Most Popular
| Top Stories | Commented | Featured |
TechSpot Blog: Disable Windows automatic check for solutions after a program crashes featured
Weekend Open Forum: Google Chrome OS and the future of cloud computing featured
Tech Tip of the Week: Unearth Region-Specific Windows 7 Themes featured
Sony: PlayStation 3 to be 3D-capable via firmware update
Radeon HD 5970 supplies dry up quick, not a big surprise
Xbox Live bans prompt class action lawsuit
Mozilla reveals 2008 revenue, rumors say Firefox coming to PS3
TS Community
| User Gallery | Recent Discussion |
 New_PC_Mods by simonwong1989 |  >_> by Condor |
 TechSpot at CES 2007 by Julio |  Brief encounter by Akio |
TechSpot RSSInformation Technology
PayPal fixes URL problem used for crime
PayPal claims to have now fixed a vulnerability on their site that could have allowed malicious attackers to steal credit card information from PayPal users. Obviously something that PayPal wanted to stamp out immediately, the flaw involved a cross-scripting attack and saw targeted users getting an e-mail, purporting to be from PayPal, which directed them to a special URL on the PayPal servers. Once they loaded that page, they were given a message that their account had been disabled, and directed to a non-PayPal server in South Korea, with a fake log-in page. This page then harvested private information from the user, such as credit card and Social Security numbers.
The company claims to have now fixed the problem on their servers, and had the Korean server shut down. What remains unknown is how many, if any, users were tricked by this.
"It's pretty awful, actually," said Gartner analyst Avivah Litan. "There's not much consumers can do except monitor their account and watch for visual cues, or download something like the eBay toolbar which warns you about [phishing] sites."
PayPal is warning its users only to enter personal information relating to PayPal services on URLs that begin with https://www.paypal.com/.
The company claims to have now fixed the problem on their servers, and had the Korean server shut down. What remains unknown is how many, if any, users were tricked by this.
"It's pretty awful, actually," said Gartner analyst Avivah Litan. "There's not much consumers can do except monitor their account and watch for visual cues, or download something like the eBay toolbar which warns you about [phishing] sites."
PayPal is warning its users only to enter personal information relating to PayPal services on URLs that begin with https://www.paypal.com/.
User Comments (5)
Post a comment| DragonMaster on June 20, 2006 7:53 AM | Wasn't it a few days ago?
|
| Phantasm66 on June 20, 2006 2:26 PM | Originally posted by DragonMaster: Wasn't it a few days ago? AFAIK this was reported as a problem several days ago, but the fix made the news today.
|
| DragonMaster on June 20, 2006 4:16 PM | The problem was reported days ago, and was fixed days ago also. It just appeared here a bit late.
|
| canadian on June 20, 2006 4:27 PM | I wonder if the new google thing will attract so many spammers, and scammers.
|
| DragonMaster on June 20, 2006 5:30 PM | All depends of the security of the system. Google didn't have much problems with this so we'll see! Better wait to see it getting more popular first.
|
