Home page logo
/

webappsec logo WebApp Sec mailing list archives

Worst news story I have ever read
From: Mark Litchfield <mark () securatary com>
Date: Thu, 15 May 2014 11:33:12 -0700

Worst article I have ever read, would expect a lot better from SC Magazine. At least understand what you are writing about !!

http://www.scmagazineuk.com/make-money-from-paypal--but-not-legally/article/347142/

"Mark Litchfield, a researcher with Securatary, meanwhile, says he has spotted a similar scam which appears to offers access to PayPal's PayFlow gateway" - When he uses the word scam, he is suggesting my attack is Phishing !!

"This time around, however, the scam appears more complex, as the PayFlow gateway requires users to have Partner ID and Vendor ID in order to request a new password - a process that normally requires access to the user's register email address. - Where exactly did I mention I need an email address. Never. Thats the friggin point of the attack, I DO NOT NEED an email address as I am bypassing this part of the process

"Commenting on the attack methodologies and strategies used, Sam Temple, a director with CREST member Jumpsec, said they appear to be typical types of attacks that PayPal have to deal with, such as playing on people's greed - just like the old days of `the General' with a few million dollars to split with you.

“The website does look well targeted to the young - and the comments add nicely to the hook,” he said, adding that anyone installing and running an executable from somewhere like this would have to be mad,” and that this would probably not stop kids from doing it" - Hey Sam, maybe you should peoples work before you go commenting. My attack is NOT phishing, I am attacking a server, not a client !!

"Nigel Stanley, CEO of information security consultancy Incoming Thought, said that PayPal users need to ensure that they do not give their credentials to a third party, whether that is a human or an automated piece of software." Again Nigel, read my advisory. I am not asking for credentials.

Steve, If your gonna write about stuff, ensure you know what you are doing like most other security journalists. I am mortified that you would attempt to reduce my hack to a phishing attack !!









This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault