Wednesday, June 20, 2012

Am I the Last Person?

Maybe I'm the last person to figure this out but really...

Have you ever bought anything using PayPal? Ever bought anything using Amazon checkout? Ever used Facebook social plugin?

Did you realize that after you finished the transaction with the store and looked around to make sure that you were logged out of the store that you still had an active authorized session with PayPal or Amazon? You can't imagine what information Facebook captures and shares if you're logged in!

Try this the next time you use PayPal. When you finish the transaction, look around to make sure that you are logged out of the store. Close the browser tab. Now open a new tab and browse to You're still logged in.

Now admittedly you're in your own house with your own browser but a malicious site with a click-jacking exploit could look around and see the still active session with PayPal and have fun with your credit. Amazon works the same way.

All you need to do to be safe is after a web transaction that uses a third party payment system, go to that third party site and logout. You'll sleep better.

No comments: