PayPal knew for 1 year about web site security flaw that made users vulnerable
|
03-25-2006, 08:45 AM,
(This post was last modified: 03-26-2006, 08:58 AM by mandy.)
Post: #1
|
|||
|
|||
PayPal knew for 1 year about web site security flaw that made users vulnerable
Quote:A flaw on PayPal's website could help scammers who send out "phishing" emails by allowing them to determine a PayPal member's full name and include it in hoax emails, giving them an air of legitimacy. full article: http://auctionbytes.com/cab/abn/y06/m03/i24/s00 |
|||
03-25-2006, 01:48 PM,
Post: #2
|
|||
|
|||
Re: PayPal Web Site Security Flaw Makes eBay and PayPal Users Vulnerable to Phis
Well that explains the people that have said they've gotten obvious spoofs with their real names on it...
Way to go, PayPal. Probably put there by some :asshat2: at PayPal making money on the side, if you know what I mean...
Riotz Swimwear on eBay - Brazilian Bikinis on eBay
Brazilian Bikinis - Off-eBay site now open! Thomas the Tank Engine [url=http://ecommerce-info.ca]http://ecommerce-info |
|||
03-25-2006, 04:43 PM,
Post: #3
|
|||
|
|||
Re: PayPal Web Site Security Flaw Makes eBay and PayPal Users Vulnerable to Phishers
I know what you mean.
Can't remember which of ebay's SEC reports I saw it in. But ebay talked about "internal" fraud as a problem or possibility with PayPal employees. :blinkie:
.
|
|||
03-25-2006, 09:39 PM,
Post: #4
|
|||
|
|||
Re: PayPal Web Site Security Flaw Makes eBay and PayPal Users Vulnerable to Phishers
Reston Ray posted a link on the eBay Stores board to the Auctionbytes story 3 hours ago--ZERO responses...security is apparently one of those "negative" topics you ignore on the new eBay Stores board where the most important issue of the day appears to be finding the right food/beverage image to post in the new Stores Lounge thread
http://forums.ebay.com/db2/thread.jspa?t...1000251105&tstart=0 Quote:Can't remember which of ebay's SEC reports I saw it in. There was a recent report that said the biggest security threat any company faces comes from within the company itself--i.e. from its employees. The enemy within the firewall http://community.tuliptools.com/index.ph...029.0.html |
|||
03-26-2006, 12:42 AM,
Post: #5
|
|||
|
|||
Re: PayPal Web Site Security Flaw Makes eBay and PayPal Users Vulnerable to Phis
[quote author=dnc_ont link=topic=3147.msg11373#msg11373 date=1143294535]
Well that explains the people that have said they've gotten obvious spoofs with their real names on it... Way to go, PayPal. Probably put there by some :asshat2: at PayPal making money on the side, if you know what I mean... [/quote] The email lists phishers use when they visit that page were probably bought from another eBay employee making money on the side.
OAI Moron Hall of Fame
<i>sell-thru is an irrelevant and illogical consideration.</i> -KaRay, owner of WP giving selling advice, 2006 <i>the site was 'NOT' hacked but the little script that had recipes on had the link altered</i> -Plunderhere Owner Mark Taylor after his site was hacked by a Chinese hacker gang, 2008 Some people have it like that, others dont. I do. -Probidscripts owner Spencer Osama Binweb Laden Ray bragging about his ability to scam the OAI without feeling any guilt, 2008. How does an auction site get buyers? -question asked at PSU by owner of auction site BidBeaver.ca, 2008 How do I get sales? -question asked at PSU by online store owner, 2009. I was told by my Tech. Support that my site dont really need SSL.. his servers are well protected and that info your providing to join aint really top secret information -owner of auction site TheTraderOutlet.com discussig his site's lack of basic security, 2009 |
|||
03-26-2006, 05:21 AM,
Post: #6
|
|||
|
|||
Re: PayPal Web Site Security Flaw Makes eBay and PayPal Users Vulnerable to Phishers
Quote:Reston Ray posted a link on the eBay Stores board to the Auctionbytes story 3 hours ago--ZERO responses...security is apparently one of those "negative" topics you ignore on the new eBay Stores board where the most important issue of the day appears to be finding the right food/beverage image to post in the new Stores Lounge thread Truly amazing how little people care or how low key these things can be.
.
|
|||
03-26-2006, 05:48 AM,
(This post was last modified: 03-27-2006, 04:09 AM by bargainbloodhound.)
Post: #7
|
|||
|
|||
PayPal knew about web site security flaw that made users vulnerable last year
Oh, look at this, PayPal apologizes for any heightened level of concern : No reason given why that page was there in the first place, and no indication given that PayPal will accept liability for any losses people suffered as a result of an internal PayPal security problem.
