PayPal users vulnerable for years
Not a day goes by when the Browser doesn't receive an email purportedly sent by PayPal. They're almost all transparent fakes, sent by hackers trying to trick PayPal users into giving up passwords so that they can seize control of their accounts. The hackers, however, are getting more sophisticated, and lately the fear is that some may have been using a formidable attack called "cross-site scripting."

And Netcraft, a British security-research company, says that PayPal had a security vulnerability to cross-site scripting attacks that went undetected for two years before Netcraft pointed it out and PayPal fixed the problem. Computerworld notes that Chris Marlow, a concerned PayPal user, tried to notify the company of the problem back in 2004, but wasn't able to get through to anyone.

Is PayPal being responsive enough to potential security problems? Leave a comment below.
Posted by Owen Thomas 12:27 AM 8 Comments comment | Add a Comment

Hi,

I get those fishing attacks, supposedly sent by paypal
at least once a week. The sad part is, some one will fallfor it and give up
information that can be exploited.
Posted By Ed, Cleveland. Ohio : 5:03 PM  

Paypal is dangerous in alot of ways. They take money from account holders in the name of security, they inflate their account holder numbers to look good on wall street by counting dead or closed accounts. The deception is huge and that is what they are all about besides fleecing their account holders so the security issue is nothing to them.
Posted By Matthew Charlotte, NC : 11:02 AM  

PayPal is no different from many such companies who depend on technology but fail to listen regarding potential problems. I've been up most of the night covering the posterior of one which failed to address obsolete hardware until it becme critical and has suffered intermittent failures for months.
Posted By Rick, Muscatine, Iowa : 7:18 AM  

Customer service told me "phishing" was like spam. Nothing to be done about it. I am not sure if their brand manager would be happy about this.
Posted By Ro, SF, cA : 1:54 PM  

The security at PAYPAL must be poor. The phishers must be looking at a email list left unsecure by paypal, or they (paypal) have a inside phisher.
Posted By Willy, Hancock County, Maine : 5:09 PM  

PayPal is no differnet than most e-commerce companies in that if you have a problem it just will not go away, even if you call the laywers (speaking from experience).
Posted By SW, Raleigh, NC : 8:36 PM  

i will never use it ever again.......

JUST SAY NO TO 'PAYHELL'
Posted By david cartier los angeles california : 12:03 AM  

No I don't think they are because I too was tricked by a fake e-mail and my identity was stolen. I think PayPal should buckle down and do something about this
Posted By Dustin, West Point, MS : 10:50 AM  

To send a letter to the editor about The Browser, click hereTop of page

Got a news tip? Send it to The Browser


Market indexes are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer LIBOR Warning: Neither BBA Enterprises Limited, nor the BBA LIBOR Contributor Banks, nor Reuters, can be held liable for any irregularity or inaccuracy of BBA LIBOR. Disclaimer. Morningstar: © 2014 Morningstar, Inc. All Rights Reserved. Disclaimer The Dow Jones IndexesSM are proprietary to and distributed by Dow Jones & Company, Inc. and have been licensed for use. All content of the Dow Jones IndexesSM © 2014 is proprietary to Dow Jones & Company, Inc. Chicago Mercantile Association. The market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. FactSet Research Systems Inc. 2014. All rights reserved. Most stock quote data provided by BATS.
Market indexes are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer LIBOR Warning: Neither BBA Enterprises Limited, nor the BBA LIBOR Contributor Banks, nor Reuters, can be held liable for any irregularity or inaccuracy of BBA LIBOR. Disclaimer. Morningstar: © 2014 Morningstar, Inc. All Rights Reserved. Disclaimer The Dow Jones IndexesSM are proprietary to and distributed by Dow Jones & Company, Inc. and have been licensed for use. All content of the Dow Jones IndexesSM © 2014 is proprietary to Dow Jones & Company, Inc. Chicago Mercantile Association. The market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. FactSet Research Systems Inc. 2014. All rights reserved. Most stock quote data provided by BATS.