PayPal has closed a potentially serious security hole on its site, which cyber criminals could have used to steal passwords belonging to users of the online payment service.
Associates at the Heise Security website informed PayPal of the cross site scripting (XSS) vulnerability after it was spotted by one of their readers.
According to Heise, the problem affected SSL-encrypted pages at https://www.paypal.com, where customers log in to make payments.
The search function was not filtering user input correctly, which meant malicious code could be injected into PayPal pages via a crafted URL, hijacking the login pages to harvest usernames and passwords.
Sometimes, the power of the mainframe is the most cost effective answer. Computing's Peter Gothard puts Computing's readers' questions on the future of the mainframe to IBM's Z13 expert Steven Dickens.
This Dummies white paper will help you better understand business process management (BPM)