By Dan Goodin in San Francisco
6th October 2009
PayPal suspended the account of a white-hat hacker on Tuesday, a day
after someone used his research into website authentication to publish a
counterfeit certificate for the online payment processor.
"Under the Acceptable Use Policy, PayPal may not be used to send or
receive payments for items that show the personal information of third
parties in violation of applicable law," company representatives wrote
in an email sent to the hacker, Moxie Marlinspike. "Please understand
that this is a security measure meant to help protect you and your
account. We apologize for any inconvenience."
The email, sent from an unmonitored PayPal address, makes no mention of
the item that violates the PayPal policy. The suspension effectively
freezes more than $500 in the account until Marlinspike submits a signed
affidavit swearing he has removed the PayPal logos from his site.
Since 2002, Marlinspike has included a yellow donate button on the
download page for a hacking tool he calls SSLSniff, and more recently he
released a program called SSLStrip, which also includes the button. But
it was only after someone published counterfeit SSL certificate on
Monday that PayPal took action against the account.
"This is not something I had anything to do with, and they responded by
suspending my account," Marlinspike told The Reg. "I've been the one
trying to warn them of this in the first place."
Did a friend send you this? From now on, be the
first to find out! Subscribe to InfoSec News