All the latest UK technology news, reviews and analysis
|
|
|
20 Jun 2006
PayPal has fixed a vulnerability which allowed cyber-criminals to use the company's official website as a platform to steal user information.
The cross-site scripting vulnerability on paypal.com came to light last week. Internet monitoring firm NetCraft noted that the security flaw could be exploited by fraudsters to steal credit card numbers and other personal information belonging to PayPal users.
NetCraft said that the scam tricks users into accessing a URL hosted on the genuine PayPal website. The scammers even supplied SSL to encrypt information transmitted to and from the site, and a valid 256-bit SSL certificate.
However, the scammers managed to inject a message into the genuine PayPal site which reads: 'Your account is currently disabled because we think it has been accessed by a third party. You will now be redirected to Resolution Center.'
The victim is then taken to an external server, hosted in Korea, which presents a fake PayPal member log-in page.
Users are prompted to enter social security numbers, credit card details and even Pin codes for bank cards.
PayPal has now fixed the code on its site to address this flaw.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
IT Security Specialist Move in2 Solutions /Pre-Sales...
SOFTWARE ENGINEER - BERKS - to £34k plus package WAREHOUSE...
We currently have a position for a Senior Project Manager...
JAVA DEVELOPER TRANSPORT MANAGEMENT SYSTEMS / TMS...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?