Oh my!

May be just a simple embarrassment to paypal, but it's a ri$k for you

While not too many people seem to be noticing, the fact is that @PayPalUK has been hacked yet again! You may notice their page is suspended. (again)

That makes for twice in one week! Full-sized screencaptures were made by Docklandsboy, also screencap and blog by blog.bailgate.it confirming.

You may notice the hacker states that usernames and passwords have been gleaned and will be dumped.

Do you really trust these paypal clowns, who can't even secure a twitter account with your money and info?

I don’t see anything resembling an official response from Paypal. But for anyone paying attention, covering up things like this (and much worse) are one of paypal’s special talents. Don’t expect them to make a peep about it unless this hits major publications.

Close your accounts now!

Update 07.10.2011

I’ve found something resembling an official statement at Huffingtonpost’s 7 top tweets of the week

The Twitter handle for PayPal’s U.K. branch was apparently hacked on Tuesday. For several house, the feed tweeted out links to an anti-PayPal website and featured highly critical statements about PayPal. The company confirmed the hack, and Twitter suspended the account the same day. As of Sunday evening, the feed remains offline.

It would seem that Paypal is going to try to skim over the second hack job.

Not surprising.  The truth to Paypal is much like  sunlight to a vampire.

Just in case you want to see it, here is a screencapture of paypal.uk twitter page on July 6th 2011 at around 5:36 AM Pacific time, USA, which as you can see from the comments, was after the first hack attack, and before the second one. So, NO, again, the account did not ‘remain offline’. It was hacked a second time!

Yet more cross scripting flaws discovered on PayPal site(s)…

From Softpedia, via xssed.com

Two security researchers have independently identified cross-site scripting vulnerabilities in PayPal’s mobile and sandbox websites over the weekend, which could have been exploited in phishing attacks.

The XSS weakness on the registration.sandbox.paypal.com website was discovered by a member of the Romanian Security Team (RST) outfit, who goes by the online nickname of Nemessis.

article continues…

One vulnerability is confirmed fixed.

Please take note who is researching and reporting, Romanian bashers…

This reminds me of another incident which happened a while back. Also, If you haven’t been paying attention, it’s been reported that several smartphones are vulnerable to MITM attacks

Romanian Detained Over eBay Cyber Fraud

Romanian detained over a $3 million cyber fraud against eBay Inc.

Very interesting article from abc news:

Romanian authorities have detained a man suspected of committing cyber fraud worth $3 million against the company eBay Inc.

Organized crime prosecutors say Liviu Mihail Concioiu is being investigated for “phishing” attacks against 3,000 of eBay Inc. employees.

They said Thursday that Concioiu allegedly stole the employees’ IDs and passwords in 2009 and accessed company files, including an application with the data base of eBay clients and their transactions. Concioiu then used “phishing” sites to access the accounts of about 1,200 eBay users.

It would appear the ebay database has been hacked, cracked, and zombied AGAIN.

(or is that still?)

Also notice how the term ‘phishing’ is constantly used.  ebaY doesn’t like the “H” word it seems. But “phishing” alone does not get you access to the files and data described. We call that “HACKING

rotflmao! Who could imagine?

It also tells us that ebay employees must not be too savvy if they are falling for whatever tricks are being used to gain the logins etc.

No mention of any response from ebay.

With IT’s long and repeated history of such events, you should ask yourself whether you trust this unsafe outfit with your personal and financial data?

Who could imagine?

The long uncorrected xss flaw rears it’s ugly head again!

Auctionbytes reporting that falle-internet.de has again discovered listings with the malicious coding, this time with a virus twist.

The most important and telling quote of the article:

“They used javascript and java to address a known vulnerability; user’s computers were affected by just viewing the respective listings,”

See that part about “…just viewing the respective listings…” ?

That is one of the main reasons I advocate avoiding ebaY at all costs. Another is that they BLAME the USER for their own failures! Furthermore, they refuse to correct the flaw! Make no mistake, ebaY is a dangerous, untrustworthy, and dishonest website. Of that there is proof beyond the slightest shadow of a doubt!

ebaY is HACKED! Yes! ebaY is still HACKED!!!

Here is the report, with screencapture images, in English at falle-internet

My research indicates this issue has been onging at ebaY for about 10 full years now. Perhaps not under the same name, but indeed cross-scripting has been exploited on ebaY since before it even had that name. Ebay has been aware of the issue for that long also.  Since looooong before the US-CERT warning was posted. Bear in mind there are many variants of this exploit possible to use. It’s been used also for the redirects, and for cookie-stealing etc. The possibilities are only limited by the hacker’s imagination and ebay’s steadfast refusal to secure it’s festered site

I’ll be posting another video demonstrating the +/- 10 year longevity of the xss flaw on ebaY before long at the Cappnonymous channel

Very interesting article by Bruce Schneier in yesterday’s Wall Street Journal.

Reminds me of a so-called “Glitch” which occurred with PayPal not long ago and was rumoured to have been the result of malicious coding by a disgruntled employee facing layoff.

Thwarting an Internal Hacker

Rajendrasinh Makwana was a UNIX contractor for Fannie Mae. On Oct. 24, he was fired. Before he left, he slipped a logic bomb into the organization’s network. The bomb would have “detonated” on Jan. 31. It was programmed to disable access to the server on which it was running, block any network monitoring software, systematically and irretrievably erase everything –and then replicate itself on all 4,000 Fannie Mae servers. Court papers claim the damage would have been in the millions of dollars, a number that seems low. Fannie Mae would have been shut down for at least a week.

Luckily –and it does seem it was pure luck – another programmer discovered the script a week later, and disabled it.

Insiders are a perennial problem. They have access, and they’re known by the system. They know how the system and its security works, and its weak points. They have opportunity. Bank heists, casino thefts, large-scale corporate fraud, train robberies: many of the most impressive criminal attacks involve insiders. And, like Makwana’s attempt at revenge, these insiders can have pretty intense motives – motives that can only intensify as the economy continues to suffer and layoffs increase.

Insiders are especially pernicious attackers because they’re trusted. They have access because they’re supposed to have access. They have opportunity, and an understanding of the system, because they use it – or they designed, built, or installed it. They’re already inside the security system, making them much harder to defend against.

read more