http://www.theage.com.au/it-pro/security-it/australian-teen-uncovers-security-flaw-in-paypal-20140815-1044cx.html
By Ben Grubb
Deputy technology editor
The Age - IT Pro
August 15, 2014
An Australian teenager who found a security flaw in an Australian public
transport authority's website has found another serious vulnerability,
this time in the site of global payments provider PayPal.
The flaw, uncovered by 17-year-old Melbourne schoolboy Joshua Rogers,
allowed hackers to bypass the payment provider's two-factor authentication
system, which adds an extra layer of optional security via a one-time code
sent via SMS to the user, or a number generator card.
With access to a victim's PayPal account using the flaw, a hacker could
have purchased items online or withdrawn money sitting in the account.
Joshua told Fairfax Media via email that he published a blog post on
August 4 with a link to a YouTube video demonstrating the issue after the
payment company ignored his initial email about the flaw on June 5.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
