PDA

View Full Version : Am I hacked? Paypal security - some frames from www.paypalobjects.com


DocFrankenstein
6th of February 2006 (Mon), 16:12
When I log onto my paypal account (I always type www.paypal.com in browser) some of the objects load from www.paypalobjects.com

The actual URL on top of the page still say paypal.com

But the mottom line while loading shows the www.paypalobjects.com/something/something/blah_blah

Is this normal or shoud I run to the bank to freeze my credit cards and everything?

I'm concenred.

Gienek
6th of February 2006 (Mon), 16:13
try - https://www.paypal.com

notice the "s"- for secure

ukactionsports
6th of February 2006 (Mon), 16:17
I've just tried it in my browser and it shows http://www.paypalobjects.com/somethi...hing/blah_blah now and then for a split second when loading.

jfrancho
6th of February 2006 (Mon), 16:20
There are probably some objects displayed that don't require the secure (https) protocol. You can turn on something in the options to warn you of mixed content (secure and unsecure) in secure mode.

DocFrankenstein
6th of February 2006 (Mon), 16:20
Well... that's a relief.

Thanks guys

jfrancho
6th of February 2006 (Mon), 16:24
Never hurts to be too safe.

IainUK
6th of February 2006 (Mon), 17:23
The new IE V7 that is in BETA currently but you can still download it here http://www.microsoft.com/windows/IE/ie7/ie7betaredirect.mspx has an anti phising tool that you can switch on. Alternatively you can use Firefox as a browser and that too has an anti phising plug. An anti phisihing plug in basically warns you if the web page you think you are looking at is actually something else.

mbze430
6th of February 2006 (Mon), 19:02
You'd be sooo hacked

txdude35
6th of February 2006 (Mon), 19:18
Last week I got a "security alert" from paypal that said several attempts had been made to log in to my account from different parts of the world, with the obligatory "click here" to check your account status. The layout, logos, everything was soooo close to actual correspondence from paypal that I might have gone to their homepage (not by clicking on the link of course but by going to the website) to check it out......if I had ever given paypal the email addy that I received the warning in. I wonder how many people fell for it and willingly gave up their log in info or got infected by clicking the link.

TeamSpeed
6th of February 2006 (Mon), 20:27
When you get emails from "Paypal", always move your mouse around and watch your target URL at the bottom of the browser. If it does not say paypal.com, don't click. Also, the easier thing to do is to log directly into Paypal. Any alerts will show up in your account, don't access paypal from any email.

turbotony
6th of February 2006 (Mon), 20:35
is the PayPal website forsale?

txdude35
6th of February 2006 (Mon), 21:56
When you get emails from "Paypal", always move your mouse around and watch your target URL at the bottom of the browser. If it does not say paypal.com, don't click. Also, the easier thing to do is to log directly into Paypal. Any alerts will show up in your account, don't access paypal from any email.

Exactly what I would have done, but I got the message in an account that I never registered with Paypal so I knew it was bogus. But whoever sent it went to great pains to make it look real.

txdude35
6th of February 2006 (Mon), 22:01
P.S.
Sorry DocFrankenstein, don't want to hijack your thread.

Michaelmjc
6th of February 2006 (Mon), 22:43
Says paypal objects, blah blah blah on mine too.

Volcano
3rd of September 2006 (Sun), 22:57
I got the the same message. I contacted paypal. PAYPALOBJECTS.COM is NOT part of paypal.com

The only URL you should see is https://paypal.com

The is no reason to host some parts on a non-secure server. Especically when MILLIONS of DOLLARS and Millions of customers are expecting you to safeguard their info.

Also beware of

paypalssl.doubleclicks.net or anything in the name.

ONLY http://paypal.com and https://paypal.com

kkhardwarestore
4th of September 2006 (Mon), 00:23
I doubt PayPal is for sale...it is owned by eBay.

I get those phishing emails from eBay and PayPal. I forward them immediately to spoof@paypal.com or spoof@ebay.com. I don't know if they do anything about it or not but I seldom get another from the same IP.

cdifoto
4th of September 2006 (Mon), 00:26
Stuff loads from paypalobjects.com all the time. It's normal. If you're on https://www.paypal.com you're fine.

