PayPal

A consortium including PayPal and Lenovo, the world’s second-largest PC manufacturer, has launched a set of technology standards that could reduce reliance on passwords, potentially making online accounts more secure.

Under the standards put forward by the FIDO Alliance, the device a person is using to log in to an account would play a more central role in authentication. That would make it impossible to compromise accounts by stealing passwords, as hackers did in order to break into Twitter this month and LinkedIn last year.

Andy Steingruebl wants you to know that he's a glass-half-full kind of guy when it comes to information security.

The reason for this optimism is not strictly rooted in the groundbreaking work that Steingruebl, senior manager of customer and ecosystem security for PayPal, and his team are doing to protect users from today's assortment of internet threats.

A 22-year-old U.K. man was convicted for his involvement in a series of distributed denial-of-service attacks launched by the hacktivist group Anonymous against PayPal, MasterCard, Visa and other companies in 2010.

Christopher Weatherhead, of Northampton, U.K., was convicted Thursday at London's Southwark Crown Court on one count of conspiracy to impair the operation of computers, contrary to the U.K. Criminal Law Act of 1977, the U.K.'s Crown Prosecution Service said in a blog post.

Dangerous website flaws have been discovered in PayPal that grant attackers access to customer credit card data, account balances and purchase histories.

The holes — which still exist — were recently discovered by a security researcher.

One of the holes was publicly disclosed after a failed effort in July to responsibly disclose them under PayPal's bug bounty program. Neil Smith from Texas-based outfit Zing Checkout found that attackers could log into publicly-accessible PayPal administrative sites via authorisation bypass and cross site scripting (XSS) vulnerability.

Technical problems for payments giant PayPal left some U.K. customers left in the lurch while their transactions were left for scrutiny by staff after they were held for additional security checks.

A number of PayPal users were left unable to automatically process payments after their money was sent for review, following changes to the payments system that was meant to ultimately speed up transactions.

 PayPal has had its share of public black eyes but now has its eye on improving its reputation.

After ordering a violin smashed earlier this year and freezing an account designed to let people donate toys to underprivileged children, the payment processor appears to be trying to put a more human face on its corporate image.

After cutting ties to Wikileaks in 2010, and after this year’s raid against Megaupload, PayPal is now imposing increasingly stringent conditions on various online file-sharing sites. According to TorrentFreak, PayPal has recently changed its terms of service, making requirements for file-sharing and newsgroup services far tighter than before.

PayPal has joined the likes of Google and Facebook by announcing Thursday that it will begin paying researchers who discover vulnerabilities on its website.

The online money transfer service's CISO, Michael Barrett, said he initially had mixed thoughts about implementing a rewards program, but data has backed up its effectiveness. PayPal will pay for bugs that fall into four categories: cross-site scripting, cross-site request forgery, SQL injection and authentication bypass.

The compensation will be based on severity, but specific criteria was not provided.

Yahoo's new CEO, Scott Thompson, is under fire for telling the SEC (and Yahoo's board) that he had a computer science degree from Stonehill College when he does not have one.

Yahoo shareholder Dan Loeb, the hedge fund manager of Third Point who is also in the middle of a proxy war against Yahoo, is leading the charge.

After months of trials with NFC-powered mobile payments, PayPal announced earlier this month that it would be abandoning the technology entirely. The company will instead be adopting a mobile payment system of its own, whose security measures are claimed to be unbeatable.