[ISN] Man banished from PayPal for showing how to hack PayPal

From: InfoSec News <alerts_at_private>
Date: Wed, 7 Oct 2009 04:34:12 -0500 (CDT)
http://www.theregister.co.uk/2009/10/06/paypal_banishes_ssl_hacker/

By Dan Goodin in San Francisco
The Register
6th October 2009

PayPal suspended the account of a white-hat hacker on Tuesday, a day 
after someone used his research into website authentication to publish a 
counterfeit certificate for the online payment processor.

"Under the Acceptable Use Policy, PayPal may not be used to send or 
receive payments for items that show the personal information of third 
parties in violation of applicable law," company representatives wrote 
in an email sent to the hacker, Moxie Marlinspike. "Please understand 
that this is a security measure meant to help protect you and your 
account. We apologize for any inconvenience."

The email, sent from an unmonitored PayPal address, makes no mention of 
the item that violates the PayPal policy. The suspension effectively 
freezes more than $500 in the account until Marlinspike submits a signed 
affidavit swearing he has removed the PayPal logos from his site.

Since 2002, Marlinspike has included a yellow donate button on the 
download page for a hacking tool he calls SSLSniff, and more recently he 
released a program called SSLStrip, which also includes the button. But 
it was only after someone published counterfeit SSL certificate on 
Monday that PayPal took action against the account.

"This is not something I had anything to do with, and they responded by 
suspending my account," Marlinspike told The Reg. "I've been the one 
trying to warn them of this in the first place."

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org
Received on Wed Oct 07 2009 - 02:34:12 PDT

This archive was generated by hypermail 2.2.0 : Wed Oct 07 2009 - 02:52:56 PDT