Submission + - Paypal XSS vulnerabilty Disclosed
micheas writes: "Netcraft is reporting that Harry Sintonen ,a Finnish Security researcher, has uncovered an XSS Vulnerability in Paypal.
While the article is a little light on news. They do have a screen shot with the following advice:
While SSL certificates do indeed provide a higher level of assurance when it comes to site ownership, they cannot guarantee that a site is free from other security problems — including cross-site scripting. There are concerns that hackers may exploit misunderstandings in the significance of the green address bar for their own benefit, piggybacking off the trust that is instilled by EV certificates. Users need to be aware that a green address bar does not guarantee the origin of a page's contents if there is a cross-site scripting vulnerability on that page.
Maybe the green and yellow bars should be replaced with the old locks with either green or yellow background on the locks?"
While the article is a little light on news. They do have a screen shot with the following advice:
While SSL certificates do indeed provide a higher level of assurance when it comes to site ownership, they cannot guarantee that a site is free from other security problems — including cross-site scripting. There are concerns that hackers may exploit misunderstandings in the significance of the green address bar for their own benefit, piggybacking off the trust that is instilled by EV certificates. Users need to be aware that a green address bar does not guarantee the origin of a page's contents if there is a cross-site scripting vulnerability on that page.
Maybe the green and yellow bars should be replaced with the old locks with either green or yellow background on the locks?"
