PayPal fixed an issue that could have allowed an attacker to hijack OAuth tokens associated with any PayPal OAuth application.
Tag Archives: PayPal
PayPal Fixes CSRF Vulnerability in PayPal.me
PayPal recently fixed a vulnerability on its PayPal.me site that could’ve let an attacker change a user’s profile without their permission.
Registered the wrong email with paypal? Say goodbye to your money…
Every type of person is a PayPal person. Each day, hundreds of well-known investors and business magnates are added to the list, like Peter Thiel, one of the original Facebook investors, or the South African tycoon Elon Musk, who is the CEO of both Tesla and SpaceX.
A good part of the internet already uses PayPal. It has become the leading digital payment service because of its overall excellence: it is convenient, simple-to-use, and for the most part, safe. Another part of its success is due to the fact that, often, it is the only payment method available, leaving those who want to complete their purchase only one option: to create a PayPal account.
Don’t have an account but are considering getting one? Be very careful while completing the new user form. The slightest mistake made while typing the email address can have very serious consequences. This is a not only a problem for PayPal, but for the worldwide web, but PayPal’s case is particularly important because with the service, our money is, literally, on-the-line.
The slightest mistake when typing your email can have very serious consequences
“Pay” attention to the simple things
While registering for an account, always look for two fields to enter your email address: one to fill in and one to verify. What if there isn’t a blank space to verify your email? Proceed with caution. If you complete the email incorrectly, your account information could be sent to another email address, and ultimately your profile could be controlled by another person.
You aren’t required to check your email for a “confirmation” before you begin to use the PayPal service. You do not need to click a link sent to your Inbox to prove that you’re the owner of the email account. So if you type the wrong email, a stranger could kick you out of your account (they only have to change your password!) A stranger could gain access to your money because of one silly mistake.
Many important websites share this problem, like the popular car share service, Uber. However, the consequences of a log-in error while using PayPal are much graver than with other companies because the company sells itself on being a safe site for internet payments.
The post Registered the wrong email with paypal? Say goodbye to your money… appeared first on Panda Security Mediacenter.
Java Serialization Bug Crops Up At PayPal
PayPal has rewarded two researchers with bug bounties for the discovery of a Java serialization vulnerability in manager.paypal.com
Recent scams in my spambox
Being a marketing-communications guy, I’m not as geeky about software technology as some at Avira are – my geekiness is more aligned to any communications I see, which includes the ‘voices’ of spammers. I like to dig through my spam folder and analyze the ways that spam/scam writers communicate. Common Viagra or penis-enlargement topics aside, I’m particularly interested in the rhetoric that scammers use to trick people into clicking, thinking the email is legit (even if the email is already in the reader’s spam folder!).
The post Recent scams in my spambox appeared first on Avira Blog.
PayPal says: This Microchip Will Be Your Password
First off there is Yahoo, who wants you to unlock mobile phones with your ears and knuckles. Then there is research going on which is centered on the “secrets” you and your smartphone share. And now PayPal has its own idea on what the new way to make your password safe and easy should look like.
The idea is actually a rather simple one. Instead of having to remember your password and trying to make sure that it stays really secure so that no one can steal it, PayPal wants you to swallow a pill. It’s not a normal pill though but one which thrives in the acid environments of your stomach. Embedded in it is a tiny microchip with all relevant information – it will allow you to log into your account without ever having to create and/or remember a password again.
According to PayPal the next wave of passwords will be edible, ingestible or injectable.
Johnathan Leblanc, the Global Head of Developer Evangelism at PayPal, believes that the next wave of passwords will be edible, ingestible or injectable and will remove the – what he calls – “antiquated” ways of confirming your identity. To protect against being hacked all data would be of course encrypted.
Find out more about this and other ideas from PayPal in the report from the Wall Street Journal.
The post PayPal says: This Microchip Will Be Your Password appeared first on Avira Blog.
Three reasons to be excited about: Mobile Payments
While paying through a mobile device, wearable or digital card may seem like a high-tech near future, the reality is that mobile payments are already soaring around the globe.
Earlier in April, GSMA Mobile Money for the Unbanked (MMU) released its 2014 State of the Industry Report on mobile financial services. The report indicates that there are already 255 mobile money services in operation across 89 countries and in over 60% of developing markets.
The arrival of major tech and finance players such as Apple, VISA and Samsung have brought the mobile payments into the spotlight and into the mainstream.
Here we look at three of the most interesting developments in recent months:
Digital Credit Cards
While generally still in the beta phase, digital credit cards promise to consolidate the bulk of a wallet or purse into a single card.
The idea is to forgo multiple cards and instead have a single digital card that can be programmed with the details of all your other payment and membership cards. At the touch of a button, your American Express card can become your Starbucks loyalty card. Pretty neat!
There are several major players in this space including Coin, Plastc, Swyp and Wocket.
Mobile payments are getting full backing
There’s recently been some good news for those worried about storing money in online services such as Apple Pay, PayPal or Google Wallet.
According to Yahoo Finance, the Feder Deposit Insurance Corporation (FDIC) now insures funds stored in Google Wallet.
This means that should anything happen to Google or one of the banks holding your money, your digitally stored funds are protected by the US federal government.
While most of us use services such as PayPal to directly make payments rather than actually store money, it’s reassuring to know that online digital balances are starting to get the same government protection offered to the traditional banking system.
Mobile payments are going social
One of the most interesting developments in the mobile payment space has been the land grab by several social networks to integrate payment services into their platforms. Both Facebook and Snapchat have both got involved.
The rise of dedicated social payment services is also worth noting. Payment service Venmo has already risen to prominence (although not with a few security hiccups on the way).
I personally see social and banking as two diametrically opposed services. One should be private, secure and personal, the other open public and shared.
The fact of the matter is that there’s clearly a demand for a payment protocol with inbuilt social features so expect to see a whole lot more activity in this area in the coming months.
The Biggest Hacks of 2014
There were a number of big security breaches during 2014, but which was the biggest? We count down the top 5.
The post The Biggest Hacks of 2014 appeared first on We Live Security.
Top 5 tips for safer Paypal payments
Paypal is one of the safest ways to make online payments, but there can still be security breaches if you’re not careful. Keep in mind these top 5 tips when paying online or sending money to your contacts
The post Top 5 tips for safer Paypal payments appeared first on We Live Security.
PayPal bug bounty catches account-hijacking vulnerability
Popular internet payment provider PayPal has fixed an exploit that would have allowed hackers to take over an account with a single click, reports The Register.
The post PayPal bug bounty catches account-hijacking vulnerability appeared first on We Live Security.