go to sections menu

Is Paypal or Hacker One the bad guys here? You decide! from blog The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: article commentary > Is Paypal or Hacker One the bad guys here? You decide!

Go to Homepage, contents or to navigation menu

Is Paypal or Hacker One the bad guys here? You decide!

I was looking at my twitter and it talks about the particulars of these two companies.

Hacker One is one of the biggest agrigators of bugs around and they are to pay money to ethical people who report vulnerabilities.

In this article, Cybernews points out 6 different very serious bugs that could let an attacker take control, change the applicants name, and even bypass two-factor.

The report indicates that the people behind these bugs lost points because Paypal or Hacker One closed their cases and didn’t deem the issues seriously.

  • the most severe to least severe, as well as how each vulnerability can lead to serious issues for the end user.
  • #2 Phone verification without OTP
  • #3 Sending money security bypass
  • #4 Full name change
  • #5 The self-help SmartChat stored XSS vulnerability
  • #6 Security questions persistent XSS

Each of these has information on how the ethical hackers did each of the items and Paypal and Hacker One’s response.

Paypal wants these bugs, but it seems like they don’t want these bugs and or they quietly patch them without given time to the researcher(s) that have reported it.

We found 6 critical PayPal vulnerabilities – and PayPal punished us for it is the name of the article and it was written by Bernard Meyer for this web site.

This has to be bad, and both companies should be ashamed of themselves! Gives these ethical hackers and this team some credit to try and help you. Its OK to say two of these bugs were duplicates, but 4 other bugs were downgraded? I don’t understand this crap! Both companies have some explaining to do.

Informazioni sull'articolo

Is Paypal or Hacker One the bad guys here? You decide! was released on February 24, 2020 at 1:05 pm by tech in article commentary.
Last modified: February 24, 2020.

Comments (1)

  1. Comment by crashmaster date 24 February 2020 alle 20:21 (),

    No one is the bad guy.
    It makes sence to try and hide things and fix them, its all reputation.
    Saying that, if a good hacker fixes something they should be compensated.
    Look at the apple issue or one of them, I think the hacker that got that one got 13 million for fixing that I think.
    It was quite large but even so.
    Hiding thing is not good.
    Sadly As users we see it in everything from apps to computer updates.
    Every month I get sound driver updates.
    Whats changed? don’t know due to changelog.
    At least amd has one.
    Dropbox doesn’t, chrome probably does.
    Thunderbird,waterfox, and firefox do.
    But some software will have 1 line changelogs ie look at this bios update.
    Supports the latest windows version.
    Or security updates month and dated time.
    Fixed user issues!
    What updates, what issues, nothing about them.
    Ie install it and it will work.
    II have had it where not only did it not work but it didn’t tell me that there was a load to update after that.
    This caused the system not to work till I updated everything.
    Look at this corona virus.
    In the beginning china hid it till they couldn’t.
    Everyone tries to fix it themselves until its to big for just 1 man.
    By then its probably to late.
    That virus seems to be dropping off in china, but everywhere else its going up and up.
    Give another 3 or so months, it may just fuck right off but for now its a problem.
    It seems people hide till they really have to get help to get something to work.
    It really does not make sence to do that necessarily.

Leave a comment

You must be logged in to post a comment.

go to sections menu

navigation menu

go to sections menu