Follow Slashdot stories on Twitter


Forgot your password?

Submission Summary: 0 pending, 6 declined, 1 accepted (7 total, 14.29% accepted)

Slashdot Deals: Cyber Monday Sale! Courses ranging from coding to project management - all eLearning deals 25% off with coupon code "CYBERMONDAY25". ×

Submission + - Paypal XSS vulnerabilty Disclosed

micheas writes: "Netcraft is reporting that Harry Sintonen ,a Finnish Security researcher, has uncovered an XSS Vulnerability in Paypal.

While the article is a little light on news. They do have a screen shot with the following advice:

While SSL certificates do indeed provide a higher level of assurance when it comes to site ownership, they cannot guarantee that a site is free from other security problems — including cross-site scripting. There are concerns that hackers may exploit misunderstandings in the significance of the green address bar for their own benefit, piggybacking off the trust that is instilled by EV certificates. Users need to be aware that a green address bar does not guarantee the origin of a page's contents if there is a cross-site scripting vulnerability on that page.

Maybe the green and yellow bars should be replaced with the old locks with either green or yellow background on the locks?"

A fanatic is a person who can't change his mind and won't change the subject. - Winston Churchill