PayPal

An unpatched vulnerability affecting PayPal’s mobile applications can be exploited to access restricted accounts and even bypass the two-factor authentication (2FA) mechanism, a researcher claims.

PayPal can ask users to confirm their identity for fraud protection and due to regulatory obligations. When users are asked to verify their identity, they are blocked from accessing their account and instructed to call or email PayPal to complete the process.

To Jonathan LeBlanc, global head of developer advocacy at PayPal, the problem is simple: "Passwords are not secure, they need to be replaced."

That's the basic premise of a presentation he's giving at tech gatherings around the world called "Kill All Passwords." "Passwords are so complex it's just a system that doesn't work anymore," said CNET editor Dan Ackerman.

A teenage Australian ‘white hat' hacker who found a flaw in PayPal's authentication system in June has now gone public on the problem because PayPal has still not fixed it.

PayPal was left fighting a rear-guard action last night after it emerged the fingerprint scanner seen on the Samsung Galaxy 5 smartphone can easily be bypassed.

Germany's Security Research Labs says the spoofing system allows access to a user's PayPal account, which is an important issue since a key feature of the scanner is one-step access to the PayPal money payment system - effectively replacing the user's ID and password with a fingerprint swipe.

Thirteen people recently pled guilty to charges related to their involvement in DDoS attacks against PayPal in December 2010. The attacks were launched in response to PayPal's refusal to accept donations for WikiLeaks (h/t The Register).

The 13 are Christopher Wayne Cooper, Joshua John Covelli, Keith Wilson Downey, Mercedes Renee Haefer, Donald Husband, Vincent Charles Kershaw, Ethan Miles, James C. Murphy, Drew Alan Phillips, Jeffrey Puglisi, Daniel Sullivan, Tracy Ann Valenzuela and Christopher Quang Vo.

Thirteen people have pleaded guilty to charges they were involved in a 2010 cyberattack on PayPal for the eBay unit's refusal to process payments for WikiLeaks.

The hacktivist collective claimed responsibility for engineering the December 2010 distributed-denial-of-service attack in retaliation for the online payment processing company's suspension of an account linked to WikiLeaks after the document-leaking organization released a large number of classified documents.

In the hacking world, it takes one to know one. For many corporations, the best defense against hackers is to actually hire a hacker and pay him or her to break into their sites or databases and expose weaknesses in a benign manner. There aren’t that many “white hat” hackers out there, and one of the most in-demand of these hackers is Israeli Shai Rod.

Now, add another feather to Rod’s cap. He was named one of the top ten hackers who have helped PayPal make its site more secure, with his name tacked onto PayPal’s virtual Wall of Fame.

A 17-year-old German student contends PayPal has denied him a reward for finding a vulnerability in its website.

Robert Kugler said he notified PayPal of the vulnerability on May 19. He said he was informed by email that because he is under 18 years old, he did not qualify for its Bug Bounty Program. He will turn 18 next March.

Hackers stole from many PayPal accounts in Singapore in the past two months, highlighting the need for a higher level of security for accessing online accounts.

The losses range from $50 to more than $3,000, with many victims saying this was the first time it had happened to them.

If you run into problems trying to remember a password on your mobile or computer when trying to buy something, then things could be about to get easier.

The days of the lowly password are numbered.

The fact is that the way we users typically deal with having multiple passwords for our online accounts makes us too vulnerable to spyware, phishing and identity theft. Many of us rely on the same password, while many more of us only use three or four passwords. Ideally, the best password would be something like Az1f6&jWz - but you'd never remember it.