PayPal fixes fatal flaw

@ 2006/06/19
The scam involved tricking users into accessing a URL hosted on the real PayPal web site. This URL used SSL to encrypt information transmitted to and from the site, and a valid 256-bit SSL certificate was presented to confirm that the site does indeed belong to PayPal. But the content on the page was been modified by the fraudsters via a cross-site scripting technique (XSS).

No comments available.