Hacking PayPal Account with a single exploit

Discussion in 'other security issues & news' started by Dermot7, Dec 3, 2014.

  1. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    An Egyptian hacker demonstrated that using a single exploit is possible to take control of any PayPal account due to the presence of a series of flaws .
    http://securityaffairs.co/wordpress/30755/hacking/hacking-paypal-account-poc.html
     
  2. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    Perfect example of protecting only from malware is not enough.
    Besides strong account protection (including 2FA & best practice about reminder question), I use Requestpolicy (for Fx), Kissprivacy (for Chrome), and CSFire (for both) to prevent CSRF.
    However I admit those tools are not suitable for most user.
    I think better heuristic against CSRF with vast whitelist & blacklist (basically allow only 'from good site to good site' cookie & http auth request) will be possible and AV vendor should build it.
     
Loading...