Critical vulnerability found in PayPal

Posted: March 23rd, 2012 | Author: | Filed under: Hot Buzz | Tags: , ,

” Heise Security ‘is the operator of the online payment service PayPal drew attention to a critical vulnerability on the companion website at a central location. Meanwhile, the issue is resolved.

The problem addressed is related to the search function on the PayPal pages. Due to a critical error, indicated there were no user input is filtered correctly. An attacker could therefore easily inject specially crafted URL in the code page of PayPal.

Specifically, one could find the error on the secure website using SSL, the other takes place under the customer login and payment transactions are carried out. Whether the cross-site scripting vulnerability (XSS) has been exploited successfully is not currently known. According to PayPal the problem, however, was done away with.

If PayPal is a TÜV Saarland approved payment system. Reinhold bushel, managing director of the assurance company tekit Consult informed in this regard that the found vulnerability at the time the test is not necessarily needed to be already present. Concrete would not answer questions on this topic PayPal.

Mobile Payments Now Available for Android-based devices

Posted: May 29th, 2010 | Author: | Filed under: Internet, Mobile Phone | Tags: , , , ,

PayPal has available its library of payments for devices based on the Google Android operating system.

Ti Journal: This library allows you to add PayPal as a watchdog for personal payments, gifts, goods physical and services sold through mobile devices using the Android platform without having to worry about maintaining the security of personal financial information.

PayPal also recently announced the opening of the beta version of its library of mobile payments and iPhone the developer community is already making good use of it.

In addition, PayPal offers another important development: PayPal X Toolkit for Google App Engine (GAME), a platform for the development and operation of Web applications and cloud services from Google.

These tools help developers to incorporate payments securely and easily into their applications and services built on the platform EAG. With them, co-payments can be processed allowing large number of applications in different markets.