Example. The main image on the page is hosted at paypalobjects:

https://www.paypalobjects.com/en_US/i/header/hpPrivacy_shopwoutsharing_563x115.jpg
https://www.paypalobjects.com/en_US/i/header/hpPrivacy_shopwoutsharing_563x115.jpg

kkhardwarestore
4th of September 2006 (Mon), 00:34
I got the the same message. I contacted paypal. PAYPALOBJECTS.COM is NOT part of paypal.com

The only URL you should see is https://paypal.com

The is no reason to host some parts on a non-secure server. Especically when MILLIONS of DOLLARS and Millions of customers are expecting you to safeguard their info.

Also beware of

paypalssl.doubleclicks.net or anything in the name.

ONLY http://paypal.com and https://paypal.com


The paypalobjects are on a secure server owned by paypal/ebay. Here are some of the gifs addresses.

logo at the top of the page.
https://www.paypalobjects.com/en_US/i/logo/logo_ebayco_ip.gif

Veri-Sign logo at the bottom of the page.
https://www.paypalobjects.com/en_US/i/logo/verisign.gif


edited to add from whois.com:

WHOIS Record For
paypalobjects.com

Certified Offer Service - Make an offer on this domain
SSL Certificates - Make this site secure
Site Confirm Seals - Become a trusted Web Site
Registrant:
PayPal Inc.
2211 North First Street
San Jose, CA 95131
US

Domain name: PAYPALOBJECTS.COM

Administrative Contact:
., Hostmaster hostmaster@ebay.com
2145 Hamilton Avenue
San Jose, CA 95125
US
+1.4083767400 Fax: +1.4083767514

Technical Contact:
., Hostmaster hostmaster@ebay.com
2145 Hamilton Avenue
San Jose, CA 95125
US
+1.4083767400 Fax: +1.4083767514
Data as of: 27-Mar-2006

Morgandy
4th of September 2006 (Mon), 00:43
I got the the same message. I contacted paypal. PAYPALOBJECTS.COM is NOT part of paypal.com

The only URL you should see is https://paypal.com
...in the URL field of your browser, yeah. But what the original poster is talking about are the URLs that flash across your status bar as the page is loading. If as you claim paypalobjects is not part of PayPal, what the heck is PayPal doing calling up stuff from there? Hmmmm?

The is no reason to host some parts on a non-secure server. Especically when MILLIONS of DOLLARS and Millions of customers are expecting you to safeguard their info. Do me a favor and load up www.paypal.com. Now view the Page Source. What do you see? All the objects (some css, ico, gifs and jpgs) are from https://www.paypalobjects.com. Yes, a SECURE SERVER. And besides, what does the security of millions of dollars have to do with some css, gifs, and jpgs? Nothing.

grego
4th of September 2006 (Mon), 01:06
Google's toolbar has a good anti-fraud thing, so if you click you get a warning. Worth having if you want to be extra safe. I've tested it with a fraud e-mail from ebay.

GilesGuthrie
4th of September 2006 (Mon), 07:41
...in the URL field of your browser, yeah. But what the original poster is talking about are the URLs that flash across your status bar as the page is loading. If as you claim paypalobjects is not part of PayPal, what the heck is PayPal doing calling up stuff from there? Hmmmm?

Do me a favor and load up www.paypal.com. Now view the Page Source. What do you see? All the objects (some css, ico, gifs and jpgs) are from https://www.paypalobjects.com. Yes, a SECURE SERVER. And besides, what does the security of millions of dollars have to do with some css, gifs, and jpgs? Nothing.

I think that the "millions of dollars" thing refers to the ability to get a 500 security certificate for the paypalobjects server. You'll probably find that the paypalobjects server is in a different location entirely from the core Paypal servers.

steved110
4th of September 2006 (Mon), 17:52
Don't forget to change your passwords regularly - apparently vast numbers of people in the UK had their personal details including passwords and account numbers stolen bu trojan viruses, and you can buy complete identities from russian websites, including credit card numbers and on-line bank account details.
Scary stuff.

Morgandy
4th of September 2006 (Mon), 19:39
I think that the "millions of dollars" thing refers to the ability to get a 500 security certificate for the paypalobjects server. You'll probably find that the paypalobjects server is in a different location entirely from the core Paypal servers.

My interpretation is that the millions of dollars is the money in PayPal user accounts. A security certificate only provides verification that the web site you think you are on is truly the web site you think you are on.

And are you guessing that the paypalobjects server is in a different location than the "core" PayPal servers, or do you know this for sure? And why does it matter? Truth is, the physical location of a web server or a series of inter-related web servers doesn't matter at all when it comes to assembling a page at the end-user level.