Read the Live Hacking article first, it is much better written, so it is lot easier to understand, http://www.livehacking.com/2012/11/02/paypal-bug-bounty-program-not-working-as-well-as-it-should/
But I saw this issue on SC Magazine first http://www.scmagazine.com.au/News/321584,paypal-security-holes-expose-customer-card-data-personal-details.aspx
Neil Smith is the White Hat Hacker that found the vulnerability, his original blog post on the issue is http://l8security.com/post/33876600904/paypal-bug-bounty-a-lesson-in-not-being-a-fuckup
Have to say, he has a catchy title, though his blog post won't be easy to understand unless you have certain minimal coding/computer skills.
The Live Hacking article is the best one for general audience IMHO.
I have blogged about PayPal issues before http://cliffsesportcorner.blogspot.com/2011/12/psa-paypal-make-it-right.html
In that post I mentioned a hack that impacted friends of mine:
"A friend of mine passed away earlier this year, leaving a wife and two
kids, and Paypal donations for them were stolen & Paypal wouldn't
step up then either. So this is the second time this year that I know
of, where Paypal doesn't really seem to want to step up and make it
right."
No comments:
Post a Comment