[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] PayPal users being exploited by XSS Phishing Scam

From: Jeremiah Grossman <jeremiah@xxxxxxxxxxxxxxx>
Subject: [WEB SECURITY] PayPal users being exploited by XSS Phishing Scam
Date: Fri, 16 Jun 2006 08:35:00 -0700

PayPal Security Flaw allows Identity Theft http://news.netcraft.com/archives/2006/06/16/ paypal_security_flaw_allows_identity_theft.html

"The scam works quite convincingly, by tricking users into accessing a URL hosted on the genuine PayPal web site. The URL uses SSL to encrypt information transmitted to and from the site, and a valid 256- bit SSL certificate is presented to confirm that the site does indeed belong to PayPal; however, some of the content on the page has been modified by the fraudsters via a cross-site scripting technique (XSS)."


----------------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/

Prev by Date: [WEB SECURITY] WASC Meet-up at Black Hat (USA 2006)
Next by Date: [WEB SECURITY] Announcement: 'The Web Security Mailing List' RSS Feed now available
Previous by thread: [WEB SECURITY] WASC Meet-up at Black Hat (USA 2006)
Next by thread: [WEB SECURITY] Announcement: 'The Web Security Mailing List' RSS Feed now available
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org