Your name or email adress:
Do you already have an account?
Forgot your password?
  • Log in or Sign up


    Results 1 to 3 of 3
    1. #1
      Jahness's Avatar
      Jahness is offline OniOni Warrior

      Join Date
      Mar 2005
      Location
      In amerikkka! Stolen from Afrika!
      Posts
      6,827
      Thumbs Up/Down
      Received: 1/0
      Given: 18/0
      Rep Power
      616

      Arrow Phishing scam uses PayPal secure servers


      0 Not allowed! Not allowed!
      Phishing scam uses PayPal secure servers


      Peter Sayer,
      IDG News Service - MacCentral

      A cross-site scripting flaw in the PayPal Web site allows a new phishing attack to masquerade as a genuine PayPal login page with a valid security certificate, according to security researchers.

      Fraudsters are exploiting the flaw to harvest personal details, including PayPal logins, Social Security numbers and credit card details, according to staff at Netcraft Ltd., an Internet services company in Bath, England. The PayPal site, owned by eBay, allows users to make online payments to one another, charged to their credit cards, and login credentials for the service are a prized target of fraudsters.

      The attack works by tricking PayPal members into following a maliciously crafted link to a secure page on PayPal's site. Anyone thinking to check the site's security certificate at this point will see that it is a valid 256-bit certificate belonging to the site, Netcraft employee Paul Mutton wrote in the company's blog on Friday.

      However, the URL exploits a flaw in PayPal's site that allows the fraudsters to inject some of their own code into the page that is returned, he wrote. In this case, the result is a warning that the user's account may have been compromised, and that they "will now be redirected to Resolution Center." The page to which they are redirected asks for their PayPal account details -- but thanks to the cross-site scripting flaw in the PayPal site, and the data injected into the URL by the fraudsters, the page is no longer on the PayPal site. Instead, the page steals the login details and sends them to the fraudsters' server, then prompts the user for other personal information, Mutton said.

      The Web server harvesting the personal details is hosted in Korea, Mutton said.

      The cross-site scripting technique makes the phishing attempt difficult to detect, said Mike Prettejohn, also of Netcraft.

      If the malicious link arrived by e-mail, then "there would be clues in the mail that it's not genuine," he said. "It's a technique chosen by fraudsters because it is hard to spot."

      Although there could be benign uses of cross-site scripting to transfer data between sites, the technique has an inherent security risk, Prettejohn said. "I don't think people would intentionally use it," he said.

      "If somebody knows there's a cross-site scripting opportunity on their site, the right thing to do would be to fix it," he said.

      Staff at PayPal could not immediately be reached for comment.

      http://news.yahoo.com/s/macworld/pay...JlYmhvBHNlYwM-

      Copyright © 2006 Mac Publishing LLC
      Posted In The Spirit of Learning & Sharing
      One Love & Respect Always

      ***************************************
      The Quest for knowledge stops at the grave.
      HIM Emperor Haile Selassie I.


      If you fail to prepare,
      you are preparing to fail!


      Mind what you want, because someone wants your mind.

      Working together, the ants ate the elephant.


    2. #2
      Mamazen's Avatar
      Mamazen is offline Eco Friendly And Green!!

      Join Date
      Nov 2005
      Location
      Land of the Little Pan-African Cloth Peoples
      Posts
      1,732
      Blog Entries
      11
      Thumbs Up/Down
      Received: 1/1
      Given: 0/0
      Rep Power
      250

      0 Not allowed! Not allowed!
      Quote Originally Posted by Jahness
      Phishing scam uses PayPal secure servers


      Peter Sayer,
      IDG News Service - MacCentral

      A cross-site scripting flaw in the PayPal Web site allows a new phishing attack to masquerade as a genuine PayPal login page with a valid security certificate, according to security researchers.

      Fraudsters are exploiting the flaw to harvest personal details, including PayPal logins, Social Security numbers and credit card details, according to staff at Netcraft Ltd., an Internet services company in Bath, England. The PayPal site, owned by eBay, allows users to make online payments to one another, charged to their credit cards, and login credentials for the service are a prized target of fraudsters.

      The attack works by tricking PayPal members into following a maliciously crafted link to a secure page on PayPal's site. Anyone thinking to check the site's security certificate at this point will see that it is a valid 256-bit certificate belonging to the site, Netcraft employee Paul Mutton wrote in the company's blog on Friday.