Quote:kristin@paypal.com View Listings | Report Mar-25-06 17:00 PST 11 of 18 http://forums.ebay.com/db2/thread.jspa?t...1000250882&tstart=0 According to a story linked to on that thread, eBay and PayPal both knew last year it was possible for outsiders to obtain users real names and yet failed to alert their users to the problem and did nothing to fix the problem until today. Auctionbytes has issued a press release: Quote:For over a year scammers and phishers may have been using a PayPal security flaw to obtain the full names of PayPal® users. http://www.newswiretoday.com/news/4479/ The original eWeek article from January 24, 2005: Quote:PayPal E-Mail Leak Brings Phishing Worries full article: http://www.eweek.com/article2/0,1895,1754013,00.asp This isn't the first time that eBay/PayPal has known of a security flaw on its sites and ignored the problem. eBay was warned of the flaw that allowed phishers to place malicious javascript directly in listings 1 year before the flaw made headlines when it was exploited by several phishers last fall. Both eBay and LiveWorld knew of a serious security hole in LiveWorld's forum software in 2004 that allowed phishers to obtain users account info and yet took months to fix the problem. eBay gets an F for security...and its attempts to blame its users are laughable. related topics: 2004 Security Defect in LiveWorld Forums Gave Hackers Access to eBay Users Data http://community.tuliptools.com/index.ph...837.0.html Exploding the Myth That eBay Is A Safe Marketplace: eBay Puts Users At Risk http://community.tuliptools.com/index.ph...875.0.html eBay Knew For 1 Yr.That Security Holes On Its Site Could Lead to Account Hijacks http://community.tuliptools.com/index.ph...668.0.html
"Well, Jay was so giddy that someone named Jay was involved with this site we posted our first non-eBay listing in 3 years here at Lunarbid (we tried two items at Yahoo once upon a time, they bombed)" -Marie posting in a LunarBid thread at OTWA in 2005 wins the award for 'most moronic reason ever given for choosing a venue"
"thanks twat u must have nothing better 2 do. do u talk to all your members like that. will not be recomending your site. best way to put it is TULIPTOOLS.COM IS REALLY SHIT. DONT JOIN." -pubescent owner of rinky dink off2auction.com in 2011 |
|||
03-27-2006, 01:32 PM,
Post: #8
|
|||
|
|||
Re: PayPal knew for 1 year about web site security flaw that made users vulnerable
Quote:Auctionbytes has issued a press release: AuctionByteme finally wrote a news story instead of doing their usual bit of trying to pass off their advertisers press releases as news and they issue THREE press releases to announce it? From today's AuctionByteme: Quote:The user who brought the vulnerability to AuctionBytes' attention said the security hole had been in place for about 1 year and that many scammers were aware of its existence. When asked if this was possible, and why techs at PayPal had overlooked accesses that must have generated records on the PayPal server logs, PayPal spokesperson Amanda Pires said, "the page was appearing as a bug and should never have been up there. Unfortunately, for security reasons, I can't say much more than that." full article: http://auctionbytes.com/cab/abn/y06/m03/i27/s04 |
|||
03-27-2006, 02:16 PM,
Post: #9
|
|||
|
|||
Re: PayPal knew for 1 year about web site security flaw that made users vulnerable
Maybe we are seeing a "shift" in their loyalty to ebay.
Or maybe Dave and Ina have been burnt recently too. I'll tell you this those boinkers owe me a BIG apology. Last year I was posting at AuctionByteMe about how ebay or paypal were selling or renting information and they must have given out one of my e mail address to spamers and how unsafe and bogus both these companies "security" and privacy polices really are. The threads over there got a little dicey for a while and AuctionByteMe was actually starting to come alive again. Should have seen the number of views on threads I was involved in. They went through the roof. (The whole how controversy attracts lurkers thing). Anyway they banned me and some pp cheerleader. It was this boinktard that was being a asphat for the most part but I got banned for telling what I knew was the truth then, and defending myself against a few of ebays plants and the heads that hang out over there. A year latter... Here we see AuctionByteMe running articles about all this. Dave and Ina, you owe me a BIG apology.
.
|
|||
03-27-2006, 10:00 PM,
Post: #10
|
|||
|
|||
Re: PayPal knew for 1 year about web site security flaw that made users vulnerable
Quote:The user who brought the vulnerability to AuctionBytes' attention said the security hole had been in place for about 1 year and that many scammers were aware of its existence. When asked if this was possible, and why techs at PayPal had overlooked accesses that must have generated records on the PayPal server logs, PayPal spokesperson Amanda Pires said, "the page was appearing as a bug and should never have been up there. Unfortunately, for security reasons, I can't say much more than that." The dumb asses at eBay probably spent the past year clearing their caches and rebooting repeatedly thinking it would make the security hole go away. |
|||
« Next Oldest | Next Newest »
|
Users browsing this thread: 3 Guest(s)