PayPal SSL Certificate Hole on IE, Chrome and Safari

Paypal users are being advised to switch browsers if they are using either Internet Explorer, Chrome, or Safari. They should use Mozilla’s Firefox instead to protect themselves from an SSL Certificate vulnerability.

Hacker on Monday published a counterfeit secure sockets layer certificate that exploits a gaping hole in a Microsoft library used by all three of those browsers. The bug was reported nine weeks ago but Microsoft has not fixed the problem yet. The hole exists in CryptoAPI. The article at The Register notes that a tool called SSLSniff can cause all of the three browsers to display spoofed pages.

“We’re working to see if there are any technical workarounds on the PayPal side which can be put into place,” said a Paypal spokeswoman.

Fortunately, Mozilla developers patched the hole a few days after Marlinspike’s demo. That means if you’re on Windows, the only way to protect yourself against this critical vulnerability is to use Firefox versions 3.5. At least until Microsoft fixes the CryptoAPI, whenever that may be.

Via: the register

Related Posts
  • Sony Vaio P Review
    The Vaio P is Sony effort to enter the ultra light world. The brand has been much emphasis on the machine and should not be compared to a normal netbook that used cheaper components and sinple constru...
  • iPhone 3.0 Last Week Rumor
    Throughout the last week, have followed a tidal wave of rumor that is a classic in the pre-keynote of every Apple event for some years. In particular, we collected all the rumors are more reliable, th...
  • BlackBerry Tours Complete Features
    BlackBerry lovers will be happy to hear that Blackberry Tour 9630 (previously known as BlackBerry Niagara) will go on market since July 12. This new smartphone allowing users to stay connected anywher...
  • HTC HD 2 Review
    HTC HD2 Review. For those who wanted Widows mobile phone with gigantic screen to surf the web, watch videos and pictures, HTC HD 2 could be your perfect phone. Here are HTC HD 2 review. This phone ...
  • BlackBerry Curve 8900 Review
    Blackberry Storm features the world's first virtual keyboard of the mark, here is the 8900 Curve, a model derived from the Bold, released last year. The main idea is to offer the greatest device to...

October 7, 2009 · Posted in Internet 

Tags: , ,

Comments

Leave a Reply