      However, the URL exploits a flaw in PayPal's site that allows the fraudsters to inject some of their own code into the page that is returned, he wrote. In this case, the result is a warning that the user's account may have been compromised, and that they "will now be redirected to Resolution Center." The page to which they are redirected asks for their PayPal account details -- but thanks to the cross-site scripting flaw in the PayPal site, and the data injected into the URL by the fraudsters, the page is no longer on the PayPal site. Instead, the page steals the login details and sends them to the fraudsters' server, then prompts the user for other personal information, Mutton said.

      The Web server harvesting the personal details is hosted in Korea, Mutton said.

      The cross-site scripting technique makes the phishing attempt difficult to detect, said Mike Prettejohn, also of Netcraft.

      If the malicious link arrived by e-mail, then "there would be clues in the mail that it's not genuine," he said. "It's a technique chosen by fraudsters because it is hard to spot."

      Although there could be benign uses of cross-site scripting to transfer data between sites, the technique has an inherent security risk, Prettejohn said. "I don't think people would intentionally use it," he said.

      "If somebody knows there's a cross-site scripting opportunity on their site, the right thing to do would be to fix it," he said.

      Staff at PayPal could not immediately be reached for comment.

      http://news.yahoo.com/s/macworld/pay...JlYmhvBHNlYwM-

      Copyright © 2006 Mac Publishing LLC

      Wow...

      And I use and trust Pay-pal.

      Things are turning out to be not what they seem on all levels.

    3. #3
      Jahness's Avatar
      Jahness is offline OniOni Warrior

      Join Date
      Mar 2005
      Location
      In amerikkka! Stolen from Afrika!
      Posts
      6,827
      Thumbs Up/Down
      Received: 1/0
      Given: 18/0
      Rep Power
      616

      Arrow


      0 Not allowed! Not allowed!
      Quote Originally Posted by mamazen
      Wow...

      And I use and trust Pay-pal.

      Things are turning out to be not what they seem on all levels.
      Greetings Mamazen!

      Nothing is safe these days when it comes to all these phishing scams. And no one service is more vulnareable than the next.

      We all have to be extremely careful when using any type of online service especially if it deals with financial or personal information.

      These thieves will stop at nothing so we all have to stay alert and always pay close attention to the details of what we are doing.

      Prevention is always better than a cure. We all have to use our own discretion. As we are seeing every day we cannot rely on these companies services we rely on to protect us.

      Much appreciation sister for taking the time to share.

      Peace & Blessings of Afrikan Love!
      Posted In The Spirit of Learning & Sharing
      One Love & Respect Always

      ***************************************
      The Quest for knowledge stops at the grave.
      HIM Emperor Haile Selassie I.


      If you fail to prepare,
      you are preparing to fail!


      Mind what you want, because someone wants your mind.

      Working together, the ants ate the elephant.


    Thread Information

    Users Browsing this Thread

    There are currently 1 users browsing this thread. (0 members and 1 guests)

    Similar Threads

    1. Africa: How to Avoid Festive Season Phishing Scams
      By TTDC Bot in forum Afrikan News RSS Feed
      Replies: 0
      Last Post: 12-15-2015, 01:01 AM
    2. Have You Fixed Your Company's DNS Servers?
      By Jahness in forum P C Tech Advice & Technology
      Replies: 0
      Last Post: 07-18-2008, 01:07 PM
    3. Our Servers
      By Idris24434 in forum P C Tech Advice & Technology
      Replies: 3
      Last Post: 08-31-2006, 03:15 PM
    4. IndyMedia Gets Its Servers Back
      By IfasehunReincarnated in forum Afrikan World News
      Replies: 1
      Last Post: 10-20-2004, 08:17 PM

    Thread Participants: 1

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •  


    About

      Assata Shakur Speaks is an Forum Devoted To Assata Shakur And All Political Prisoners Around The World.
      Assata Shakur Speaks Is An Oasis Of Pan African Information Geared Towards The Liberation Of Afrikan People.

    Follow Us On

    Twitter Facebook youtube Flickr DavianArt Dribbble RSS Feed



    BACK TO TOP