| :: |
| Author |
Message |
elgato
Joined: 24 Feb 2005
Posts: 16923
Location: Texas
|
| Posted: Thu Oct 08, 2009 4:59 pm Post subject: Man banished from PayPal for showing how to hack PayPal |
|
|
PayPal suspended the account of a white-hat hacker on Tuesday, a day after someone used his research into website authentication to publish a counterfeit certificate for the online payment processor.
"Under the Acceptable Use Policy, PayPal may not be used to send or receive payments for items that show the personal information of third parties in violation of applicable law," company representatives wrote in an email sent to the hacker, Moxie Marlinspike. "Please understand that this is a security measure meant to help protect you and your account.
We apologize for any inconvenience"
The email, sent from an unmonitored PayPal address, makes no mention of the item that violates the PayPal policy. The suspension effectively freezes more than $500 in the account until Marlinspike submits a signed affidavit swearing he has removed the PayPal logos from his site.
Since 2002, Marlinspike has included a yellow donate button on the download page for a hacking tool he calls SSLSniff, and more recently he released a program called SSLStrip, which also includes the button. But it was only after someone published counterfeit SSL certificate on Monday that PayPal took action against the account.
more.. link to news article |
|
| Back to top |
|
missprintsvintage
Joined: 18 Aug 2006
Posts: 904
|
| Posted: Thu Oct 08, 2009 6:46 pm Post subject: |
|
|
Since he potentially affected my account, may
Marlinspike rot in the location of your choice.
Aside: anyone who harpoons, shoots, or otherwise hooks a magnificent Marlin, Sailfish, or Swordfish(or eats any of those, much less hiring a taxidermist to stuff one *shudder* for your office wall) should go straight to [this space intentionally left blank] . Karma is Karma. |
|
| Back to top |
|
purple_reading_giraffe
Joined: 04 Feb 2008
Posts: 5485
Location: Indiana, USA
|
| Posted: Thu Oct 08, 2009 7:22 pm Post subject: |
|
|
The Register reported in Dec 2008 that security researchers had presented ways that SSL certificates could be counterfeited, and in Feb of 2009 that Marlinspike had shown how SSL could be stripped from secure pages while ones browser still shows it to be secure while one is on Wi-Fi and in similar situations where ones communications can be intercepted and passed on. Instead of PayPal blaming itself for ignoring a security risk, they suspended the account of a White Hat security expert who alerted them to a problem in the first place. Typical corporate thinking, IMO.
http://www.theregister.co.uk/2008/12/30/ssl_spoofing/
http://www.theregister.co.uk/2009/02/19/ssl_busting_demo/ |
|
| Back to top |
|
missprintsvintage
Joined: 18 Aug 2006
Posts: 904
|
| Posted: Thu Oct 08, 2009 7:24 pm Post subject: |
|
|
Purple: I've seen the phrase ''white hat'' before but recall no definition.
Explain, please.
And Thanks! |
|
| Back to top |
|
Dep-T-Dawg
Joined: 12 Feb 2005
Posts: 6273
|
| Posted: Thu Oct 08, 2009 7:30 pm Post subject: |
|
|
"Since he potentially affected my account, may
Marlinspike rot in the location of your choice".
Missprintsvintage, I totally agree~! :) |
|
| Back to top |
|
purple_reading_giraffe
Joined: 04 Feb 2008
Posts: 5485
Location: Indiana, USA
|
| Posted: Thu Oct 08, 2009 7:33 pm Post subject: |
|
|
White Hats are clever software experts who use their skills for Good. Black Hats are those who use their skills for mischief, mayhem, and malice.
One problem is that many White Hat tools can be used for Black Hat purposes, but the tools are still very useful to those defending against crackers.
Related article from CNET from July 09 with a bit more "what can the average person do" info:
http://news.cnet.com/8301-27080_3-10299459-245.html |
|
| Back to top |
|
missprintsvintage
Joined: 18 Aug 2006
Posts: 904
|
| Posted: Thu Oct 08, 2009 7:42 pm Post subject: |
|
|
I'd shake your hand(vigorously) but I see you are reading a book(a favored luxury).
Thanks ever so,
MPV |
|
| Back to top |
|
PatchDog
Joined: 28 Feb 2007
Posts: 3726
|
| Posted: Thu Oct 08, 2009 7:45 pm Post subject: |
|
|
missprintsvintage wrote (View Post): › docWrite("quote")
Aside: anyone who harpoons, shoots, or otherwise hooks a magnificent Marlin, Sailfish, or Swordfish(or eats any of those, much less hiring a taxidermist to stuff one *shudder* for your office wall) should go straight to [this space intentionally left blank] . Karma is Karma.
A "marlinspike" is a tool used by sailors to tie the most intricate of knots by knotting and splicing line. Marlinspike Seamanship is achieved by masters of this art (and it is an art form). This has nothing to do with harming fish. |
|
| Back to top |
|
missprintsvintage
Joined: 18 Aug 2006
Posts: 904
|
| Posted: Thu Oct 08, 2009 8:03 pm Post subject: |
|
|
I stand corrected
and
type sitting down.
Thanks! Patch.
In that event, he got tied up in his own knots.
Bum. |
|
| Back to top |
|
| |
