[ale] PayPal "Man in the Middle" attack?
David Tomaschik
david at systemoverlord.com
Fri May 3 19:13:56 EDT 2013
I don't consider user ids secret. Often they're the same as your email,
commonly used, etc. With a strong password, the userid shouldn't be part
of the security strategy. (I suppose changing the username might have
benefits from a social engineering or DOS perspective.)
On Fri, May 3, 2013 at 2:24 PM, Mondo Hondo <knerdly1 at gmail.com> wrote:
> Thanks all, I write this after booting from a live-disk and changing all
> passwords of any consequence.
>
> Why isn't changing the user ID a part of the security equation? This I've
> always wondered.
>
>
> On Fri, May 3, 2013 at 1:49 PM, Mondo Hondo <knerdly1 at gmail.com> wrote:
>
>> My dilemma is as follows:
>>
>> 1) I fat fingered the following: "www.lpaypal.com" .
>> 2) I did not reach PayPal, but some alternative site offering things I
>> did not want.
>> 3) I retyped, "www.paypal.com" in the address bar.
>> 4) Signed-in PayPal, endeavored to transfer funds and got a security
>> warning , "You probably are not reaching the site you wanted...click
>> here...back to safety."
>> 5) The warning stated that I was reaching (IIRC) "www.roverpal.com" the
>> address bar read "www.paypal.com/....."
>> 6) I figured that there were DNS shenanigans, so I: shutdown, reset my
>> clear modem and Linksys router, and then rebooted.
>> 7) I signed into PayPal, conducted my business, and logged-out.
>>
>> Now I feel remorse. Was that foolish?
>>
>> Thanks,
>> Preston
>>
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
--
David Tomaschik
OpenPGP: 0x5DEA789B
http://systemoverlord.com
david at systemoverlord.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130503/c436780a/attachment.html>
More information about the Ale
mailing list