News Posts matching "PayPal"

Return to Keyword Browsing

Hack Like It's 1998: Sites Still Vulnerable to Revived ROBOT Exploit

Another week, yet another security bulletin in tech news, with yet another vulnerability that joins the fray of both Intel's meltdown and Western Digital's MyCloud hacks. A team of researchers recently wrote a paper they titled "Return Of Bleichenbacher's Oracle Threat (ROBOT)". This paper went on to show how a well-known, circa 1998 exploit is still a viable way to take advantage of websites of even big name companies and services, such as Facebook and PayPal (in total, around 2.8% of the top 1 million sites also tested positive). The ROBOT exploit, a critical, 19-year-old vulnerability that allows attackers to decrypt encrypted data and sign communications using compromised sites' secret encryption key, is still valid. Only, it's 19 years later.

The heart of the issue stems from a vulnerability that was discovered in 1998 by researcher Daniel Bleichenbacher, who found the vulnerability in the TLS predecessor known as secure sockets layer. The attack is dubbed an Oracle threat because attackers can write specialized queries to which the websites and affected systems respond with "Yes" or "No"; as such, it's possible, given enough time, for attackers to build up the amount of disclosed sensitive information and get a clear picture of the protected data. To the flaw's discovery by Bleichenbacher, SSL architects apparently responded in a B-movie type of way, which nevertheless might have been needed to keep all systems green: by designing workarounds on top of workarounds, rather than removing or rewriting the faulty RSA algorithm.

TechPowerUp HWBOT Competition 2013

The TechPowerUp HWBOT team, in partnership with Intel, is announcing the TechPowerUp HWBOT Competition 2013. Spread across three tests which anyone can participate in - 3DMark 2001, 3DMark 03, and SuperPi 32M, the competition gives you the chance to win some cool new gear, including a Core i7-4770K quad-core processor, an AMD CPU and motherboard combo, and a PayPal cash prize. The contest is open from November 1, 2013 to December 15, 2013.

For more information, visit this page.

Newegg's Cyber Monday Sale Bombs; Leaves Customers Dazed and Confused

Newegg hardly needs an introduction, boasting a reseller rating of 9.90. On the traditional day of online sales, dubbed "Cyber Monday", though, that reputation was put to the test. It all started innocently enough: Newegg was offering 20% cash back on anything purchased via PayPal between Monday and Wednesday (November 26th through November 28th). They promised to put the cash in by January 31st 2008. The only rule Newegg gave customers was that the refund would not be any more than $50USD.

Sounds good, right? Unfortunately, about two and a half hours after people started splurging, PayPal ran out of funds to give people cash back, and Newegg was forced to call a hasty end to the promotion. This left Newegg in a very sticky situation, as the promotion banners were prominently displayed all over the site. Newegg later edited the terms-and-conditions to say that the promotion would end on 11/26, would only last "while supplies last", and began damage control. Newegg is now in the very tough position of trying to get people the refunds they deserve. If Newegg cannot get the customers the cash back they promised, they will send said customer a free gift, assuming the customer contacts Jason on the Newegg forums.
Return to Keyword Browsing