2014-09-10.inc (1331B)
1 <h3>10-9-2014: PayPal accounts hacked with a click</h3> 2 <p>Yasser Ali reports a now patched vulnerability in PayPal that would 3 have allowed him to reset other user's passwords and take over their 4 accounts. This is unlikely to be the last vulnerability found in 5 account-based payment systems.<br> 6 In Taler, customers do not have accounts with usernames, passwords 7 or associated e-mail addresses. Instead, Taler uses reserves which 8 are represented by a private key on the owner's computer. Users 9 create a reserve by depositing currency at a Taler exchange, and can then 10 withdraw digital coins from that reserve using the respective private 11 key. There is no limit on the number of reserves a user can have, and 12 even hacking the Taler exchange would not provide an adversary with access to 13 user's reserves (as the Taler exchange does not have the private keys). 14 Stealing in Taler requires breaking into each customer's computer to 15 extract the reserve keys or the coins from the digital wallet. 16 </p> 17 <p><a class="btn btn-info" href="http://yasserali.com/hacking-paypal-accounts-with-one-click/" role="button">Source</a></p>