Sign in / up

back to article PayPal plugs SQL injection hole, tosses $3k to bug-hunter

PayPal has fixed a security bug that could have allowed hackers to compromise the payment website's databases using an SQL injection attack. Researchers at Vulnerability Laboratory earned a $3,000 reward for discovering and reporting the critical bug to PayPal in August. An advisory sent to the Full Disclosure security mailing …

COMMENTS

House rules Send corrections
This topic is closed for new posts.
  1. James 51

    A much better approach than trying to throw him in jail.

    5 0
  2. Zilla

    $3k???

    What a paltry shitty sum, especially from a company such as Paypal. $3k for such a flaw.... pathetic.

    I wonder if it might work for a company such as Paypal to offer a bounty to people able to hack their systems and provide the winners with real money for doing so.

    3 1
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: $3k???

      Agreed.

      I'm sure other people will jump in and say that we're lucky they pay us anything but meh, they pay hundreds of thousands to security consulting firms who often come back with practically nothing. So Im sure they could spare more than 3k for a working exploit.

      2 0
  3. The Alpha Klutz

    what do you expect

    google 'Ebay Mafia'. 10 million results

    or 'paypal mafia' 5 million results.

    0 0
    1. sabroni Silver badge
      Reply Icon
      Thumb Up

      Re: what do you expect

      Or Candy Mafia! 4 Thai girls in a pop group!

      0 0
  4. jon 72

    It's not fair..

    A talented amateur who finds a hole like this would probably receive a one way ticket to gitmo!

    2 0
    1. The Alpha Klutz
      Reply Icon

      Re: It's not fair..

      It's all about shutting down competition and training you that the mega corps run everything. It's about training you that you are not allowed to run your own profitable business. You are not allowed to have your own free thoughts. You are not allowed to challenge the tax dodges of the super rich. Your only option is to serve serve serve them.

      Remember, the banking elite have stolen 31 TRILLION in offshore accounts. They could pay off the US national debt and still have more left over than the entire US GDP. But guess who has to pay for THEIR mistakes?

      1 2
  5. JaitcH
    FAIL

    PayPal is ...

    a joke and hardly a bank. What bank screws it's customers like PP did Wikileaks?

    2 0
    1. Oninoshiko
      Reply Icon

      Re: PayPal is ...

      PP isn't a bank. It's a shame too, they use this fact to prevent proper regulation.

      2 0
    2. The Alpha Klutz
      Reply Icon

      Re: PayPal is ...

      PayPal has all of the downsides of a bank (fees, charges) and none of the upsides (your money is not safe, can be stolen any time, probably by paypal themselves - leaving you no recourse, nobody at paypal will care or even pretend to care, and you can kiss your money goodbye)

      4 0
  6. kain preacher

    I think pay pal is now in the US. when I first signed up you just gave them you email address and home address. Now they want you SS number

    0 0
    1. Magani
      Reply Icon
      Thumb Down

      Is PayPal a bank in the USA?

      Not according to Wikipedia (yes, I know...)

      http://en.wikipedia.org/wiki/PayPal

      Apparently it is considered a bank here in the Greater Antipodes but I still wouldn't trust them with my hard-earned readies as far as I could throw them. YMMV.

      0 0
  7. Anonymous Coward
    Anonymous Coward

    I wonder if ... ...

    I got some [pretty serious eBay rip off] spam at an email address reserved exclusively for PayPal. So I rang them up to say so, and to suggest that they might like to investigate. Call centre in Dublin. Bloke was absolutely adamant that no-one had ever broken into their servers and it was in fact impossible. And no he wasn't going to do anything about my report, because there was no need to, because it was absolutely impossible for anyone to have broken into their servers. Their security is absolutely impregnable.

    And then he reminded me to read their Ts & Cs, because they make it essential that they pass on the only email address given to them to anyone I want to pay through them. So that he said is how it happened. And that, if you want to carry on doing business with/through us is unchallengeable fact, because we say it is.

    Have a good day now!

    0 0
This topic is closed for new posts.