{Computer Science}

Sections

Personal tools

You are here: Home → Subsections → Network Security → News → PayPal Null-Prefix SSL Certificate

Navigation

« November 2009 »

Log in: Login Name

Password

Cookies are not enabled. You must enable cookies before you can log in.; Forgot your password?; New user?

PayPal Null-Prefix SSL Certificate

PayPal no longer secure from IE, Chrome, Safari on Windows.

"""

If you use the Internet Explorer, Google Chrome or Apple Safari browsers to conduct PayPal transactions, now would be a good time to switch over to the decidedly more secure Firefox alternative.

That's because a hacker on Monday published a counterfeit secure sockets layer certificate that exploits a gaping hole in a Microsoft library used by all three of those browsers. Although the certificate is fraudulent, it appears to all three to be a completely legitimate credential vouching for the online payment service. The bug was disclosed more than nine weeks ago, but Microsoft has yet to fix it.

"""

- http://www.theregister.co.uk/2009/10/05/fraudulent_paypay_certificate_published/

Slashdot article on the news item: http://it.slashdot.org/story/09/10/06/2118211/Null-Prefix-SSL-Certificate-For-PayPal-Released?art_pos=2

Document Actions

NetSec News: New AES Attack Nov 20, 2009; Null-prefix SSL flaw Nov 20, 2009; SSLSniff 0.6 Includes Null-Prefix Attack Nov 20, 2009; XML flaw threatens apps built with Sun, Apache, Python libraries Nov 20, 2009; EDUCASE to implement DNSSEC and sign .edu TLD Nov 18, 2009; More…

Main News: EWU systems down for upgrade Nov 06, 2009; Server Maintenance Oct 08, 2009; CS Welcome Back BBQ - Fall 2009 Sep 29, 2009; More…

News: New AES Attack Nov 20, 2009; New AES Attack Nov 20, 2009; Null-prefix SSL flaw Nov 20, 2009; SSLSniff 0.6 Includes Null-Prefix Attack Nov 20, 2009; XML flaw threatens apps built with Sun, Apache, Python libraries Nov 20, 2009; Pygame 1.9.1 Released Nov 19, 2009; More news…