Home > Latest News > Fake PayPal screen dupes IE, Safari, Chrome

Fake PayPal screen dupes IE, Safari, Chrome

paypal_logo

A hacker has created a counterfeit security-certificate that tricks Microsoft Internet Explorer, Apple Safari and Google Chrome into thinking a bogus PayPal payment page is the real thing.

Notably absent from that list is Mozilla Firefox, which apparently isn’t duped by the phony secure sockets layer (SSL) certificate. But a Microsoft security library is – and IE, Safari and Chrome all use the library to identify confirmed Web certificates for services, such as PayPal, that require secure data transfers, reports The Register.

“Even though the certificate is demonstrably forged,” wrote Dan Gooden of The Register, “it can be used with a previously available hacking tool called SSLSniff to cause all three browsers to display a spoofed page with no warnings, even when its address begins with ‘https.'”

The kicker? Microsoft has known about the gaping hole in itsCryptoAPI security library since June, when a hacker exploited it at the Black Hat security conference in Las Vegas. And Microsoft still hasn’t fixed it.

“Microsoft is investigating a vulnerability in SSL in Windows presented during Black Hat,” a Microsoft spokesperson toldseattlepi.com. “Once we’re done investigating, we will take appropriate actions to protect customers.”

Until then, users should beware of any links that claim to take them to a secure PayPal page. People should navigate directly to the PayPal site instead, so they know they’re not being fooled into giving their information, including bank account numbers, to a hacker.

PayPal did not respond to a seattlepi.com request for comment.

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: