Paypal, Incredible Security, Not

[vagabond48]

I was using firefox 14 and had a number tabs open which included my paypal account. For some reason my browser was not responding then I saw that my computer had frozen so I was forced to shutdown using the power button. After rebooting, I started up my browser, selecting "restore previous session". I was surprised to see the paypal site with the same active webpage. I had expected to be logged off. Ok, fair enough, it's one webpage but when I clicked on my profile, it brought to that webpage, the site responded as if I never lost contact, let alone rebooted my laptop. I find that shocking security.

[Chicog]

It will time out eventually, but if you went straight back in it would assume you were just AFK.

Moral of the story: You didn't log out. So in future, make sure you do.

I was in CNX airport and opened the browser at a net cafe and it took me straight in to some Thai bird's Hotmail. She probably crashed or closed the browser without logging out.

Decency prevents me revealing the hilarious conversations she was having with various sponsors; suffice to say it involved sick parents needing operations and being in/out of town at various times.

[vagabond48]

Foolish me, I guess I expected better security from a company dealing with money. I'll have to do similar tests on my financial institutions websites to see if they are as negligent as paypal.

[Chicog]

Trust, when it comes to security, assume they are all idiots.

[David Mault]

Hey everyone. I was just litening to the radio in Sydney Aust. and heard about a USB called "Surfeasy.com" Cost around $70 Looks like you can go to any computer shop anywhere in the world, plug in the USB and no one can read what sites you go into including Banking etc. All your private information is kept on this USB and not in the computer. Sorry I am not comuter literate and hope you understand what I am talking about. Looks great to me. Check it out for yourself.

[Chicog]

You can download a free "safe" linux Live CD and put it on a bootable USB and do the same thing.

[JamieP]

All your private information is kept on this USB and not in the computer. Sorry I am not comuter literate and hope you understand what I am talking about. Looks great to me. Check it out for yourself.

I struggle to see how it would protect against keyloggers and other such malware or viruses on the host machine.......

[Chicog]

All your private information is kept on this USB and not in the computer. Sorry I am not comuter literate and hope you understand what I am talking about. Looks great to me. Check it out for yourself.

I struggle to see how it would protect against keyloggers and other such malware or viruses on the host machine.......

If you boot into a clean environment, the chances are you will be secure. This won't protect you against any malware launched from the BIOS, although they are quite rare, and it won't protect you against those physical key loggers that sit between keyboard and keyboard port.

And it won't protect you against insecure behaviour, like not using HTTPS where it is available.

[ITGabs]

All your private information is kept on this USB and not in the computer. Sorry I am not comuter literate and hope you understand what I am talking about. Looks great to me. Check it out for yourself.

I struggle to see how it would protect against keyloggers and other such malware or viruses on the host machine.......

Foolish me, I guess I expected better security from a company dealing with money. I'll have to do similar tests on my financial institutions websites to see if they are as negligent as paypal.

wherever "crash" in the middle of a transaction it's very dangerous, when a crash it happens you must check the status of the transaction after the crash.

The technical reason of the threat could be a Buffer Overflow -> http://en.wikipedia....Buffer_overflow

In computer security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory. This is a special case of violation of memory safety.

Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program operates. This may result in erratic program behavior, including memory access errors, incorrect results, a crash, or a breach of system security. Thus, they are the basis of many software vulnerabilities and can be maliciously exploited.

The good thing it's about the security in the "companies dealing with money" 99% is behind the browser, tracking everything and blocking by default strange behaviors

[JustinCredible]

It might be of interest to some members to learn that PayPal have just stopped allowing Personal Payments and Donations being sent to Thailand !!

I have been receiving these for numerous months now (all above board) but they were stopped overnight.

We can still receive payments and funds but they are all now subject to the ridiculous PayPal Fees!!

I have contacted PayPal asking why they done this but have not yet received a reply.