Looks like someone forgot to close a bracket, the PDF link extends to all the text below it. Also, the mobile site has no 'send corrections' link.
eBay-owned PayPal has plugged a vulnerability that potentially allowed thieves to seize control of merchants' online stores and empty the shelves. The bug – discovered by security researcher Mark Litchfield of Securatary – affected PayPal Manager, which is used to manage PayFlow accounts by people selling stuff online. PayPal …
A proper corporate would have brought the cops in to arrest the security researcher, lobbied for harsher penalties for "computer crime" and, of course, left the bug un-patched for the next CIO to deal with. Oh, and blamed $ENEMY_DU_JOUR for the subsequent slurp of customer info from the unencrypted file in the web root named "customer-info_-_full.txt" right next to the recently renamed file "dot-htaccess"
Anuj from PayPal here. This story is from last week.
The potential vulnerability was responsibly reported to PayPal by the security researcher before he went public and quickly addressed by the PayPal team. PayPal has conducted a thourough investigation of this situation and can confirm that there is no evidence that PayPal customer information was compromised.
Biting the hand that feeds IT © 1998–2022