The Latest in IT Security

PayPal patches potential payment-stealing vulnerability

31
Aug
2015

paypal

First, a quick review of Cross Site Scripting.

Imagine that I want to get your website to serve up malicious content for me.

Say, perhaps, that I want to alter your “Pay Now” page so that the customer sees a credit card payment form that comes from you, looks legitimate, seems secure…

…but sends the form data back to me instead.

One way is to hack right into your web server and modify your content delivery system.

Another way – a method that is generally much easier to pull off once you know how to do it – is to trick your website into “echoing back” data that I supplied remotely, but setting that data to be the malicious content I want to display.

Read More

Leave a reply


Categories

SUNDAY, FEBRUARY 28, 2021
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments