Specialist: the two-factor authentication PayPal it is easy to bypass - Cell phones

Joshua Rogers, 17-year-old hacker from Australia, said that there are serious gaps in the payment system PayPal. The vulnerability allows an attacker to bypass the two-factor authentication - strong protection account, which implies a PIN that comes in the form of SMS. To access the Internet-the purse he needs to know only a bunch of login and password from the account in PayPal and eBay.2-step authorization is on many major websites, including Twitter, Facebook, Google and Facebook. Two-level protection is often used by online banks for approval of transfer of funds with a high degree of risk. Code usually comes in the form of an SMS to a phone number or generated within the mobile application.Rogers has found a way to bypass the protection and log in using the same login and password from PayPal and eBay. To get them to the infected computer is much easier than to intercept digital combination. The error is on the page, an online auction that allows you to link your PayPal and eBay (subsidiary PayPal) with each other. In the binding creates a cookie, which is forcing PayPal to "think" that the user logged in to the system, despite the fact that 6-digit PIN code entered was not.According to Rogers, he informed the administration about PayPal vulnerability 5 June, but no response received. In the hacker told about the "hole" in your own blog and put the video on YouTube. The firm until not parried his actions.As reported by PCWorld, there are other ways to bypass the 2-factor authorization PayPal. So, if you have to use there is no possibility to enter the PIN code, he will be asked to answer two questions. They are quite simple (for example, " what was your first educational institution?" or " what was the name of the hospital where you were born?" and have the opportunity to be known to the attacker who is familiar with the victim..



Похожие статьи

Ваше имя
Ваша почта
Город, область
Рассылка комментариев





Ввести код: