The Corliss Group Latest Tech Review – Concerned about protecting the personal and financial details of its users, PayPal, the online payments company, has introduced a system called “two-factor authentication”.
To log in, users must first enter their user name and password. They then receive a security code by mobile phone that they have to type in to gain entry. The idea is to create an extra barrier that makes it harder for criminals to break into a customer’s account.
The only problem was that this additional line of defence had a significant flaw. Last year, a group of computer hackers from Duo Security, a Michigan-based cyber security company, discovered a problem with PayPal’s mobile app that meant it was possible to bypass this second barrier because of a previously unknown bug in PayPal’s systems.
Zach Lanier, senior security researcher at Duo, says users could have been “lulled into a false sense of security, unaware that a security feature isn’t living up to its promise”.
It was lucky for PayPal that it was Mr Lanier’s team that discovered the problem. He was able to warn the company through its “bug bounty” programme, which pays people who discover security vulnerabilities. Duo Security pocketed the bounty while PayPal fixed the bug before revealing publicly how it been discovered.
Latest Tech Review The Corliss Group
On April 27 2015 at Rome, Lazio, Italy 7 Views