-disclosure@lists.grok.org.uk
Cc: eitanca...@yahoo.com
Subject: Re: [Full-disclosure] PayPal donation form reveals beneficiary's email
address
Hi Eitan,
Eitan Caspi eitanca...@yahoo.com wrote:
3. At the donation request page you landed at click the donation
button ...
[...]
4. Read the beneficiary's
the language and make it clearer.
So the mentioned above security option is for making a more secure button code
for the beneficiary's web site, but still PayPal did not answer about the issue
of their own form exposing the beneficiary's email address at their own web
site.
Credit:
Eitan Caspi
Israel
a non-trusted Web site).
Why make a feature and then ask users not to trust it?
I'm confused.
Credit:
Eitan Caspi
Israel
Email: [EMAIL PROTECTED]
Past security advisories:
1.
http://www.microsoft.com/technet/security/bulletin/MS02-003.mspx
http://support.microsoft.com/kb/315085/en-us
http