Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Are paypal buttons secure from e-lifting? Is this data secure?

from [Alexander Klimov] Network Security [Permanent Link]
Subject: Re: Are paypal buttons secure from e-lifting? Is this data secure?
Date: Tue, 24 Jul 2007 17:45:57 +0300 (IDT) 
Hi.

On Tue, 17 Jul 2007, Mifa wrote:

I have set up a webpage that allows payments via paypal.  Is it
secure?


This depends on what is your threat model.


Below is the data submitted (as seen with tamper data)
[...]
1) Can this be decrypted?  This string is after all hard coded into the 
paypal button.
    a)If so how?
2) What apps might decode and recode this data.


First you need to urldecode it, e.g., `%2F' is `/', `%3D' is `=', and
`+' is ` ' (space) after it is looks like a base64-encoded data (you
can use, e.g., `openssl base64 -d' to decode it) and PKCS#7
(Cryptographic Message Syntax Standard) can also be decoded by
openssl.

-- 
Regards,
ASK

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Vulnerability Assessment, Pete Herzog
Next by Date:  Pentest automated tool, carlospentest
Previous by Thread:  Are paypal buttons secure from e-lifting? Is this data secure?, Mifa
Next by Thread:  Re: Re: Are paypal buttons secure from e-lifting? Is this data secure?, steingra
Indexes:  [Date] [Thread] [Top] [All Lists]