BreachExchange mailing list archives
PayPal security holes expose customer card data, personal details
From: security curmudgeon <jericho () attrition org>
Date: Fri, 2 Nov 2012 12:20:50 -0500 (CDT)
http://www.scmagazine.com.au/News/321584,paypal-security-holes-expose-customer-card-data-personal-details.aspx PayPal security holes expose customer card data, personal details By Darren Pauli on Nov 1, 2012 2:46 PM Bug bounty failure spurs disclosure. Dangerous website flaws have been discovered in PayPal that grant attackers access to customer credit card data, account balances and purchase histories. The holes - which still exist - were recently discovered by a security researcher. One of the holes was publicly disclosed after a failed effort in July to responsibly disclose them under PayPal's bug bounty program. Neil Smith from Texas-based outfit Zing Checkout found that attackers could log into publicly-accessible PayPal administrative sites via authorisation bypass and cross site scripting (XSS) vulnerability. [..] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- PayPal security holes expose customer card data, personal details security curmudgeon (Nov 02)