Browser flaw exposes PayPal to hackers

by Chris Dawson



There’s a serious hole blown in PayPal’s security, and there’s very little that PayPal themselves can do to protect users against the exploit.

Internet Explorer, Google Chrome or Apple Safari browsers running on Windows are all affected and the only safe browser is the latest versions of Firefox (version 3.5 or later).

Basically there is a flaw in Microsoft’s CryptoAPI used by many Internet browsers which allows a hacker to display authentic looking pages with https:// URLs. Normally https:// web addresses are secured by SSL certificates, but the flaw allows use of SSL certificates from other sources to be used to replace the PayPal certificate and it’s impossible for the user to spot the difference.

The security flaw was first published in July and Microsoft are yet to release a fix. Until then best practice has to be to use the Firefox browser to access PayPal.

Share this post:

  • Add to favorites
  • del.icio.us
  • Digg
  • Facebook
  • Google Bookmarks
  • LinkedIn
  • Netvibes
  • NewsVine
  • Posterous
  • Reddit
  • StumbleUpon
  • Twitter
  • Tumblr
  • email

Tags for this post: , ,
Author: Chris Dawson
Posted at: Tuesday, October 6th, 2009 at 4:05 pm
Filed Under Paypal
 

6 Responses on "Browser flaw exposes PayPal to hackers"

  1. 1
    Bigpoppa says:
    October 6, 2009 at 5:20 pm

    It’s worth pointing out that Firefox run a pretty good affiliate programme:

    http://www.spreadfirefox.com/affiliates/utw

    Spread the word

  2. 2
    Henrietta of RedINKdiary says:
    October 6, 2009 at 9:16 pm

    Thank you very much for this news.

  3. 3
    philip says:
    October 7, 2009 at 1:56 am

    I like using firefox. It seems to be much faster than internet explorer and I never get the not responding notice. My friend tells me firefox is developed
    by many different contributors and he thinks its more prone to hackers.

    • 3.1
      Nitbuntu says:
      October 7, 2009 at 10:02 am

      I don’t use Internet Explorer (I use firefox) or Windows (I use Linux), so hopefully should be safe enough.

      The comment about open-source being more prone to hackers does not hold much currency, when you think about all the security flaws that IE has had to deal with throughout its history.

      With the source code being open, the fixes to security flaws and bugs are actually much faster to develop. Where you might be waiting months for a security fix from Microsoft, you may only have to wait a few days for one to come through with Firefox or Linux.

  4. 4
    JP says:
    October 7, 2009 at 2:08 pm

    Microsoft should spend money on fixing IE instead of patching vista up like a road crash victim. I spent 2 hrs downloading the latest patch which seemed to crash turbo lister hmmm :x