Web Application Security
Worst news story I have ever read May 15 2014 06:33PM
Mark Litchfield (mark securatary com)
Worst article I have ever read, would expect a lot better from SC
Magazine. At least understand what you are writing about !!

http://www.scmagazineuk.com/make-money-from-paypal--but-not-legally/arti
cle/347142/

"Mark Litchfield, a researcher with Securatary, meanwhile, says he has
spotted a similar scam which appears to offers access to PayPal's
PayFlow gateway" - When he uses the word scam, he is suggesting my
attack is Phishing !!

"This time around, however, the scam appears more complex, as the
PayFlow gateway requires users to have Partner ID and Vendor ID in order
to request a new password - a process that normally requires access to
the user's register email address. - Where exactly did I mention I need
an email address. Never. Thats the friggin point of the attack, I DO NOT
NEED an email address as I am bypassing this part of the process

"Commenting on the attack methodologies and strategies used, Sam Temple,
a director with CREST member Jumpsec, said they appear to be typical
types of attacks that PayPal have to deal with, such as playing on
people's greed - just like the old days of `the General' with a few
million dollars to split with you.

?The website does look well targeted to the young - and the comments add
nicely to the hook,? he said, adding that anyone installing and running
an executable from somewhere like this would have to be mad,? and that
this would probably not stop kids from doing it" - Hey Sam, maybe you
should peoples work before you go commenting. My attack is NOT phishing,
I am attacking a server, not a client !!

"Nigel Stanley, CEO of information security consultancy Incoming
Thought, said that PayPal users need to ensure that they do not give
their credentials to a third party, whether that is a human or an
automated piece of software." Again Nigel, read my advisory. I am not
asking for credentials.

Steve, If your gonna write about stuff, ensure you know what you are
doing like most other security journalists. I am mortified that you
would attempt to reduce my hack to a phishing attack !!

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus