An unpatched vulnerability affecting PayPal’s mobile applications can be exploited to access restricted accounts and even bypass the two-factor authentication (2FA) mechanism, a researcher claims.
PayPal can ask users to confirm their identity for fraud protection and due to regulatory obligations. When users are asked to verify their identity, they are blocked from accessing their account and instructed to call or email PayPal to complete the process.
To Jonathan LeBlanc, global head of developer advocacy at PayPal, the problem is simple: "Passwords are not secure, they need to be replaced."
That's the basic premise of a presentation he's giving at tech gatherings around the world called "Kill All Passwords." "Passwords are so complex it's just a system that doesn't work anymore," said CNET editor Dan Ackerman.
A teenage Australian ‘white hat' hacker who found a flaw in PayPal's authentication system in June has now gone public on the problem because PayPal has still not fixed it.
Single step authentication on Galaxy S5 leaves PayPal accounts open to abuse say German researchers.
PayPal was left fighting a rear-guard action last night after it emerged the fingerprint scanner seen on the Samsung Galaxy 5 smartphone can easily be bypassed.
Germany's Security Research Labs says the spoofing system allows access to a user's PayPal account, which is an important issue since a key feature of the scanner is one-step access to the PayPal money payment system - effectively replacing the user's ID and password with a fingerprint swipe.
Thirteen people recently pled guilty to charges related to their involvement in DDoS attacks against PayPal in December 2010. The attacks were launched in response to PayPal's refusal to accept donations for WikiLeaks (h/t The Register).
The 13 are Christopher Wayne Cooper, Joshua John Covelli, Keith Wilson Downey, Mercedes Renee Haefer, Donald Husband, Vincent Charles Kershaw, Ethan Miles, James C. Murphy, Drew Alan Phillips, Jeffrey Puglisi, Daniel Sullivan, Tracy Ann Valenzuela and Christopher Quang Vo.