1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is this Paypal issue real?

Discussion in 'BlackHat Lounge' started by super11, Nov 21, 2014.

  1. super11

    super11 Senior Member

    Joined:
    Mar 30, 2009
    Messages:
    879
    Likes Received:
    294
    Occupation:
    Full time Online
    Location:
    Home
    Is this Paypal issue real or some fake email/call?

    I received a call today and my mobile said call from malaysia. maybe, malaysia paypal but I am not sure. I am not based in malaysia. They told me to fix the ssl thing and said that they will email me the details shortly. here is their email below.



    We are reaching out to you today with the intention of informing you that the use of SSL 3.0 within our systems will be disabled as of December 3, 2014 at 12:01 a.m. Pacific Standard Time (PST).
    We realize shutting off SSL 3.0 may cause compatibility problems for a few of our customers resulting in the inability to pay with PayPal on some merchant sites or other processing issues that we are still identifying. To enable your assessment and potential remediation, we?ve put the attached Merchant Response Guide to help ensure your integration is secure from this vulnerability.
    For additional information or assistance, please don?t hesitate to get in touch with our Merchant Technical Support team at https://ppmts.custhelp.com/.

    and, they have an attachement that tells how to fix this ssl issue on paypal account.
     
  2. lilmasta

    lilmasta Jr. VIP Jr. VIP Premium Member

    Joined:
    May 21, 2009
    Messages:
    2,151
    Likes Received:
    954
    Occupation:
    IM
    Location:
    sydney
    i got this email aswell
     
    • Thanks Thanks x 1
  3. MyPasswordIs1234

    MyPasswordIs1234 Registered Member

    Joined:
    Mar 4, 2014
    Messages:
    96
    Likes Received:
    76
    Custhelp.com is owned by oracle. I'd assume real.
     
    • Thanks Thanks x 1
  4. njunx

    njunx Newbie

    Joined:
    Nov 20, 2014
    Messages:
    3
    Likes Received:
    1
    I suggest googling CVE-2014-3566, there is a lengthy post from RedHat that explains the issue.
    And yes, it's a real issue.
     
    • Thanks Thanks x 1
  5. super11

    super11 Senior Member

    Joined:
    Mar 30, 2009
    Messages:
    879
    Likes Received:
    294
    Occupation:
    Full time Online
    Location:
    Home
    thanks guys for the replies
     
  6. super11

    super11 Senior Member

    Joined:
    Mar 30, 2009
    Messages:
    879
    Likes Received:
    294
    Occupation:
    Full time Online
    Location:
    Home
    so, I contacted bigcommerce and they tell me that they are upto date and I need to take no further actions

    I was told to contact hostgator for my other sites by a friendly bigcommerce chat guy and so I am using ebay too for purchases I need to contact ebay too,


    Can anyone tell me if there is anything to do for this other than contacting hosting company, e-commerce platform, etc
     
  7. super11

    super11 Senior Member

    Joined:
    Mar 30, 2009
    Messages:
    879
    Likes Received:
    294
    Occupation:
    Full time Online
    Location:
    Home
    anyone knows? thks in advance