any phishing incident, we encourage our customers to contact us immediately if they believe they have given out any personal or financial information that would jeopardize the security of their accounts or lead to unauthorized account access. If an unauthorized withdrawal or purchase is made on a PayPal account, PayPal will reimburse that customer 100 percent. We encourage all of our customers to frequently check the status of their accounts to ensure security."

News Source: CNet


Samker's Computer Forum - SCforum.info

PayPal XSS vulnerability affects EV SSL
« on: 17. May 2008., 08:16:47 »




 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising