PayPal security compromised with XSS flaw

No primary category set

Over a year ago PayPal were one of the first sites to implement EV SSL, which is the technology that turns your browser address bar green for known safe sites and red for known spoof sites.

The idea behind EV SSL is that users can easily tell if they are on a known safe site and be warned if they’re on a spoof site. That’s no longer the case though, a Finnish researcher Harry Sintonen, has discovered a cross-site scripting vulnerability on PayPal, which bypasses the EV SSL leaving your browser with the green safe known site indicator.

The only indication that something out of the ordinary is occuring is a pop up alert with the message “Is it safe?” which it most certainly is not.

PayPal are working to close the exploit and emphasised that the exploit was not used in any phishing attacks.

One Response

  1. I have never used these safety bars – the first time I downloaded the ebay one, my computer slowed to a crawl, and kept crashing, so I uninstalled it and never tried another one.

    In any case, common sense and prudence are equally as important as green bars…

RELATED POSTS..

Amazon Disbursements held due to unmet UK business establishment requirements unfreeze disbursements says Minister

Enterprise minister tells Amazon unfreeze disbursements

Amazon Disbursements held due to unmet UK business establishment requirements unfreeze disbursements says Minister

Amazon Disbursements held due to unmet UK business establishment requirements

Ecommerce SNAFU - Swearing & Cancelled Deliveries

Ecommerce SNAFU – Swearing & Cancelled Deliveries

PayPal USD Stablecoin launched pegged to US$

PayPal USD Stablecoin launched pegged to US$

eBay.com available quantities glitch

eBay.com available quantities glitch

ChannelX Guide...

Featured in this article from the ChannelX Guide – companies that can help you grow and manage your business.

Latest

Take a look through a selection of the latest articles on ChannelX

Register for Newsletter

Receive 5 newsletters per week

Gain access to all research

Be notified of upcoming events and webinars