Home
Home

Directory
Directory

Articles
Internet News
Security News
Ecommerce News
Domain News

Site Tools
Site Speed Test
Keyword Research
Resolve Hostname
DNS Tools
Register Domains
Affiliate Programs
Open Source

Shopping Carts
Cart Reviews
SSL Certificates

Enter your email address to subscribe to our updates:

Delivered by FeedBurner


Venue Charts
Channel Traffic Rankings
OAI Stock Quotes and Charts
eBay's Worst Feedback

Forum
Forum Home
TulipTools News
Advertising
Blogging
Computer Hardware
Domain Names
Ecommerce
Financing
Int'l Trading
Graphics and HTML
Internet Access
Legal Issues
Internet Business
Auction Sites
Classified Ad Sites
Fixed Price Venues
Operating Systems
Programming
Search Engines
Internet Security
Software
Web Hosting
Webmaster Issues
Reviews
Announcements
Off Topic Discussion

Web Hosting
TulipHosting

Domain Names
TulipDomains

Web Stats
TulipStats

Forum Rules
Forum Rules
Privacy Policy

Site Map
Forum Sitemap
Sitemap Topics




Directory| Forums| Internet News|Cart Reviews| DNS Tools| Keyword Research| Site Speed Test| Security| | Domain Marketplace| Domain Blog
TulipTools Internet Business Owners and Online Sellers Community
  • Home
  • Search
  • Member List
  • Calendar
Hello There, Guest! Login Register
TulipTools Internet Business Owners and Online Sellers Community › Ecommerce › Ecommerce › Online Payment Services › PayPal v
« Previous 1 2 3 4 5 6 Next »

New Security Flaw on PayPal Website Puts Users at Risk of Identity Theft

  
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Threaded Mode | Linear Mode
New Security Flaw on PayPal Website Puts Users at Risk of Identity Theft
06-17-2006, 09:40 AM,
Post: #1
mandy Offline
Administrator
*******
Posts: 9,932
Likes Given: 0
Likes Received: 6 in 5 posts
Joined: Feb 2011
Reputation: 0
New Security Flaw on PayPal Website Puts Users at Risk of Identity Theft
Quote:A security flaw in the PayPal web site is being actively exploited by fraudsters to steal credit card numbers and other personal information belonging to PayPal users. The issue was reported to Netcraft today via our anti-phishing toolbar.

The scam works quite convincingly, by tricking users into accessing a URL hosted on the genuine PayPal web site. The URL uses SSL to encrypt information transmitted to and from the site, and a valid 256-bit SSL certificate is presented to confirm that the site does indeed belong to PayPal; however, some of the content on the page has been modified by the fraudsters via a cross-site scripting technique (XSS).

When the victim visits the page, they are presented with a message that has been 'injected' onto the genuine PayPal site that says, "Your account is currently disabled because we think it has been accessed by a third party. You will now be redirected to Resolution Center." After a short pause, the victim is then redirected to an external server, which presents a fake PayPal Member log-In page...

full article with screenshots: http://news.netcraft.com/archives/2006/0...theft.html
Like Post Reply
[+]
06-17-2006, 04:28 PM,
Post: #2
regic Offline
Administrator
*******
Posts: 2,825
Likes Given: 0
Likes Received: 2 in 2 posts
Joined: Jul 2005
Reputation: 0
Re: New Security Flaw on PayPal Website Puts Users at Risk of Identity Theft
PayPal patched the hole on its site within hours of the Netcraft report yesterday but there's no indication they plan to contact all of their members to alert them that a breach occured-i.e. that the PayPal website was hacked in a cross-scripting attack.  :Smile

Quote:PayPal has fixed a flaw in its Web site to block a sophisticated scam designed to obtain sensitive data from members, the payment service said Friday.

The company has no information on how many people may have fallen victim to the scam,

full article: http://news.com.com/PayPal+fixes+phishin...g=nefd.top
Like Post Reply
[+]
06-17-2006, 08:42 PM,
Post: #3
rose Offline
Big Member
*****
Posts: 465
Likes Given: 0
Likes Received: 0 in 0 posts
Joined: Jul 2005
Reputation: 0
Re: New Security Flaw on PayPal Website Puts Users at Risk of Identity Theft
Sloppy programming.  Did they outsource all of their development work to Microsoft?  Happy001
http://www.gentoo.org/
Like Post Reply
[+]
06-18-2006, 12:18 AM,
Post: #4
amy Offline
Super Moderator
******
Posts: 3,473
Likes Given: 0
Likes Received: 1 in 1 posts
Joined: Mar 2005
Reputation: 0
Re: New Security Flaw on PayPal Website Puts Users at Risk of Identity Theft
Quote: a cross-site scripting technique

It isn't surprising that the PayPal site has cross-site scripting flaws since the US government issued a security alert about similar problems on the eBay site in April.
Blog
Like Post Reply
[+]
« Next Oldest | Next Newest »




Possibly Related Threads…
Thread Author Replies Views Last Post
  PayPal: eBay Item Holds Explained (or Why PayPal Won't Release Your Funds) mandy 0 1,773 01-17-2009, 09:34 AM
Last Post: mandy
  PayPal Sends Users to Fake Login Page mandy 0 1,818 11-24-2008, 10:12 AM
Last Post: mandy
  Yet Another Security Vulnerability On The PayPal Website mandy 0 1,621 05-20-2008, 10:17 AM
Last Post: mandy
  PayPal Security Key Vulnerability Reported mandy 1 1,831 11-30-2007, 02:19 AM
Last Post: sneakymagenta
  PayPal launches PayPal Secure Card for Website Payments mandy 0 2,030 11-20-2007, 12:08 PM
Last Post: mandy
  PayPal Website Payments Pro Monthly Service Fees to Rise 50% mandy 4 2,333 07-23-2007, 02:34 AM
Last Post: amy
  Paypal Beta Testing New Homepage mandy 0 1,410 06-27-2007, 07:37 AM
Last Post: mandy
  PayPal launches PayPal Mobile Checkout mandy 0 1,668 06-16-2007, 09:12 AM
Last Post: mandy
  PayPal Discusses New Anti-Phishing Initiatives mandy 0 1,431 03-27-2007, 08:14 AM
Last Post: mandy
  PayPal Survey Outlines Possible New Features mandy 0 1,374 03-23-2007, 09:59 AM
Last Post: mandy

  • View a Printable Version
  • Send this Thread to a Friend
  • Subscribe to this thread
Forum Jump:


Users browsing this thread: 1 Guest(s)
  • Contact Us
  • TulipTools Internet Business Owners and Online Sellers Community
  • Return to Top
  • Lite (Archive) Mode
  • RSS Syndication
  • Help
Current time: 04-11-2021, 06:12 PM Powered By MyBB, © 2002-2021 MyBB Group. Theme created by Justin S.
powered by Apache

powered by Linuxpowered by CentOS

Copyright 2000-2013 TulipTools.com. All rights reserved.