PayPal users vulnerable for years
Not a day goes by when the Browser doesn't receive an email purportedly sent by PayPal. They're almost all transparent fakes, sent by hackers trying to trick PayPal users into giving up passwords so that they can seize control of their accounts. The hackers, however, are getting more sophisticated, and lately the fear is that some may have been using a formidable attack called "cross-site scripting."

And Netcraft, a British security-research company, says that PayPal had a security vulnerability to cross-site scripting attacks that went undetected for two years before Netcraft pointed it out and PayPal fixed the problem. Computerworld notes that Chris Marlow, a concerned PayPal user, tried to notify the company of the problem back in 2004, but wasn't able to get through to anyone.

Is PayPal being responsive enough to potential security problems? Leave a comment below.
Posted by Owen Thomas 12:27 AM 8 Comments comment | Add a Comment

Hi,

I get those fishing attacks, supposedly sent by paypal
at least once a week. The sad part is, some one will fallfor it and give up
information that can be exploited.
Posted By Ed, Cleveland. Ohio : 5:03 PM  

Paypal is dangerous in alot of ways. They take money from account holders in the name of security, they inflate their account holder numbers to look good on wall street by counting dead or closed accounts. The deception is huge and that is what they are all about besides fleecing their account holders so the security issue is nothing to them.
Posted By Matthew Charlotte, NC : 11:02 AM  

PayPal is no different from many such companies who depend on technology but fail to listen regarding potential problems. I've been up most of the night covering the posterior of one which failed to address obsolete hardware until it becme critical and has suffered intermittent failures for months.
Posted By Rick, Muscatine, Iowa : 7:18 AM  

Customer service told me "phishing" was like spam. Nothing to be done about it. I am not sure if their brand manager would be happy about this.
Posted By Ro, SF, cA : 1:54 PM  

The security at PAYPAL must be poor. The phishers must be looking at a email list left unsecure by paypal, or they (paypal) have a inside phisher.
Posted By Willy, Hancock County, Maine : 5:09 PM  

PayPal is no differnet than most e-commerce companies in that if you have a problem it just will not go away, even if you call the laywers (speaking from experience).
Posted By SW, Raleigh, NC : 8:36 PM  

i will never use it ever again.......

JUST SAY NO TO 'PAYHELL'
Posted By david cartier los angeles california : 12:03 AM  

No I don't think they are because I too was tricked by a fake e-mail and my identity was stolen. I think PayPal should buckle down and do something about this
Posted By Dustin, West Point, MS : 10:50 AM  

To send a letter to the editor about The Browser, click hereTop of page

Got a news tip? Send it to The Browser


Most stock quote data provided by BATS. Market indices are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer.

Morningstar: © 2014 Morningstar, Inc. All Rights Reserved.

Factset: FactSet Research Systems Inc. 2014. All rights reserved.

Chicago Mercantile Association: Certain market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved.

Dow Jones: The Dow Jones branded indices are proprietary to and are calculated, distributed and marketed by DJI Opco, a subsidiary of S&P Dow Jones Indices LLC and have been licensed for use to S&P Opco, LLC and CNN. Standard & Poor's and S&P are registered trademarks of Standard & Poor’s Financial Services LLC and Dow Jones is a registered trademark of Dow Jones Trademark Holdings LLC. All content of the Dow Jones branded indices © S&P Dow Jones Indices LLC 2014 and/or its affiliates.

Most stock quote data provided by BATS. Market indices are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer.

Morningstar: © 2014 Morningstar, Inc. All Rights Reserved.

Factset: FactSet Research Systems Inc. 2014. All rights reserved.

Chicago Mercantile Association: Certain market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved.

Dow Jones: The Dow Jones branded indices are proprietary to and are calculated, distributed and marketed by DJI Opco, a subsidiary of S&P Dow Jones Indices LLC and have been licensed for use to S&P Opco, LLC and CNN. Standard & Poor's and S&P are registered trademarks of Standard & Poor’s Financial Services LLC and Dow Jones is a registered trademark of Dow Jones Trademark Holdings LLC. All content of the Dow Jones branded indices © S&P Dow Jones Indices LLC 2014 and/or its affiliates.