Computer Help Community

Community

Cyber Tech Help Community

New Tutorials

More Tutorials
PC Tutorials

New Downloads

More Downloads
PC Downloads

Member Testimonials

Open Member Quote   Just had to post a note to say how impressed I am with this site. I only discovered it a few days ago and I have to confess that I am a TOTAL non-starter with computers...but very keen and willing to learn! :D I have asked for - and received - prompt help in partitioning my hard drive although I decided after sucessfully doing it, to go back to normal coz other stuff confused me! Still, I am upgrading to a faster processor and bigger hard drive in the very near future so will be carrying out the procedure again (I hope) Just wanted to say how grateful I am for the support and I will be recommending the site to all my friends - peachyglint1  Close Member Quote
Member Testimonials
MY CYBER TECH HELP

LATEST TOPICS

Tech Help Community

Free Antivirus Scan

Free Virus Scan and a listing of the top 10 viruses in the wild - Free Antivirus Scan
Free Online Antivirus Scan

File Extension Database

Find what program a filetype belongs to in our searchable File Extension Database.
File Extension Database

Related Microsoft Links

Technet

Expert Zone Community
Services
Cyber Tech Help Community

To the top of the page to top

 



Computing News | Serious PayPal Flaw Disclosed

Latest News Latest News | News ArchiveNews Archive | Cyber Tech Help News RSS Feed!

Posted by: Tweaker
Date added: 00:10 Sunday, 18th June 2006 GMT
Source: Beta News

A security flaw within the PayPal Web site is posing a serious threat to its users, security firm Netcraft said Friday. The credit card numbers and personal information of those duped by attackers is at risk through a cross-site scripting attack.

A fraudster tricks the user into divulging information by asking them to visit an actual PayPal URL. Since this is hosted by the company, it would appear as if information is encrypted through the company's own SSL certificates. However, through cross-site scripting, some of the information on the accessed page has been modified.

The faked page claims that the user's account has been disabled due to "third-party access," much like the current PayPal scams. But this one is very different, as the page that says this appears to be an actual PayPal page.

The user would then be redirected to a external server, but could be caught off guard and continue to enter personal information.

"The paypal.com domain name and SSL certificate he saw previously are likely to make him realize he has visited the genuine PayPal web site - why would he expect PayPal to redirect him to a fraudulent web site?" Netcraft's Paul Mutton said.

A user would then disclose their username and password, and be asked to enter further information to verify their identity. According to Netcraft, the page also asks for a social security number, credit card number, expiration date, card verification number and ATM PIN.

Netcraft said that its anti-phishing toolbar has been updated to block access to the external server the user is directed to, which resides in Korea. As of press time, PayPal had not publicly acknowledged or commented on the flaw.

Tools:  Tools: Post a comment | Link to this news item | Send to a friend | Submit News

 

Post a commentPost a comment

Error: You are not logged in.

In order to leave comments to news articles you must be a Cyber Tech Help Member.

Registration is completely free!  Register to become a member!  Register to become a member

Along with access to leave comments to news articles you will be able to ask any computing questions you might have on the Cyber Tech Help Forums.

 

[ To the top of the page To top | Latest News Latest News | News Archive News Archive | Cyber Tech Help News RSS Feed! ]