Sign in / up

back to article PayPal plugs phishing-enabling vulnerability, stumps up $500

PayPal has patched a flaw which created a means for miscreants to abuse its platform to lend authenticity to fraudulent or otherwise malicious emails. The input validation and mail encoding web vulnerability in the official PayPal online web app was discovered by Vulnerability Laboratory researcher Benjamin Kunz Mejri. The …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Swarthy

    Paypal fixed a fraud-enabling bug?

    I call April Fools on this one.

    4 0 Reply
  2. Anonymous Coward
    Anonymous Coward

    $500...???

    Wow, the cost of a night-out partying in Moscow! Don't go crazy, spend it all!

    At that rate who wants to switch to security / bug hunting.... Let Paypal die!

    7 0 Reply
    1. Tromos
      Reply Icon

      Re: $500...???

      With ultra-generous payouts like that, Paypal customers can rest assured that any exploits discovered will be immediately reported to Paypal and not fall into the hands of miscreants who could never hope to match such a vast sum.

      9 0 Reply
    2. Diziet Sma
      Reply Icon
      Pint

      Re: $500...???

      $500 won't go far on a night out in moscow, unless you only meant beer.

      0 0 Reply
  3. MR J

    He should be glad he got $500

    I reported a problem to Netgear about 18 months ago that allows people to see the admin username and password via the public IP/wan side by just using a crafted URL (no special tools required!).

    Their reply to me was that the bug does not exist in new devices so it is a non-issue.

    I know this affected many devices, but they don't actually care.

    All I got out of it was a "bug verified - support ticket closed".

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like