Information Security News mailing list archives
Australian teen uncovers security flaw in PayPal
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 15 Aug 2014 14:04:20 +0000 (UTC)
http://www.theage.com.au/it-pro/security-it/australian-teen-uncovers-security-flaw-in-paypal-20140815-1044cx.html By Ben Grubb Deputy technology editor The Age - IT Pro August 15, 2014An Australian teenager who found a security flaw in an Australian public transport authority's website has found another serious vulnerability, this time in the site of global payments provider PayPal.
The flaw, uncovered by 17-year-old Melbourne schoolboy Joshua Rogers, allowed hackers to bypass the payment provider's two-factor authentication system, which adds an extra layer of optional security via a one-time code sent via SMS to the user, or a number generator card.
With access to a victim's PayPal account using the flaw, a hacker could have purchased items online or withdrawn money sitting in the account.
Joshua told Fairfax Media via email that he published a blog post on August 4 with a link to a YouTube video demonstrating the issue after the payment company ignored his initial email about the flaw on June 5.
[...] -- Evident.io - Continuous Cloud Security for AWS. Identify and mitigate risks in 5 minutes or less. Sign up for a free trial @ https://evident.io/
Current thread:
- Australian teen uncovers security flaw in PayPal InfoSec News (Aug 15)