Tech Tip Paypal SLL Cetificate Security Hole

[eliphas0]

Paypal SSL Certificate Hole
Posted: 05 Oct 2009 08:53 PM PDT
Paypal users are being advised to switch browsers if they are using either Internet Explorer, Chrome, or Safari. They should use Mozilla’s Firefox instead to protect themselves from an SSL Certificate vulnerability.
The bug was reported nine weeks ago but Microsoft has not fixed the problem yet. The hole exists in CryptoAPI. The article at The Register notes that a tool called SSLSniff can cause all of the three browsers to display spoofed pages.
“We’re working to see if there are any technical workarounds on the PayPal side which can be put into place,” said a Paypal spokeswoman.
Source: The Register

[natasha90]

PayPal and thousands of other financial websites use digital certificates to generate a mathematical equation that proves login pages between the user and the website they are trying to view are legitimate.The certificate exploits a security hole in a Microsoft application programming interface known as the CryptoAPI, which is used by the Internet Explorer, Google Chrome and Apple Safari for Windows. Although the certificate is fraudulent, it appears to all three browsers to be a completely legitimate credential vouching for the online payment service.