All PayPal Accounts Were One Click Away from Hijacking

Michael Trotter-Lawson
Dec 5, 2014
1 min read

This is both absolutely disturbing and quite encouraging at the same time. This type of session riding flaw is scary and one wonders why it was not caught earlier. That said, it is great to see organizations like PayPal reaching out to the community and using bounty programs to discover bugs and solve security problems. We (the IT Security Community) are all in this together.

https://nakedsecurity.sophos.com/2014/12/05/all-paypal-accounts-were-1-click-away-from-hijacking

#BugBounty #Flaw #PayPal

Recent Posts

See All

Being Sued for Not Caring – The implications of failing to secure your data

I recently spoke about the FTC’s lawsuit against Chegg, a major education tech firm, in one of the weekly tech tips interviews I provide...

Cisco Network Compromise – No one is immune to the human factor

Multiple sources have reported the breach of Cisco’s own network, purportedly via a Cisco employee’s personal Google account. According...

Rethinking Software in the Organizational Hierarchy

I very much enjoyed this article from Pieter Danhieux via Dark Reading and this creative approach to the management of applications and...