Monday, October 18, 2010

PayPal Deals with Security Issues



According to ForbesA new XSS (cross site scripting) vulnerability was identified on Paypal.com. It was discovered by a researcher and was disclosed on both Security-Shell and XSSed. That bug would allow a malicious hacker to insert code on the site that could potentially be used to access a user’s account.

The problem, technically, is found in the parameter sender_country in a transaction called nvpsm. NVP is Paypal’s API for Merchants to use when interacting with the Paypal web site, it stands for Name-Value Pair. SM is short for ’send money’. A problem such as this can be used to capture a user’s session (essentially log in as that user) and perform privileged actions (money transfers) as that user, as well as send a user a valid Paypal URL but then redirect them to a malicious third party site (phishing, malware, etc.).

As if PayPal doesn't have enough problems.

Wednesday, October 6, 2010

SEO Tips from Google!


Google has provided a very detailed explanation of SEO for beginners. Entitled the Search engine optimization starter guide. The pdf from Google provides  step-by-step instructions of how to handle many of the seo 101 concepts. I found it to be a good refresher as I'm sure you will too. To download this valuable information click here.

Credit Card Companies Battle for Technology

As Visa has acquired Cybersource (including it's well know payment gateway subsidiary, Auhorize.net) it has it's competition scrambling to catch up to buy up technology in the credit card payment industry. Rival MasterCard purchased payment services company DataCash Group for $520 million in August to expand its online commerce business. MasterCard has also created MasterCard Marketplace: a discount web site for card members in conjunction with e-commerce company NextJump. DiscoverCard already has a site for discounts as well.