Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Submission Summary: 0 pending, 6 declined, 1 accepted (7 total, 14.29% accepted)

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Security

+ - Paypal XSS vulnerabilty Disclosed

Submitted by
micheas
micheas writes "Netcraft is reporting that Harry Sintonen ,a Finnish Security researcher, has uncovered an XSS Vulnerability in Paypal.

While the article is a little light on news. They do have a screen shot with the following advice:

While SSL certificates do indeed provide a higher level of assurance when it comes to site ownership, they cannot guarantee that a site is free from other security problems — including cross-site scripting. There are concerns that hackers may exploit misunderstandings in the significance of the green address bar for their own benefit, piggybacking off the trust that is instilled by EV certificates. Users need to be aware that a green address bar does not guarantee the origin of a page's contents if there is a cross-site scripting vulnerability on that page.

Maybe the green and yellow bars should be replaced with the old locks with either green or yellow background on the locks?"

"It's ten o'clock... Do you know where your AI programs are?" -- Peter Oakley

Working...