Posts Tagged ‘PayPal’

Microsoft Security EssentialsAdditional protection is designed to prevent conduct phishing attacks against users of the service.

According to the developers of Microsoft, the next time was in supports standard DMARC (domain-based message authentication, reporting & conformance), is a technology improve security authentication protocols in the email.

Support is currently DMARC implemented in such popular resources as Facebook, Paypal and LinkedIn. In this case, in order to implement this standard on these services is to improve the protection of users from phishing and spam.

“Our implementation DMARC help protect you, visually highlighting messages from legitimate sources – the experts explain. – If the sender supports DMARC, we will place the radio button next to the message that indicates the security letters. ” (more…)

AnonymousAt the moment, one of the main defendants in the trial of the protesters ‘Operation Payback’ is a 22-year-old Christopher Weatherhead, which in the days of the Anonymous hacker attacks on PayPal studied at the University of Northampton. At the moment, the activist has denied any involvement in the crime.

Recall that the number of DDoS-attacks conducted participants Anonymous hacker movement in the period between 1 August 2010 and 22 January 2011. Activists were targeted for web-sites of companies MasterCard, Visa, and the portals of the International Federation of the Phonographic Industry and the British Association of the Phonographic Industry, etc. Later attracted the attention of attackers payment system PayPal, which then refused to transfer a donation administration web-site Wikileaks.

Apart Weatherhead-accused are the three other young men, aged 18 to 27 years. Initially, they are all fully admitted their guilt. However, according to the Prosecutor Sandip Patel, one of them confessed to the attack on the portal of the supporters of anti-piracy later changed his mind and said that he wanted to ‘attack the artists.’

The expert also said that the incident was not just the music companies, but also suffered a ‘huge economic loss’ payment system PayPal. Loss of service, which was forced to purchase additional software for protection from DDoS-attacks, hire an expert in information security, and unable to function for several days, in the order of £ 3.5 million. (more…)


SSL implementation flaws

Researchers have discovered an incorrect implementation of SSL encryption that allows for an attack on a huge number of applications and services provided by PayPal, Amazon, Microsoft, Google, Yahoo.

A team of researchers from the University of Texas at Austin and Stanford published a study of reliability mechanisms Validation SSL certificates in “non-browser” software platforms on Linux, Windows, Android and iOS. The subject of the study were the validation SSL implementations in various software and API, based on it. The vector operation was chosen type of attack is the “man in the middle” (MitM).

The main objective of SSL – is to provide mechanisms to protect the end user from the attack of the “man in the middle”. Even if the network is fully compromised: poisoned DNS cache servers, access points, routers, etc. are controlled by an attacker – SSL is required to ensure the confidentiality, authenticity and integrity of data between the client and the server. (more…)


SSL certificates verification

It appears, not only developers of Android-applications sin with illiterate introduction of SSL, but similar mistakes are present at programs of the leading software companies, including Amazon and Paypal.

Illiterate procedure of verification of SSL certificates is found out in mission-critical application, SDK, Java middleware, bank software etc. that opens before malefactors of possibility for MiTM-attack — anything worse than it and it is impossible to present, researchers from Stenfordsky and Texas universities which published scientific work “The most dangerous code in the world consider: verification of SSL certificates out of the browser”. That fact is worthy mentions that the group of the American scientists worked under the direction of the candidate of science of the Texas university Vitaly Shmatikov. (more…)

phishing paypalFraudsters send users a fake notification about refund.

Experts from Hoax-Slayer fixed in the network fake letter allegedly from members of the PayPal payment system for the return of a specific payment.

In a letter to the user is prompted to follow a link to confirm their credentials and make a refund.

Those users who click on the link in the email, get to the page created by phishers. The credentials that you enter on this page are sent attackers. As a consequence, the latter can access a user account in PayPal. (more…)

Warning spam emailTrojan embedded in email, is recognized by virtually all antivirus programs.

The company Webroot reported cyber attack aimed at users of the payment system PayPal. Attackers send letters to potential victims of e-mail in which they were notified of the receipt of payments for $ 208. However, the letter does not specify what services or goods held payment.

It is worth noting that the letter contains a file attachment, which allegedly contains details on making payments.

In fact, the attached file contains a Trojan. The malware is detected by almost all antivirus programs.

Note that this is not the first time that the attackers use Paypal for criminal activity. In particular, in May of this year, scammers send out spam messages to users that contained links to web-resource with two Java scripts that redirect victims to malicious Web site that contains a set of exploits.

Details of the notification Webroot is available here.