PayPal fixes fatal flaw

Latest News | News Archive |

Posted by: Tweaker
Date added: 21:37, 19th June 2006 GMT
Source: The Inquirer

Online transaction outfit, PayPal has found a phony URL on its site that was being used by fraudsters to steal credit card numbers and other personal information belonging to PayPal users.

The issue was publicised by Netcraft, and PayPal swiftly fixed it. However it is unclear how many people lost personal details because of it.

The scam involved tricking users into accessing a URL hosted on the real PayPal web site. This URL used SSL to encrypt information transmitted to and from the site, and a valid 256-bit SSL certificate was presented to confirm that the site does indeed belong to PayPal. But the content on the page was been modified by the fraudsters via a cross-site scripting technique (XSS).

When the victim visited the page, they are presented with a message that has been 'injected' onto the genuine PayPal site that says, "Your account is currently disabled because we think it has been accessed by a third party. You will now be redirected to Resolution Center." They are then redirected to an external server in Korea, which presents a fake PayPal Member log-In page and anything the punter taps in is given to the hackers.

Punters could be forgiven for falling for the scheme because they would have had in their possession a correct PayPal certificate and domain name.

PayPal has had a few words with the Korean ISP and is getting the server shut down. However it says it has dealt with the problem on its site.

  Tools: Post a comment | Link to this news item | Send to a friend | Submit News

Error: You are not logged in.

In order to leave comments to news articles you must be a Cyber Tech Help Member.

Registration is completely free!    Register to become a member

Along with access to leave comments to news articles you will be able to ask any computing questions you might have on the Cyber Tech Help Forums.

[  To top | Latest News | News Archive | ]