Bře 31

Recent PayPal Exploit Shows Benefits of Decentralized Payment Solutions

Source: bitcoin

Bitcoinist_Malicious Code

Online payments are becoming more and more important every day, but that doesn’t mean the platforms we use are stepping up their security game. PayPal, one of the largest online payment processors in the world, recently fell victim to a bug in their account system, allowing users to send malicious code through confirmation emails. Luckily, the person discovering this issue has reported the exploit to PayPal through their bug bounty program, rather than using it for malicious intent.

Also read: Cashila Announces Convenient Buy and Sell Feature For Ethereum

Sending Malicious Code With PayPal Confirmation Emails

Larger online payment processing platforms have a bigger chance of becoming vulnerable to some form of exploit sooner or later. Luckily for PayPal, German security researcher Benjamin Kunz Mejri discovered a flaw which he reported to the company immediately. If someone else had made this discovery, the company would have been off far worse.

The way this exploit works is by sending emails with malicious code through an existing PayPal account. Sending an email to a different PayPal user requires users to fill in a name – usually first and last name – but it turned out that entry field could be filled with random code, including malicious scripts.

Doing so was not as straightforward as it sounds, though, as Mejri had to bypass a security filter, which can be seen in the video below this article. Once that step was completed, he used the Paypal feature to share an account with other users by adding multiple email addresses. This feature can be compared to a multisignature Bitcoin wallet, albeit with entirely different security precautions.

All of the email addresses on the list to share this particular PayPal account with would receive a confirmation email to accept this invitation. Once a user opens this email, the malicious code is executed in the background, originating from PayPal’s servers. As most people have guessed by now, this method makes it rather easy to execute phishing attacks against other users, while ensuring the email sender is PayPal, rather than spoofing the header.

Other exploits included session hijacking, and even redirecting the user to different web pages or websites. Luckily for all PayPal users, this exploit has been patched in early March 2016, and Mejri received a US$1,000 bounty for reporting this security flaw. White hat hackers are of incredible value to financial service providers, which is why companies such as PayPal have their bug bounty program.

Bitcoin is An Answer To Centralized Services

Although Paypal is one of the most popular online payment processors in the world, their entire business model is as centralized as it can get. Not only do they take a cut of every transaction – and quite a big one too – but they also hold on to customer funds when both depositing and withdrawing money. Relying on a service with a central point of failure is putting consumer’s funds at risk.

Bitcoin, on the other hand, is entirely decentralized at its core, although there are centralized platforms in this ecosystem as well. Financial control is something very few consumers are accustomed to,  and no longer relying on centralized services requires a major mind shift. However, for those willing to take financial matters into their own hands, Bitcoin is a viable option.

What are your thoughts on this recent PayPal vulnerability? Let us know in the comments below!

Source: Tweakers (Dutch)

Images courtesy of PayPal, Shutterstock

The post Recent PayPal Exploit Shows Benefits of Decentralized Payment Solutions appeared first on Bitcoinist.net.

Recent PayPal Exploit Shows Benefits of Decentralized Payment Solutions

Share
Bře 18

WISeKey Kaspersky Lab Security App Is A Must-have For Mobile Bitcoin Users

Source: bitcoin

Bitcoinist_Mobile Security

With more and more consumers all over the world switching to mobile payment solutions, protecting these portable devices becomes of the utmost importance. Kaspersky Lab and WISeKey have joined forces to launch a new mobile security tool, which will act as an encrypted vault to protect devices from most harm. This powerful WISeKey Kaspersky Lab Security solution should be of significant interest to Bitcoin users as well.

Also read: Blockchain Conferences In San Francisco Highlight New Direction For Technology

WISeKey Kaspersky Lab Security App For Mobile

Mobile financial solutions are slowly becoming the norm all over the globe, yet most consumers fail to take the necessary security precautions to keep all of their information safe. The same principle applies to a large portion of the Bitcoin community, as mobile wallet solutions are becoming more widely available thanks to all of the different companies creating these applications.

WISeKey Kaspersky Lab Security is a valuable – and even must-have – addition for any consumer making payments through a mobile device. The main purpose of this application is to provide optimal mobile security at all times, by combining the best technologies offered by Kaspersky Lab and WISeKey.

By locking personal data – including account usernames and passwords, as well as PIN codes and credit card details – into a secure personal data organizer, WISeKey Kaspersky Lab Security is packing quite the punch. Protecting the user’s data is of the utmost importance while still allowing for accountable identities which can be used to perform online activities, such as accessing services or making payments.

WISeKey CEO Carlos Moreira stated:

“Mobile security threats are on the rise as hackers look for new and better ways to hijack devices, for example for Bitcoin mining, cyber-espionage and to trick users into revealing their personal identity and bank account information. Today’s mobile operating systems offer significant security features, but the temptation presented by the sheer number of mobile phones in use means that criminals, both virtual and real, are not easily put off. The inventiveness that hackers apply to trick users into installing their predatory apps is a tribute to the dark side of human ingenuity.”

Given the increase in mobile threats as of late, it only makes sense for security companies to join forces in an attempt to guarantee user data protection. Especially the new Stagefright exploit on Android can become a major threat to users all over the world as hackers have the option to remotely hijack a device without the owner even realizing what is happening.

The WISeKey Kaspersky Lab Security app is now available in all the main App Stores, including Windows, Mac OS X, iPhone, iPad, Kindle, and Android. The application is entirely free of charge, and will be an excellent addition to mobile banking and Bitcoin users alike, as securing financial data is of the utmost importance.

What are your thoughts on WISeKey Kaspersky Lab Security? Will you be downloading the application? Let us know in the comments below!

Source: BusinessWire

Images courtesy of Shutterstock, Kaspersky

The post WISeKey Kaspersky Lab Security App Is A Must-have For Mobile Bitcoin Users appeared first on Bitcoinist.net.

WISeKey Kaspersky Lab Security App Is A Must-have For Mobile Bitcoin Users

Share