Idiots are the merchants who are relay on PayPal returned "confirmations" to "verify" the transactions and do not do any verification themselves.
I cannot believe that there actually are companies that would program their website to be so voulnerable. All you need to to do verify the authenticity of the transaction is to make sure the confirmation amount that you get from paypal (through SSL) matches whatever you put in your database before the customer leaves to PayPal site. What could possibly be more obvious? Kind regards, Adam ====== http://www.cryptoheaven.com Integrated anonymous, private, encrypted and secure email, secure instant messaging, secure online file storage & file sharing. ===== >From: [EMAIL PROTECTED] >To: "e-gold Discussion" <[EMAIL PROTECTED]> >Subject: [e-gold-list] HAH >Date: Tue, 23 Apr 2002 14:50:38 -0500 > >http://www.fuckedcompany.com/ > >Notice story #2 > >.... idiots. _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com --- You are currently subscribed to e-gold-list as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED] Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.
