« Ajax Storage: A Look at Flash Cookies and Internet Explorer Persistance | Main | The Worry-Warts Guide to Web Application Security »

Cross Site Scripting Flaw Exploited in Paypal

"The scam works quite convincingly, by tricking users into accessing a URL hosted on the genuine PayPal web site. The URL uses SSL to encrypt information transmitted to and from the site, and a valid 256-bit SSL certificate is presented to confirm that the site does indeed belong to PayPal; however, some of the content on the page has been modified by the fraudsters via a cross-site scripting technique (XSS)."

Article Link: http://news.netcraft.com/archives/2006/06/16/paypal_security_flaw_allows_identity_theft.html

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.


All Comments are Moderated and will be delayed!