[ISN] Australian teen uncovers security flaw in PayPal

http://www.theage.com.au/it-pro/security-it/australian-teen-uncovers-security-flaw-in-paypal-20140815-1044cx.html By Ben Grubb Deputy technology editor The Age – IT Pro August 15, 2014 An Australian teenager who found a security flaw in an Australian public transport authority’s website has found another serious vulnerability, this time in the site of global payments provider PayPal. The flaw, uncovered by 17-year-old Melbourne schoolboy Joshua Rogers, allowed hackers to bypass the payment provider’s two-factor authentication system, which adds an extra layer of optional security via a one-time code sent via SMS to the user, or a number generator card. With access to a victim’s PayPal account using the flaw, a hacker could have purchased items online or withdrawn money sitting in the account. Joshua told Fairfax Media via email that he published a blog post on August 4 with a link to a YouTube video demonstrating the issue after the payment company ignored his initial email about the flaw on June 5. […]