paypal

PayPal XSS vulnerability affects EV SSL

A new attack on PayPal could have allowed users who thought they were on a trusted page to access a fraudulent page and possibly expose personal information. On Friday, Finnish researcher Harry Sintonen reported the vulnerability on an IRC chat room.

In an interview with Netcraft, Sintonen said the issue was critical. "You could easily steal credentials." He added that in this case you can't trust the URL http://www.paypal.com.

A few weeks ago PayPal announced it would block users whose browsers did not support EV SSL. Sintonen, who is credited with finding an XSS attack on Barack Obama's Web site … Read more

Slide's Levchin: Measuring success in virtual pregnancy tests

SAN FRANCISCO--In his keynote address Wednesday at the Web 2.0 Expo here, PayPal co-founder Max Levchin said his current company, social-network application developer Slide, will prevent social sites from becoming fads.

Pretty ambitious for a start-up that made a name for itself by letting you throw virtual sheep at your friends on Facebook. (That'd be SuperPoke, a delightfully pointless Slide application.)

Levchin, interviewed onstage by Forrester Research analyst Charlene Li, was recently crowned Web 2.0's poster boy--as bestowed upon him by Portfolio magazine, which put him on the cover with the caption "Brilliant!" and … Read more

Webware 100 winner: PayPal

PayPal was one of the first services to let people exchange money online. It was popularized--and later purchased--by eBay, PayPal is one of the most widely recognized payment systems on the Internet. It's used in online auctions and stores as a way to control and manage payments.

PayPal has survived throughout the years by charging fees to its sellers. Buyers in online auctions and those making donations via the service aren't charged these fees.

One of the reasons people choose to use PayPal over other services is its buyer protection and anonymization services, which offer some protection against … Read more

Buzz Out Loud 707: Space is cancelled

The Russians have canceled their space tourism program, because space is too serious to monetize. Also, Skype offers unlimited long-distance on...phones. VoIP is so dead. You heard it here first. In other news, Microsoft bonanza: Windows predictions, welcoming ethical hackers, and burning down your house. Listen now: Download today's podcast EPISODE 707

Skype offers unlimited long-distance plan http://www.reuters.com/article/companyNewsAndPR/idUSN2141013920080421

Google tops Microsoft, Apple in brand power http://www.news.com/8301-10784_3-9924273-7.html

Britannica makes content free with widgets, publisher registration http://www.news.com/8301-10784_3-9923867-7.html

Hackers cancel attack on CNN http://www.pcworld.com/businesscenter/article/144850/hackers_cancel_attack_on_cnn.html… Read more

Gmail glitch hampers PayPal use

A problem this week hampered some Gmail users trying to use their PayPal accounts.

The problem caused Gmail to reject some legitimate PayPal service e-mails, Google confirmed in a statement Friday. The problem, reported Tuesday, prevented people from using Gmail to receive confirmation e-mails, set up new accounts, or reset passwords for eBay's online payment system.

The problem "affected a very limited number of users," Google said. "We worked quickly to fix the problem, and we apologize for any inconvenience this issue may have caused." The company encourages those with technical difficulties to report them … Read more

PayPal considers blocking browsers

PayPal is seriously considering blocking some browsers from accessing its site, according to a paper (PDF) available to shareholders.

Titled "A Practical Approach to Managing Phishing," the paper admits that there's no one silver bullet to prevent fraudsters from making money on the Internet. However, authors Michael Barrett, PayPal's chief information security officer, and Dan Levy, the company's senior director of risk management for Europe, say companies could and should start addressing five specific areas:

Prevent fraudulent e-mail from getting into users' in-boxes

Prevent phishing sites by shutting them down

Authenticate users so that stolen … Read more

Psystar still down as Powerpay explains its decision

Psystar's store remained down on Friday, as its former payment-processing company expanded its explanation of why it pulled its services from the computer maker's site.

Anyone who might have wanted to order an Open Computer last night or today has been stymied by the second interruption in Psystar's online store.

The first interruption, on Wednesday, was caused when Powerpay pulled its services after Psystar violated the terms of its agreement, as reported by CNET News.com.

My colleague Richard Koman, at ZDNet, obtained a statement from Powerpay's CEO, explaining the reasons why his company pulled Psystar'… Read more

Buzz Out Loud 706: 'U can't haz Internet,' sez AT&T

AT&T threatens that the Internet is going to run out by 2010, and apparently, it's because everyone's watching Gossip Girl online. Luckily, The CW has caught on to the danger and is pulling Gossip Girl offline so the hordes won't keep watching it on their Web site. Because that would be just plain dangerous. Also, Microsoft, Nintendo, and Sony are all number one! Just ask them! Listen now: Download today's podcast EPISODE 706

PayPal plans to ban unsafe browsers http://www.eweek.com/index2.php?option=content&task=view& amp;id=47667&pop=1&hide_ads=1&page=0&hide_js=1… Read more

Google, PayPal introduce political-phishing defenses

In the last few months, both Google and eBay unit PayPal have quietly rolled out new online-payment solutions that specifically target Internet-based political-campaign contributions.

While the companies primarily pitch their new products as methods for "attracting more supporters" and "increasing online giving to your campaign," the Internet titans have also laid the groundwork for phishing-resistant campaign contributions.

In a research paper released last year, Markus Jakobsson, Oliver Friedrichs, and I wrote about the looming threat of phishing Web sites posing as legitimate political-campaign sites.

The phishing problem is a particular threat to campaign sites, for a … Read more

eBay's PayPal to buy Fraud Sciences

Correction 9:30 a.m. PST: This blog initially misstated the day the deal was announced. It is Monday.

eBay company PayPal announced Monday it plans to acquire Fraud Sciences in a cash deal valued at $169 million.

Fraud Sciences, a privately held Israeli company, will lend its online risk tools and analytics to both eBay and PayPal's fraud management systems. Fraud Sciences' technology will also be baked into the companies' next-generation fraud detection tools.

Just last June, eBay was busy trying to nab fraudsters in Romania. The company said thieves were trying to lure losing bidders off the … Read more