loadntxt.com blog

As expected, security flaws cropping up with Google Chrome leads us to recommend the latest version of Firefox or Internet Explorer instead when conducting online transactions. As a result, Chrome is not yet suited to be used when your credit or debit card number is at stake, especially when making payments with PayPal.

Below is the details of the address spoofing flaw of Chrome, courtesy of The Register:

Google’s Chrome browser has been marred by yet another vulnerability, this one allowing attackers to impersonate websites of groups like the Better Business Bureau, PayPal or, well, Google.

Researcher Liu Die Yu of the TopsecTianRongXin research lab in Beijing says the spoofing vulnerability is the result of faulty code inserted by programmers from the Mountain View, California search behemoth.

"I don’t see Apple Safari vulnerable in the same way," he writes in an email to The Register. "They share the same engine(webkit)."

As his proof of concept demonstrates, it is in fact possible to send Chrome users to a page under his control while causing the browser’s address bar to display the domain name bbb.org.

A Google representative says Chrome’s spoofing vulnerability is a "known issue" that will be fixed in an update that will be pushed to end users soon. Those too impatient to wait can download version 0.3.154.3 of Chrome on Google’s Dev Channel

On Thursday, May 29^th, PayPal will be conducting maintenance to its website.  During this time PayPal will be making improvements to its systems and platforms and as a result the site will be temporarily unavailable.  The maintenance will start at 11 PM PDT and we expect it to last approximately one hour.    

You do not need to do anything during the maintenance window. Once the maintenance is complete, you will be able to conduct business as usual.  

Here’s what you should expect during the service interruption: 

·        If you attempt to access the PayPal Web site (https://www.PayPal.com) during the maintenance window you will receive the following message: 

"The PayPal website is currently unavailable for scheduled maintenance.  We are working actively to complete the maintenance as soon as possible.  We apologize for any inconvenience.  Please check the PayPal System Board for possible updates."

Note: The PayPal Announcement Board can be found at http://announcements.paypal.com/us/ and will be updated with additional information as we monitor the maintenance window.

As a result, you would be unable to reload credits during that time until the site maintenance is complete.

In an effort to thwart anti-phishing schemes and protect its customers from online fraud, PayPal outlined their security strategy in a paper (PDF) at last week’s RSA conference. 

"It’s critical to not only warn users about unsafe browsers, but also to disallow older and insecure browsers," said Michael Barrett, PayPal’s chief information security officer, in the paper. "Letting users view the PayPal site on one of these browsers is equal to a car manufacturer allowing drivers to buy one of their vehicles without seatbelts."

The two features that Barrett said browsers must have to be considered safe by PayPal were an ability to block known or suspected phishing site, and support for Extended Validation (EV) certificates. EVs, which are given to companies only after more stringent background checks than the commonplace SSL (Secure Socket Layer) certificates, are supposed to reassure users that the online site is legitimate. Browsers that support EVs typically shade the address bar green as a signal that the site is safe. (Source: ComputerWorld)

Browsers with EV support include Internet Explorer 7, Firefox 3 (beta) and Opera 9.5. As a rule of thumb, you are better off with the latest version of abovementioned browsers. For iPhone fans, Apple’s Safari for Mac and Windows needs to play catch up so as to be endorsed by PayPal as well.

Ever since PayPal acquired Israeli-based company Fraud Sciences, PayPal ups the ante for fighting fraud within its own system and parent company eBay, so it’s no wonder that PayPal "catches" a lot of fraud investigations within its clients and the client’s clients. If you receive an email from PayPal for an investigation about a potential fraud, please contact PayPal immediately through email and explain your side in detail to help resolve the issue in the soonest time possible. Just contact us if you need any help.

If you happen to encounter this error when reloading credits, you can simply ignore it as your transaction may have been processed successfully anyway. The error comes with this message "Unable to verify the identity of *.doubleclick.net as a trusted site". To be sure, please double check if the URL you are accessing is www.loadntxt.com or if the PayPal page started to appear, it should start with "https://www.paypal.com". Otherwise, it might be a phishing site so please beware.