AkaKaryuu - Slashdot User

Trivial Bypass of PayPal Two-Factor Authentication On Mobile Devices 47

Posted by Unknown Lamer on Wednesday June 25, 2014 @12:41PM from the just-turn-it-off dept.

chicksdaddy (814965) writes "According to DUO, PayPal's mobile app doesn't yet support Security Key and displays an error message to users with the feature enabled when they try to log in to their PayPal account from a mobile device, terminating their session automatically. However, researchers at DUO noticed that the PayPal iOS application would briefly display a user's account information and transaction history prior to displaying that error message and logging them out. ... The DUO researchers investigated: intercepting and analyzing the Web transaction between the PayPal mobile application and PayPal's back end servers and scrutinizing how sessions for two-factor-enabled accounts versus non-two-factor-enabled accounts were handled. They discovered that the API uses the OAuth technology for user authentication and authorization, but that PayPal only enforces the two-factor requirement on the client — not on the server." The attack worked simply by intercepting a server response and toggling a flag (2fa_enabled) from true to false. After being alerted, PayPal added a workaround to limit the scope of the hole. Update: 06/26 00:42 GMT by T : (Get the story straight from the source: Here's the original report from DUO.)

Biological Computer Created at Stanford 89

Posted by samzenpus on Friday March 29, 2013 @12:31PM from the meat-machine dept.

sciencehabit writes "For the first time, synthetic biologists have created a genetic device that mimics one of the widgets on which all of modern electronics is based, the three-terminal transistor. Like standard electronic transistors, the new biological transistor is expected to work in many different biological circuit designs. This should make it easier for scientists to program cells to do everything from monitor pollutants and the progression of disease to turning on the output of medicines and biofuels."

Comment Re:I thought EA were not scumbags? (Score 1) 569

by AkaKaryuu on Wednesday March 06, 2013 @12:29PM (#43093701) Attached to: SimCity 5: How Not To Design a Single Player Game

It isn't that they arn't scumbags, its just that we shouldn't be calling them scumbags. Because, you know, feelings.

Comment Easy to detect (Score 1) 608

by AkaKaryuu on Wednesday November 21, 2012 @11:46AM (#42055707) Attached to: With Pot Legal, Scientists Study Detection of Impaired Drivers

The high drivers are the ones going the speed limit.

Large Bitcoin Ponzi Scheme Collapses With a Loss of $5.6 Million 327

Posted by Soulskill on Wednesday August 29, 2012 @05:11AM from the jig-is-up dept.

New submitter beltsbear writes "Despite the many people calling it out as a Ponzi scheme from the beginning, Pirateat40 was able to collect millions of dollars worth of Bitcoins from thousands of Bitcoin users. At almost every stage Pirateat40 copied the path of the EVE Online Ponzi scheme except on a much larger scale with a far more liquid take. Now, it has shut down, and investors are wondering where their digital currency went. Quoting: 'He claimed that BS&T was sitting on 500,000 BTC on the day of the shutdown, worth more than $5.6 million USD at today's price of $11.38. "Once my process is released you'll understand more of how coins move around," he told members of the Bitcoin community last week. Pirateat40 initially promised to refund his investors' Bitcoin deposits plus interest within a week, effectively admitting that he did not have the Bitcoins on hand. The fund normally paid out on Mondays, but last Monday and today have passed so far without refunds. BS&T investors are complaining loudly and so-called "pass-through" funds that invested with BS&T are shutting down. As of this writing, BS&T says there is "no ETA on payments."'"

Comment Movies (Score 5, Funny) 277

by AkaKaryuu on Friday June 22, 2012 @12:14PM (#40412747) Attached to: 'Nuclear Free' Maryland City Grants Waiver For HP

Movies, not reason, dictates their city policy.

Comment Supply and Demand (Score 1) 629

by AkaKaryuu on Wednesday June 13, 2012 @03:23PM (#40313031) Attached to: Ask Slashdot: Why Are Hearing Aids So Expensive?

The hearing aide companies sell less because of the target number of customers. Plus of those customers, some will either deny or refuse treatment, cutting down on actual "demand" value, raising the cost. Every 13 year old has a smart phone it seems, so they can be sold for less to more people.

Comment Dancing? (Score 5, Interesting) 349

by AkaKaryuu on Friday June 01, 2012 @01:05PM (#40181767) Attached to: Canadian Copyright Board To Charge For Music At Weddings, Parades

I would like to know if they will have representatives to ensure dancing does not occur. What if the event planner specifially states dancing is forbidden and the intoxicated guests ignore their plea? Is there a charge to sing along, tap your foot or air guitar that sick solo?

Comment Oh Goodie (Score 1) 430

by AkaKaryuu on Tuesday May 15, 2012 @02:32PM (#40008135) Attached to: Mac Clone Maker Saga Ends As SCOTUS Denies Appeal

I'm glad to see that this made both the news feed and the ad bars.

Comment Looks to me... (Score 1) 451

by AkaKaryuu on Friday December 30, 2011 @09:46AM (#38537542) Attached to: Occupy Protesters Are Building a Facebook for the 99%

like SOPAs first target.

Comment Re:Good move (Score 1) 449

by AkaKaryuu on Wednesday December 21, 2011 @12:31PM (#38449804) Attached to: Coders Develop Ways To Defeat SOPA Censorship

That's basically how the first one started.

Comment Re:Cool! (Score 1) 381

by AkaKaryuu on Thursday November 17, 2011 @11:30AM (#38085994) Attached to: Boeing Delivers Massive Ordnance Penetrator

The targets mentioned for this weapon are underground nuclear bases.

Comment Re:$30 mil per movie title! (Score 1) 199

by AkaKaryuu on Monday September 26, 2011 @10:11AM (#37515104) Attached to: Netflix Signs Exclusive Deal With Dreamworks

Taking this a step further, it will cost a total of 2.16 BILLION (30 Mil * 72) dollars for all 72 Dreamworks Films http://en.wikipedia.org/wiki/DreamWorks . Dividing that total cost by the 25 million subscribers arrives at a net cost of $86.40 per subcriber. This year they will only make 9.60 per subscriber, not including operating expenses.

Comment Re:And that, kids, is what economists call... (Score 1) 149

by AkaKaryuu on Friday September 09, 2011 @11:26AM (#37351862) Attached to: App Enables Surfing Over SMS/MMS Through T-Mobile

I see a TOS update in the near future, rather than a restructring of their nonsense pricing.

Comment Really? (Score 1) 46

by AkaKaryuu on Tuesday September 06, 2011 @03:18PM (#37319280) Attached to: Kinect Based Whole Building Breakout

"The player's position is being detected by a Kinect, is there no end to the fun you can have with this gadget." There is a definate limit when playing on an XBox.

Slashdot Top Deals