Feeds

back to article PayPal plugs SQL injection hole, tosses $3k to bug-hunter

PayPal has fixed a security bug that could have allowed hackers to compromise the payment website's databases using an SQL injection attack. Researchers at Vulnerability Laboratory earned a $3,000 reward for discovering and reporting the critical bug to PayPal in August. An advisory sent to the Full Disclosure security mailing …

COMMENTS

This topic is closed for new posts.
Silver badge

A much better approach than trying to throw him in jail.

5
0

$3k???

What a paltry shitty sum, especially from a company such as Paypal. $3k for such a flaw.... pathetic.

I wonder if it might work for a company such as Paypal to offer a bounty to people able to hack their systems and provide the winners with real money for doing so.

3
1
Anonymous Coward

Re: $3k???

Agreed.

I'm sure other people will jump in and say that we're lucky they pay us anything but meh, they pay hundreds of thousands to security consulting firms who often come back with practically nothing. So Im sure they could spare more than 3k for a working exploit.

2
0

what do you expect

google 'Ebay Mafia'. 10 million results

or 'paypal mafia' 5 million results.

0
0
Silver badge
Thumb Up

Re: what do you expect

Or Candy Mafia! 4 Thai girls in a pop group!

0
0

It's not fair..

A talented amateur who finds a hole like this would probably receive a one way ticket to gitmo!

2
0

Re: It's not fair..

It's all about shutting down competition and training you that the mega corps run everything. It's about training you that you are not allowed to run your own profitable business. You are not allowed to have your own free thoughts. You are not allowed to challenge the tax dodges of the super rich. Your only option is to serve serve serve them.

Remember, the banking elite have stolen 31 TRILLION in offshore accounts. They could pay off the US national debt and still have more left over than the entire US GDP. But guess who has to pay for THEIR mistakes?

1
2
Silver badge
FAIL

PayPal is ...

a joke and hardly a bank. What bank screws it's customers like PP did Wikileaks?

2
0
Silver badge

Re: PayPal is ...

PP isn't a bank. It's a shame too, they use this fact to prevent proper regulation.

2
0

Re: PayPal is ...

PayPal has all of the downsides of a bank (fees, charges) and none of the upsides (your money is not safe, can be stolen any time, probably by paypal themselves - leaving you no recourse, nobody at paypal will care or even pretend to care, and you can kiss your money goodbye)

4
0

I think pay pal is now in the US. when I first signed up you just gave them you email address and home address. Now they want you SS number

0
0
Thumb Down

Is PayPal a bank in the USA?

Not according to Wikipedia (yes, I know...)

http://en.wikipedia.org/wiki/PayPal

Apparently it is considered a bank here in the Greater Antipodes but I still wouldn't trust them with my hard-earned readies as far as I could throw them. YMMV.

0
0
Anonymous Coward

I wonder if ... ...

I got some [pretty serious eBay rip off] spam at an email address reserved exclusively for PayPal. So I rang them up to say so, and to suggest that they might like to investigate. Call centre in Dublin. Bloke was absolutely adamant that no-one had ever broken into their servers and it was in fact impossible. And no he wasn't going to do anything about my report, because there was no need to, because it was absolutely impossible for anyone to have broken into their servers. Their security is absolutely impregnable.

And then he reminded me to read their Ts & Cs, because they make it essential that they pass on the only email address given to them to anyone I want to pay through them. So that he said is how it happened. And that, if you want to carry on doing business with/through us is unchallengeable fact, because we say it is.

Have a good day now!

0
0
This topic is closed for new posts.