•
•
•
•
What is DaniWeb IT Discussion Community?
You're currently browsing the IT Water Cooler category of DaniWeb, a massive community of 397,587 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 3,024 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Please support our IT Water Cooler advertiser: Affiliate Marketing
Jul 29th, 2005, 10:44 am
I read an article about a fellow who is having a problem with his PayPal account. While trying (unsuccessfully) to get it resolved, he found himself on the PayPal web site reading through their privacy policy and came across a rather disturbing policy clause. It seems PayPal has decided that, under certain circumstances you may be asked for your credit card, debit card or bank account number, but they will prove to you that the request would be legitimate by showing you the last two numbers, thereby proving they they know the entire number already.
But how hard would it be to phish you with that? I mean, there are only 100 possible combinations. Any semi-serious malefactor could simply send out 100,000 messages to users requesting verification of such numbers, saying basically that "we know the last two numbers are 25". Based on this policy, 1000 users could potentially presume this to be legitimate and give up their numbers. I don't think I could appreciate PayPal, or any entity that's dealing with my money, having such a weak spot like this.
I hope the Powers-that-be at PayPal come across this guy's story and does something about it before someone is burned.
But how hard would it be to phish you with that? I mean, there are only 100 possible combinations. Any semi-serious malefactor could simply send out 100,000 messages to users requesting verification of such numbers, saying basically that "we know the last two numbers are 25". Based on this policy, 1000 users could potentially presume this to be legitimate and give up their numbers. I don't think I could appreciate PayPal, or any entity that's dealing with my money, having such a weak spot like this.
I hope the Powers-that-be at PayPal come across this guy's story and does something about it before someone is burned.
This blog entry was written by Toulinwoek. It has received 762 views, 0 comments, and 0 linkbacks.
•
•
•
•
advertising apple botnet browser business copyright crime data development email facebook firefox forensic games gaming google hacking hardware help ibm internet iphone ipod it law legal linux malware microsoft mobile mozilla news privacy research search security social networking software spam survey technology trojan uk video virus vista web windows yahoo youtube
All Recent Tags Post Comment
•
•
•
•
Only community members can start a blog or comment on blog entries. You must register or log in to contribute.
•
•
•
•
•
•
•
•
DaniWeb IT Water Cooler Marketplace
Related Blog Entries
- The silliest of problems (3 Hours Ago)
- Dell a Downer Going Into Holiday Weekend (3 Hours Ago)
- Elgg Offers Educators Safe Open Source Social Networking Platform (9 Hours Ago)
- A New State Government IT Powerhouse: Alabama? (1 Day Ago)
- Patience a Big Help in Troubled Markets; HP in Big Deal (2 Days Ago)
- GDP Number Saves Market; Cyberonics Stock in Free Fall? (1 Day Ago)
- UK Hacker Faces 60 years in US Prisons. (1 Day Ago)
- Why Fly When You Can Video Conference? (2 Days Ago)
- BlackBerry Bold is the Next iPhone Killer. Or Not. (1 Day Ago)
- Three Tips For IT Job Seekers (3 Days Ago)
Related Forum Threads
- PayPal? - vs. other online escrow services (eCommerce)
- PayPal password issue (Web Browsers)
